[nsp] Colo DC setup

Sven Huster sven at huster.me.uk
Mon Dec 8 12:30:44 EST 2003


Did you try to enable storm-control?
Guess this should protect you from the amounts of broadcasts (if it's avail
on this platform).

Anyway, the thing is we got racks for larger colos where it is fine to
connect the 6500s directly to the customers.
For the rests (colos with one server only) as well as for the dedicated
servers we offer, this would mean up to 40 ports on a 6500 just for _one
rack_.
As just the line card alone is more then double the price of a 2950T-24
(broken down per port), it's simply a business decision to go with some
lower-end kit to aggregate to the 6500s.
Right now I need ~3500 ports for our current DC and growing. 

In the longer run we are also thinking about have another layer (maybe also
6500) as separate core.

BTW I got another mail saying putting BGP on the 6500 might not be a
brilliant idea ;-) (if I got it right).
Any comments on this? Should I put additional routers in front for our
upstreams/peeering?

Sven

> -----Original Message-----
> From: matthew zeier [mailto:mrz at intelenet.net] 
> Sent: Monday, December 08, 2003 5:12 PM
> To: cisco-nsp at puck.nether.net; Sven Huster
> Subject: Re: [nsp] Colo DC setup
> 
> I have a similiar setup - 6500s at the core and 6500s at the 
> customer access
> level.  For a couple racks, where it seemed to make sense, we 
> started using
> 2948s with trunks back to the access switches.
> 
> I've had poor performance with those switches.  I'm not sure 
> how far away
> the 2950s are from the 2948s.  If I get any sort of large increase in
> broadcast traffic (50Mbps+) (from, say, a worm/virus) from one machine
> anywhere within the spanning tree domain, it'll take down the 
> 2948.  This
> was with vtp pruning on.
> 
> Because of that and other issues, I'd shy away from those switches.
> 
> 
> ----- Original Message ----- 
> From: "Sven Huster" <sven at huster.me.uk>
> To: <cisco-nsp at puck.nether.net>
> Sent: Monday, December 08, 2003 7:22 AM
> Subject: [nsp] Colo DC setup
> 
> 
> > Hello
> >
> > I'm trying to design a new network for our colo/dedicated server
> customers.
> > What we are going to get will be most propably 2x 6500s for the
> core/distribution and 2950s for the access layer. So the 
> customers servers
> will be connected to the 2950s which got 1 uplink to each of the 6500s
> running HSRP.
> > The 6500s will also be connected to our upstream ISPs as 
> well as peers
> running BGP.
> > Guess the 6500s will run native IOS and the 2950 the EI.
> >
> > We got a /19 which is split into /24s where the customers 
> servers are on.
> >
> > What I wanted to do then is to isolated the customers 
> servers as much as
> possible with the option to enable communication were necessary.
> >
> > I read about PVLAN and protected ports but can really fit 
> this together
> 100%.
> >
> > Can someone outline how-to configure the 6500s and the 
> 2950s to work in
> the described setup, please?
> >
> > I guess I create a primary VLAN e.g. for the subnet 10.1.1.0/24
> (pvlan-10-1-1) and assign a secondary VLAN (svlan-10-1-1) to 
> it and use
> VLAN-ACLs to deny traffic between the servers.
> > Do I need to create only one secondary for all the machines 
> in the primary
> or do i need to break it down more then that?
> >
> > Also as far as i understand I configure the server ports on 
> the 2950s as
> protected and the trunks not.
> >
> > But how to I configure the VLAN membership on the 2950s. Primary or
> secondary VLAN?
> >
> > How will the traffic flow? Will it be part of the primary 
> VLAN once it
> left the 2950 or will it be carried on the secondary?
> >
> > How will broadcast traffic being handled?
> >
> > Many thanks
> > Kind regards
> > --
> > Sven
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> 



More information about the cisco-nsp mailing list