Results 1 to 16 of 16
Thread: Colo Network Planning - Routing
-
09-20-2006, 04:14 PM #1Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 36
Colo Network Planning - Routing
I'm in the final pre-planning stages of setting up a full rack for several clients who need some basic georedundancy for their databases. Additionally, I'm going to put about 5-6 web & mail boxes there, consolidating them from their existing dedicated hosting (CiHost is selling me the boxes).
My concern is my lack of strong experience with the necessary routing/firewall/and switching equipment for an environment of this type.
I'm getting a 100mbps fiber drop, and need to get a router. I've got a PIX 506E that I intend to use to firewall both my boxes and the tenant machines. I've got a 2950-24 switch.
Keeping in mind that I would like to keep the budget down, what would be the best router to select in this situation? Is there a fiber module that I can use directly with the router?
I've got several options for an IP allocation:
The default - /30
No questions asked - a /29 statically routed to the /30 for my router
A /24 & apply for an ASN to run BGP
A /24, /25, /26, /27, or /28 based on justification
As I see it, we're going to have around 16 physical servers, and a need for at least 24 IP's. I see a growing need for HTTPS on a number of these servers so that need may probably grow to provide those sites with their own IP.
Any suggestions on the "right" block to choose? Should I just shoot for a /24 and set up BGP? All my machines, at this point, will be in that single colo rack, but I can see a possibility of locating machines elsewhere at a point in the future (2+ yr).
What are some recommended crash courses/books on working with Cisco gear? I have a general understanding, and am confident that I can get things up and running as and when needed, but need at least a good reference to getting the most out of my networking hardware.
-
09-20-2006, 10:33 PM #2Web Hosting Master
- Join Date
- Nov 2002
- Posts
- 2,780
You should try to ask your host to route a /26 for you. This would be easiest of all the options you listed. You also do not need to purchase a router. BGP is not a justification for IP space with ARIN. Ideally, you really should be using a /23 if you wish to speak BGP.
http://Ethr.net jay@ethr.net
West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC
-
09-20-2006, 10:43 PM #3Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 36
I'm going to be required to have my own router, per their contract. The only instance in which I wouldn't need a router is if I were getting retail bandwidth (no subleasing/webhosting allows) and needed no more than a /28.
(I, too, don't quite understand the *requirement* that I have a router, but whatever..)
-
09-20-2006, 10:51 PM #4Web Hosting Master
- Join Date
- Jun 2000
- Location
- Washington, USA
- Posts
- 5,990
100Mbps over fiber? Guess they are using 100BaseFX. How much bandwidth do you expect to push?
-
09-20-2006, 10:58 PM #5Web Hosting Master
- Join Date
- Aug 2004
- Location
- Houston, TX
- Posts
- 1,405
Why do fiber? Cheaper todo cat5.
Eleven2 Web Hosting - World-Wide Hosting, Done Right!
Shared Hosting | Reseller Hosting | Dedicated | Virtual Premium Servers
Server Locations in: Dallas | Los Angeles | Singapore | Amsterdam
-
09-20-2006, 11:08 PM #6Managed Service Provider
- Join Date
- Feb 2004
- Location
- Atlanta, GA
- Posts
- 5,662
Also do you really need a "router" or a basic layer3 switch?
Why would you speak BGP with only *1* provider?
-
09-21-2006, 12:48 AM #7Junior Guru Wannabe
- Join Date
- Feb 2006
- Location
- San Antonio, TX
- Posts
- 49
the bad thing is the fiber handoff...
Simplest scenario you get a media converter to convert it to 100basetx to plug into a vlan on the switch.
I would have them setup a /29 (assuming for HSRP IPS on the provider side or redundant firewalls in the future) and route the additional IP address to the IP address of your PIX,
then on your PIX you setup the outside interface on the /29 and for the additional IPs that they route to your PIX interface you just setup Static NAT mappings (of course if your solution is going to play well with NAT). You could do something similar with no-nat but its really simple with NAT. What you basically end up with is your PIX doing simple routing but remember the PIX will not route traffic in and out the same interface so you may end up having to need static routes on some of the servers behind the firewall.
www -- /29 --- PIX --- all external ips end up on your private block of ips ex 10.10.10.0/24
This way you dont need any extra equipment.
-
09-21-2006, 11:05 AM #8WHT Addict
- Join Date
- Jul 2005
- Posts
- 139
Hello,
Jay wrote:
Originally Posted by Mfjp
Best regards,
David
-
09-21-2006, 11:53 AM #9Web Hosting Master
- Join Date
- Jan 2004
- Location
- Texas
- Posts
- 1,556
Originally Posted by garp74James Lumby
-
09-21-2006, 12:26 PM #10WHT Addict
- Join Date
- Jul 2005
- Posts
- 139
May I have an example of a North American carrier (of size) who filters out /24 route announcements sent to them by a peer, please? My impression was such filtering practices (esp. by large providers) were a thing of the past.
-
09-21-2006, 05:02 PM #11Web Hosting Master
- Join Date
- Jun 2001
- Location
- Denver, CO
- Posts
- 3,302
Originally Posted by WireSixJay Sudowski // Handy Networks LLC // Co-Founder & CTO
AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
Current specials here. Check them out.
-
09-21-2006, 06:33 PM #12Junior Guru Wannabe
- Join Date
- Apr 2006
- Posts
- 36
Here's the pertinent part of the agreement. If you guys have suggestions or advice, let me know. This is my first colo; I've done a lot of dedicated, but not dealt with this stuff before.
II. TYPE OF SERVICE
3. Customer Hardware:
NOTE:
Customers classed as "Wholesale" are those that Resell IP Services of any type on the circuit. Typical examples of this would be a collocation, streaming, or webhosting company. All Resellers are required to use a Router (or other Layer-3 Device) to connect to [COMPANY].
Customers classed as "Retail" are End-Users. A typical example would be a law firm with offices in a [COMPANY] building. Circuits sold as "Retail" are only to be used for internet access for company employees and for company business. Web hosting your own corporate sites is OK, web hosting those of someone else is not. Retail customers may use a Switch or Firewall (or other Layer-2 Device) to connect to [COMPANY] if they require a /25 (128 IPs) or less. If more than a /25 is required, a Router (or other Layer-3 Device) is required.
[ ] Layer-3 Device (Router/Firewall) [ ] Layer-2 Device (Switch)
A: Manufacturer: __________________
Model: __________________________
B: Redundancy: I have two routers/firewalls and need a /29 on the connected interface instead of a /30 [ ] Yes [ ] No
4. Do you need to run BGP? [ ] Yes [ ] No
-
09-21-2006, 09:08 PM #13Junior Guru Wannabe
- Join Date
- Feb 2006
- Location
- San Antonio, TX
- Posts
- 49
please review my post..
BGP is completely unnecessary since you have one upstream, you will basically piggy back off of your providers redundancy. if you need to null route, look at the SHUN command in the pix.
-
09-22-2006, 02:56 AM #14Web Hosting Master
- Join Date
- Jan 2004
- Location
- Texas
- Posts
- 1,556
Originally Posted by garp74James Lumby
-
09-22-2006, 06:32 AM #15Web Hosting Master
- Join Date
- Nov 2002
- Posts
- 2,780
Originally Posted by garp74
(I just looked, and we're annoucing some /24 on it's own and nobody complaint about them, so it must work)http://Ethr.net jay@ethr.net
West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC
-
09-22-2006, 01:51 PM #16WHT Addict
- Join Date
- Jul 2005
- Posts
- 139
Hello,
Thanks for the replies, James and Jay.
I receive Sprint's full table as a BGP customer of theirs. A check of today's data finds them passing me 105,076 /24s (and 16,667 /23s, for what it's worth). 105k = clearly unfiltered
From my seat, operators have made it clear to me that prefix length filtering at the /24 and shorter level is a thing of the past (in North America). Originating a /24 prefix from your AS to your providers should result in good reachability.
Best regards,
David