We intend to replace our current 'core' switch. It has 12x SFP+ ports which are used to link to other switches and 2x physical servers (VMware ESXi hosts). We are currently at max capacity on it, and want to move away from a single point of failure (understandably...).
I say 'core' because I don't know a better word. That switch is definitely a SPOF currently, and concerning. All traffic must go though it to get to the servers (2x VMware ESXi hosts) and by extension the FortiGate VM. We're not really big enough to have real defined areas of the network as core, distribution and access. All 'access' switches are directly connecting to this current 'core' switch.
Currently using a 'router on a stick' type network with inter-VLAN routing being handled by a FortiGate VM on the VMware cluster. I would like to move to inter-VLAN routing being managed by L3 switches, but currently most of the 'access' switches are managed L2. Only the current 'core' switch - and 2x 'access' switches - are L3. The FortiGate's 'IPv4 Policy' also gives us a better control than L3 ACLs, although at a major throughput disadvantage compared to L3 routing.
The 2x 'access' switches that are L3 capable are Aruba 2930F-48G-740W-PoEP-4SFPP, and we intend to replace the rest of the 'access' switches with these, and hopefully go with full on Aruba AirWave for management.
We need a solution to replace the current 'core' switch, one that will handle at least 48 SFP+ connections, to allow for two links per switch and server, and for growth room.
Currently thinking about 2x Aruba 3810M 24SFP+ 250W Switch (JL430A), if that switch is suitable we'd probably run one link from each switch / server to each of the switches, then maybe 2x links from each 3810M to each ESXi server.
Another option is using just one switch, but 48x SFP+ ports on it and redundant internal controllers? IE firmware upgrades or 1x control module failure etc result in no network downtime. Then using link aggregation on that switch to the other devices.
I have used simple link aggregation before to connect switches to the current 'core' switch, and understand having an actually redundant path is a lot better, as with link aggregation you still have the SPOF by using 1 switch (unless it's dual controller).
I'm not a networking expert, but I'm well acquainted with VLANs, firewalls policies and routers etc. I haven't needed to modify spanning tree settings on any devices so far, so will definitely need to do some more learning on it before I start looking into changing this network to make it actually redundant. I've never worked with BGP, OSPF etc. I know there are far more complex protocols for managing networks with multiple paths, but what would you recommend I do in this scenario? No need to go overboard, but it needs improved from what it's at.
Much appreciated.
No comments:
Post a Comment