[nsp] Colo DC setup

matthew zeier mrz at intelenet.net
Mon Dec 8 12:12:15 EST 2003 

I have a similiar setup - 6500s at the core and 6500s at the customer access
level.  For a couple racks, where it seemed to make sense, we started using
2948s with trunks back to the access switches.

I've had poor performance with those switches.  I'm not sure how far away
the 2950s are from the 2948s.  If I get any sort of large increase in
broadcast traffic (50Mbps+) (from, say, a worm/virus) from one machine
anywhere within the spanning tree domain, it'll take down the 2948.  This
was with vtp pruning on.

Because of that and other issues, I'd shy away from those switches.


----- Original Message ----- 
From: "Sven Huster" <sven at huster.me.uk>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, December 08, 2003 7:22 AM
Subject: [nsp] Colo DC setup


> Hello
>
> I'm trying to design a new network for our colo/dedicated server
customers.
> What we are going to get will be most propably 2x 6500s for the
core/distribution and 2950s for the access layer. So the customers servers
will be connected to the 2950s which got 1 uplink to each of the 6500s
running HSRP.
> The 6500s will also be connected to our upstream ISPs as well as peers
running BGP.
> Guess the 6500s will run native IOS and the 2950 the EI.
>
> We got a /19 which is split into /24s where the customers servers are on.
>
> What I wanted to do then is to isolated the customers servers as much as
possible with the option to enable communication were necessary.
>
> I read about PVLAN and protected ports but can really fit this together
100%.
>
> Can someone outline how-to configure the 6500s and the 2950s to work in
the described setup, please?
>
> I guess I create a primary VLAN e.g. for the subnet 10.1.1.0/24
(pvlan-10-1-1) and assign a secondary VLAN (svlan-10-1-1) to it and use
VLAN-ACLs to deny traffic between the servers.
> Do I need to create only one secondary for all the machines in the primary
or do i need to break it down more then that?
>
> Also as far as i understand I configure the server ports on the 2950s as
protected and the trunks not.
>
> But how to I configure the VLAN membership on the 2950s. Primary or
secondary VLAN?
>
> How will the traffic flow? Will it be part of the primary VLAN once it
left the 2950 or will it be carried on the secondary?
>
> How will broadcast traffic being handled?
>
> Many thanks
> Kind regards
> --
> Sven
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list