Tuesday, June 25, 2019

Thoughts on re-designing router core

Hello everyone,

I am looking for some affirmation based on best practices, etc. on this plan I've come up with.

We currently have three datacenters but are moving out of one of them. We'll call them DC1, DC2, and DC3. We're moving out of DC1. DC1 and DC2 have bigger routers than DC3, so I am going to move the router from DC1 to DC3. In the meantime, I am going to try to clean up some of the mess that was put in years ago. I'll try and explain.

This picture is kind of a diagram of the mess that is our network. Back in the day they LOVED to do everything layer 2 here and it drives me crazy on a daily basis. Note: I did everything privately addressed to mask our public IP information. In production right now, everything is publicly addressed.

Each datacenter has one router that connects to 2 core layer 3 switches. They are not stacked. Each DC has leased fiber running between them in sort of a loop, currently.

I tried to the best of my ability to diagram out how the different VLANs and such are connecting each site, but I'll try and bullet point these out as well:

  • All three of the routers are currently on the same broadcast domain. There is a VLAN tagged from the router, through each core local switch (since the leased fiber is plugged into the core switches), then on to the remote core switch, and then tagged up to the router at the next site. That is depicted by the green dotted line.
  • Each site also has L3 connections from the router to the core switches. It is a /30 from the router to core1, and a /30 from the router to core 2. Note: this connection is on the same fiber that the previous point is, just a different tagged VLAN.
  • Next, DC1 and DC2 currently are all on a shared /28 for their inter-communication. Again, this is across the same leased fiber that connects all of the routers on that broadcast domain.

So, it's safe to say it's a cluster.......

Since we are shutting down DC1, I want to take that router and move it to DC3, so it's the perfect time to clean this up. This second image is what I am proposing we design, but I want comments on if this is best practice, concerns, etc.

  • I want to do straight up layer 3 between the router and the core. I will make it a /29 and MLAG from the two cores into the router - no shared broadcast domains between the two routers. iBGP will connect via Loopback
  • Then, the core switches at each site will also share a layer 3 /29 in a MLAG set up as well.

This gets us to only doing layer 3 between everything (as it should be!).

Any feedback would be appreciated. Thanks!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)