Re: [nsp] design help for server farm

From: Benjie Ko (gerwalk1@yahoo.com)
Date: Wed Oct 17 2001 - 22:46:49 EDT


Hello Gordon,
Thanks for your reply. Have some follow up questions

--- Gordon Ewasiuk <gewasiuk@gnmc.net> wrote:
 For those who have asked here is here is a partial
sketch of our setup

 internet--7206---GE(routed int)---6509---- ISL
trunk--3548----n x customers (primary and backdoor)
                                                   
|------ ISL trunk--3548----n x customers
                                                   
|-------ISL trunk--3548----n x customers
                                                      
                         |
                                                      
                         |------1 x FE connection----
16 port switch
                                                      
                                    to maintenance
                  
                                                      
                                        room
               
                                                      
                         
> You could probably get by with putting all the
> backdoor interfaces on a
> single VLAN. But I think that would mean that all
> those interfaces would
> be accessible to the customer when he/she hooks up
> to backdoor network?
> So Customer A might be able to see Customer B's
> servers...
yes, this is a big problem with this solution. Im only
dedicating a single port as shown in the diagram going
to the access switch. Each customer will get 2 FE port
connections, 1 for primary and 1 for the backdoor
network. Would configuring private VLAN edge on the
3548 be of any help for the backdoor network assuming
they are all on the same VLAN?
 
> Also, if you have more then one customer in the
> maintenance room at a time,
> there's the possibility of sniffing the wire and
> capturing traffic.
is this possible in purely switched network?

> Would suggest you go with Private VLANs on your
> "backdoor" network. Even
yes, but i am running native IOS on the 6509

=====

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:20 EDT