Results 1 to 21 of 21
  1. #1

    Routers, Switches Layout

    We have decided to move away from renting the servers for our webhosting needs. After some research in datacenters available in the Washington state area. AboveNet, internap and the WestinBuilding(Nuetral Carrier Facility).

    Some had some nice benefits for example. internap provided 2 100mbps lines 1 primary and 1 failover uplinked to 6 gige lines.
    but their prices were outragous, they wanted $2000 a month just for the rack space not including bandwidth.

    Abovenet was well priced and offered similar as far as uplink though you had to pay extra for the failover which is expected.
    but the downfall is you are limited to abovenet and their peering with other networks so if abovenet goes down you are screwed.

    So we have decided on the WestinBuilding. We were quoted $750 a month for a full rack including power. additionally we were able to obtain quotes for 2 x 100mbps lines from seperate carriers with 10mbps commit at $40 per mbps which = $800 a month for bandwidth while we are getting started.

    We were also quoted for each line $20 per mbps once we move to 100mbps commit on each.

    this has already shown to be a huge plus over internap cost effective wise that is.

    Okay now for the question Routers, Switched Layout.

    as we are unfamiliar with how this type of setup would take place in a nuetral carrier facility can you guys please give your input on what we should do to achieve the best redundancy.

    we were thinking 2 cisco routers for the edge routers each one handling the imput from a single backbone connection.

    from there to our distribution layer consisting of 2 Multilayer (Layer2/Layer3) switches. so each of these switches would receive a line from each of the edge routers.

    from there to the switches located on the racks for the customer layer.

    I really don't see the point of having an aggregation layer but you could enlighten me on that one.

    Also what do you suggest for switches and routers? which routers with which options?

    We want the ability to pull the plug on the 100Mbps lines at any time and plug in a gig-e with no upgrades required.

    also where in this schematic where would you recommend pluggin in a cisco pix firewall to help mitigate ddos?

    the goal here is redundancy. and if there is anything I am missing here from a complete setup please do inform me of it. We are trying to get a solid plan together before the move.

    right now this will be used for a few boxes running webhosting , IRCd hosting and shellhosting.

    eventually we are looking into offering co-location and dedicated hosting.


    Your Help is much appreciated thank you in advance.

  2. #2
    Join Date
    Aug 2001
    Location
    California
    Posts
    1,211
    Are your providers giving you a gig handoff or a fastE as the answer will help us determine what type of equipment you need.

    Will you need to do any rate limiting/traffic shaping on the switches?

    -Steven
    https://www.ihnetworks.com
    BGP Blend of Telia, GTT, Zayo, and Tata in One Wilshire, Los Angeles! Enterprise Datacenters around the world, including Amsterdam, Singapore, London, and the United States.
    True Definition of Managed Hosting
    Proudly Offering Shared Hosting, Reseller Hosting, VPS, Dedicated Servers, and Co-location

  3. #3
    Join Date
    Aug 2002
    Location
    Atlanta, GA
    Posts
    1,114
    Go with something simple that you can grow with. I'd suggest something like a Foundry BigIron 4000 for the router. Get two management moduals and redundant power supplies add a 8GC or 24E card and you are in business. You can pick them up used for around 10K. In my opinion, it's a much better option then most of the used Cisco stuff out there.
    SiteSouth
    Atlanta, GA and Las Vegas, NV. Colocation

  4. #4
    at first it is only 2x 100mbps ethernet handoff's

    I juist want to be able to at anytime upgrade the equiptment to 2 gig-e's

    as far as the foundery that is pretty big for this application. I was looking to start small and work up from there.


    I just am looking for routers and switches that can handle 2 gig-e handoff's for when we do upgrade to that point.

    I was thinking Cisco 7200's for the edge routers.

    and I am not quite sure how to handle the distribution layer switches what to go with that is and if I even need a aggrigation layer why that is required I dunno.

  5. #5
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    Given the available new Cisco equipment available these days, spending $10k on an antiquated Foundry (a questionable platform for layer-3 especially as a BGP-speaker) is not a cost-effective short-term solution, let along a good long-term move. Likewise, Cisco 7200-series is generally expensive on the used market and is a poor long-term choice.

    You haven't really posted enough information to get good suggestions regarding your distribution and access needs. Port count, type of customers (dedicated / co-lo or shared/fully managed), and required features (policing/rate-limiting) are all information you'll want to share to get good advice.

    Also important, of course, is how sensitive you are to price, both in terms of cost/port in the long-term, and immediate expenses for your initial build. Sometimes you spend more per port on access switching now but you later make a topology change to reduce overall cost, leaving you with some access switches that do substantially more than you need. You spend more money in the long-run but you put off a large capital expense until you have a budget (and customer base) for it.

    I'm glad you decided to locate in the Westin Building. What two transit providers did you choose?
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  6. #6
    well at first it is going to be shared hosting servers, and eventually move onto dedicated/managed servers and co-location

    each box we plan on running a 100Mbit port to.


    I do want to keep price down by only selecting routers and switches that will get us by on 2 gig-e lines.

    as far as providers we have chosen abovenet and level3 for now.

    also we would like bgp to be integrated into this if possible on lower cost switches.


    problem I am having is there is so many different cisco products it is making my head spin. I am currently going to school for me E-Businesss Administration degree but I have not yet got to my cisco networking classes.

    Hopeing to get some good info on which products to choose for the 3 layer system recommended by cisco

    Core Layer
    Distribution Layer
    Access Layer

  7. #7
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    You still didn't post answers to several of my questions, e.g. port count and desired features; and I would like to know more about your bugetary situation. That said, here are some suggestions. Keep in mind I really don't know enough about your plans to give you a good recommendation that will grow with you, but you haven't supplied enough information yet.

    Starting out with two transit providers, you will need to either operate as two basically seperate networks without redundancy, or you will need BGP-speaking equipment now.

    Cisco 3750/3560/3550-series layer-3 switches are inexpensive and do have BGP support, however, they have limited hardware routing tables and memory. You cannot accept a full BGP table on these switches, but you could use one of your transit providers, say Level3, for your egress traffic; with traffic shifting to Abovenet only if Level3 fails. Inbound traffic would reach you via both transit providers. This gives you redundancy, but you have a transit circuit that you're paying for, but are not getting very much use out of due to equipment limitations.

    That option would be inexpensive in terms of capital dollars, however you would be wasting some OpEx dollars on a transit circuit. That might be a perfectly good way for you to get started, though.
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  8. #8
    as far as needed features for this kind of operation I would hope you could fill in the gaps for me let me know what I need to accomplish this.

    I am looking for ddos midigation is a must, because I will be allowing IRC

    definately want bgp full no limitations

    port count how many ports do I really need on Core layer and Distribution Layer?

    As far as access layer max ports.


    I am trying to put together a required hardware list for the investors. But I want to be able to go at them with a this is why this type of hardware is required and this is why the price is justified type of approach.

    Idea is on whatever size loan I receive to keep at least one year of cash to pay for operation costs such as bandwidth ect.

    then we will probably be purchasing about

    20 x P4 3.2Ghz with dual 160GB sata drives.
    10 x Dual Xeon 3.2's with 2 x 72GB SCSI
    10 x Dual Xeon 3.2's with 2 x 200GB sata drives RAID 1.
    2 x NAS system

    we will only be starting off with one rack but the hardware will be there for immediate exapansion.

    We estimate an approximate 3 servers per month expansion in sales.

    As far as what routers and switches with what options we need to do this type of operation we have no idea what would you do if you were starting this type of operation?

  9. #9
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    To be honest, your expectations are a bit unrealistic. IRC hosting attracts multi-gigabit DDoS attacks on routine basis. With just two 100baseT transit circuits, you will never be able to offer reliable services with that target painted on your network.

    You'll also need to invest substantially more in routers to handle the heavy PPS loads that come with IRC hosting.
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  10. #10
    If you're looking for superb filtering and ddos protection I encourage you to check with Prolexic Technologies ( formerly DigiDefense International ). They provide superb filtering and ddos protection.. its not cheap, but it essentially assures you of no downtime due to ddos attacks. Of course you can do all the filtering yourself, but as someone else said - hosting irc servers is like painting a giant target on yourself and do you therefore want to be dealing with filtering all the time, or would you rather pay someone else to do the grunt work? Not to mention since Prolexic absorbs the attacks on their bandwith you can also figure a lower ammount of bandwith needed due to not carry as much overhead for attacks...

  11. #11
    Join Date
    Feb 2002
    Location
    New York, NY
    Posts
    4,618
    Originally posted by TechnoGecko
    If you're looking for superb filtering and ddos protection I encourage you to check with Prolexic Technologies ( formerly DigiDefense International ). They provide superb filtering and ddos protection.. its not cheap, but it essentially assures you of no downtime due to ddos attacks.
    Filtering devices are nice, but if you don't have enough raw bandwidth to handle an attack, such devices are completely useless.
    Scott Burns, President
    BQ Internet Corporation
    Remote Rsync and FTP backup solutions
    *** http://www.bqbackup.com/ ***

  12. #12
    Originally posted by Salvia


    20 x P4 3.2Ghz with dual 160GB sata drives.
    10 x Dual Xeon 3.2's with 2 x 72GB SCSI
    10 x Dual Xeon 3.2's with 2 x 200GB sata drives RAID 1.
    2 x NAS system

    we will only be starting off with one rack but the hardware will be there for immediate exapansion.

    Id say you need at least two cabinets for that hardware. Assuming its all 1u, that leaves no room for your network gear, cable management, or power, unless you are using zero U power.

  13. #13
    Originally posted by Salvia


    20 x P4 3.2Ghz with dual 160GB sata drives.
    10 x Dual Xeon 3.2's with 2 x 72GB SCSI
    10 x Dual Xeon 3.2's with 2 x 200GB sata drives RAID 1.
    2 x NAS system

    While this will of course depend on the actual hardware used, my guess is that you will need approximately 50-80 Amps of power. Make sure, as the other poster suggested that you have power distributions for a minimum of 42 plugs and that the data center will permit that amount of power in one cabinet.
    *AlphaOmegaHosting.Com* - Hosting since 1998
    Managed Dedicated Servers and VPS
    Hosted Exchange 2010 Email Service

  14. #14
    You can pick up two Cisco 7200 with NPE-300 processors and three fast-e ports each for less than 10k. With two gig-e ports you'll pay a little more. In todays age of multi-million pps routing, 300k pps doesn't sound like much, but if you're just starting out it's still quite substancial. And frankly, by the time you blow out those routers you had better be making enough to buy something more substancial. Else you don't have a business

    With two 7200's each connected to one upstream, each running BGP with the upstream, and an internal routing protocol between the routers, you have a fully redudant routing infrastructure that also puts both routers CPU's to use. That assumes you have a redudant switching fabric. The alternative is an HSRP setup where one router is a hot spare.

    I believe that defending against DDOS on a router is a poor choice, as that runs you the risk of burning up the CPU and impacting performance and availability of your network. As such you should be considering an external device in front of the routers with 1Mpps capacity minimum, and preferably more.

    As far as your IRC requirement, I don't know what to tell you there. Like the other guy said, you don't have the bandwidth to defend against a major DDOS attack, and as such the discussion there is moot.

    I hope this helps. Obviously there are a lot of variables that need to be considered, and only you know them all.

  15. #15
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    Originally posted by convergentns
    You can pick up two Cisco 7200 with NPE-300 processors and three fast-e ports each for less than 10k. With two gig-e ports you'll pay a little more.
    You could do that, but it would be a foolish waste of money. As I said, new Cisco products that perform better than the 7200-series are available at pricepoints less than used 7200s. There is no place for 7200s in an all-Ethernet hosting network these days.

    you have a fully redudant routing infrastructure that also puts both routers CPU's to use.
    A few more details obviously need to be filled in to deliver "full redundancy." Also, keep in mind that typical traffic patterns and routing policy will result in 30% - 50% of egress traffic traversing both border routers, not just one. Both CPUs are put to use alright, but it falls substantially short of doubling PPS-bearing capacity.
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  16. #16
    When recently shopping for a similar application for a client, we purchased 2 Base Juniper M7i's with 2 x 10/100 for for a small premium over what you would pay for an NPE-400 equiped 7200 series FE platform.

  17. #17
    In response to jsw...

    Acheiving linear scalability in PPS performance though multiple egress routers within a BGP routing environment is obviously unattainable within an Internet connected network.

    Further the senario I suggested wouldn't really be redudant unless the aggregate packet flow though both routers did not exceed the capacity of a single router. Else in the case of a failure network performance would be impacted. Therefore doubling CPU capacity is not a true objective. My point was that short term spurious increases in traffic (such as during a DDOS attack) could be better addressed with both CPU's routing instead of just one.

    If you could post the new Cisco model numbers that provide 300-400kpps performance for less than $5,000 each with dual gig-E interfaces that would be great. I don't happen to know of any, so perhaps you'd be good enough to share. That information of course would immediately impact the secondary market for 7200's, or at least push prices way down. So it would be a good thing for all of us, except equiptment vendors of course
    Convergent Network Services - IronColo.com
    Colocation - Dedicated Servers - Managed Services

  18. #18
    Join Date
    Jun 2005
    Location
    Portugal
    Posts
    1
    Hello to you all. It's my first post here. I have already learned a lot by reading this forum. Thanks to all that post.

    DoubleD can you tell me the supplier of those Juniper M7. I would like to buy one. Thanks.

  19. #19
    Join Date
    Feb 2004
    Location
    Louisville, Kentucky
    Posts
    1,083
    Originally posted by convergentns
    If you could post the new Cisco model numbers that provide 300-400kpps performance for less than $5,000 each with dual gig-E interfaces that would be great.
    Bits of information like this is how we earn our clients' fees.
    Jeff at Innovative Network Concepts / 212-981-0607 x8579 / AIM: jeffsw6
    Expert IP network consultation and operation at affordable rates
    95th Percentile Explained Rate-Limiting on Cisco IOS switches

  20. #20
    Join Date
    Jun 2005
    Posts
    8
    I suggest linksys

  21. #21
    The Cisco ISR's have alot more power than the previous generation Cisco's in the same price range. There seems to be a real lack of performace numbers on these units though as most of the test reports have been focused on the flexibility of these boxes, instead of raw throughput. However for 2 x 10/100 on a tight budget, I would probably stick with PC based routers running FreeBSD5 or Imagestream PC based routers if you want the extra security of a warranty and support. When you outgrow this investment, you should have enough income to support the Jump to Juniper or Cisco 7600/6500.

    convergentns: If you have a source for 7200's with Dual Gig-E for $5k I'd love to know where. The NPE-G1 is typically more than that alone in the used market.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •