It's been a while since I did any serious routing configuration, so I want other professionals to double check what I'm planning to make sure it's not stupid. I currently have a Sonicwall NSA 2600 as my router on a stick and a HP Procurve 5406zl as my core switch with about 10 VLANs. The switch is currently only using layer 2 and inter-VLAN routing happens on the Sonicwall, but we're about to get a 10Gb module for the switch for a virtualization project and I'd like to move the routing for just two of the VLANs to the switch for better throughput but keep the rest of the VLANs routing only on the Sonicwall due to firewall rules. The VLANs I want to route on the switch have firewall rules set to allow all between them so letting the switch route them without a firewall is OK and as I'll probably add more VLANs to the switch's routing in the future.
From my research, it looks like I can just give the switch IP addresses on only the VLANs I want to route on it (one VLAN already has an IP for management), makes sure neither is configured as a management VLAN (the management IP is currently on a non-management VLAN so that's not a change), enable ip routing on the switch, and finally point my clients to the switch as the default gateway instead of the Sonicwall. From what I can tell it won't hurt anything to leave the Sonicwall exactly as it is now. The switch has the Sonicwall as it's default gateway which is on the same VLAN as the management IP and is a VLAN that I want the switch to route. That way the switch will forward anything it can't route to the Sonicwall and anything with the Sonicwall as the default gateway will just hit the Sonicwall directly for all routing and the switch's routing won't be used at all.
Does what I'm planning make sense and will it technically work? It seems strange to me to have two routers capable of routing the same VLANs on the same network, but I think it'll work and it's the only option I see to keep some VLANs routing with firewall rules on the Sonicwall and some able to route with the switch's new 10Gb ports.
No comments:
Post a Comment