[c-nsp] 6500 SUP720 datacenter setup

[Lars Eidsheim]

I am looking for advice regarding a 6500 layout in a datacenter setup. The 6500 has SUP720-3B running 12.2(33) SXI4 Adv.IP Services. The initial design was to terminate and route customers on the 6500 using a unique VLAN for each customer and allocate a IP subnet for each VLAN.

An issue about this solution is firewalling and we will need to firewall some customers. According to other threads the IOS firewalling feature is limited on the 6500 platform and should be avoided. A stateful portbased firewall using ACLs would be sufficient for our need if it would be the same as in router IOS. A quick solution would be to terminate all customers on a router, eg a 7200, which would  do the job, but we would have all traffic routed over a single interface which would make the router a bottleneck.
Another solution might be to use FWSM as a transparent firewall (see diagram below). I would prefer to terminate interfaces on the 6500 rather than on the FWSM in a routed setup.

Vlan 200 (WAN 1) (x.y.z.1/30)
                |
                |
.-----------.
|6500 SUP720|
'-----------'
                |
                |
Vlan 100 (CUST A) (a.b.c.1/30)
Vlan 101 (CUST B) (a.b.c.5/30)
Vlan 102 (CUST C) (a.b.c.9/30)


I would be happy to hear your thoughts and experience on the subject.

Regards,

Lars Eidsheim



________________________________
This email has been scanned and secured by Intellit

This communication is for use by the intended recipient and contains information that may be privileged, confidential and exempt from disclosure or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any dissemination, use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system.