First I am just a jack of all trades master of none type of guy. My network knowledge might be outdated as we had a network guy doing the networking and I was basically handling the virtual environment. and would like some advice...
Problem: The network guy quit at my job who manages the datacenter The network in the datacenter has a single modular switch acting as an Access, Distribution, and Core Router so basically SPoF. There are also close to 400 cables going into one cabinet from 8 other cabinets. The worst part is there are about 300 lines of deny ACL statements. I did some reading and it looks like there is something called VRFs. On top of that MSTP is not enabled so getting or plugging in additional network equipment will be fun.
I believe I got approval for 2 separate switches and I am hoping to set up some kind of redundancy. I also need to secure it. I was reading through the ACL statements and it is confusing. I did some research and I think there is a better way. Basically, each VLAN is dedicated to the clients. I see there is something called VRF which was not around when I was learning networking. So I was hoping to put each client in their own VRF, but there is one issue we offer some services on our core network. In network terms, I need to "route leak" one VLAN to all other VLANs.
I need advice is it better to put the core network on the global routing table and just leak or is there a better way with doing it with OSPF? I saw some articles that use BGP, but I am confused because I thought that was more for configuration on a Edge router.
Example: I have a client A 10.20.10.0/24, client B on 10.20.20.0/24 and I have a core network 10.20.0.0/24. I put client A on VRF-A, client B on VRF-B and core network on VRF-Core. I am trying to find a way to add the core network to both client A and client B. Core network should have routes to client A and client B. There is no routing protocol, but my first order is to start setting up OSPF. Sorry again, maybe ACLs are better or I am not totally understanding VRF. Appreciate any help I get.
Btw there is no dynamic routing protocol. So this is all part of the fun is setting up. I am enjoying the moment because it is a break of the norm ESXi stuff. I also don't want to take us down.
No comments:
Post a Comment