I'm in the midst of designing an HA setup for my SMB network and I've realized that in order to run CARP for the public WAN IPs I need to have our two internet connections (primary 100/100 fiber and 10/10 secondary cable) come in through a managed switch.
Given my current infrastructure, I have a managed switch (Aruba 2930F) which also runs several internal VLANs with some free ports and I'm thinking that the simplest solution would be to use those with a couple of dedicated VLANs for the two internet connections.
I'm trying to think up possible risks if I go with this solution. DoS seems unlikely to hurt anything given that we only have a 100 mbits of bandwidth (plus our ISP would stamp it out pretty quickly). With the switch not doing any routing and basically being passive for the WAN traffic (aside from tagging traffic going to the routers/firewalls), is there really much of a security risk here?
Ideally, I'm sure the best alternative to this solution would be a dedicated switch, but all I have on-hand are some basic 8-port Netgear managed desktop switches... I'm sure they'd be reliable enough given what they'd be doing, but would that be better than using the enterprise-level switch?
Anyone have any advice or suggestions?
No comments:
Post a Comment