IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1822.61 MB
Powered by
Channel Info
Network: freenodeChannel: #cisco |
Search in www.irclog.org
Log from #cisco at freenode 2006-07-17
[20:28]<sdac2jd>eye, but without funding, purchase of equipment is impossible
[20:28]<sdac2jd>FYI: the boss has already looked to see if any of your devices are on eBay
[20:28]<vd2r>I wouldn't need to buy equipment. I already have all that I'd need to do it.
[20:29]<sazdn>FYI our devices are useless without a software license
[20:29]<sdac2jd>I know
[20:29]<sdac2jd>i told him that
[20:29]<sazdn>as in you dont have the management system heh
[20:45]<ansc>when you have to place 150 servers (one serverfarm) into your business what would you buy and which kind of infrastructer would you design for this?
[20:45]<vz2ufzzzsz>lots of quad dualcore opterons running ESX
[20:45]<ansc>including switching/routing to the core and firewalling equipment. if possible high redundancy.
[20:46]<vz2ufzzzsz>oh, silly me, you mean networking.. :)
[20:46]<ansc>tabularasa: iam talking about the network equipment not the server :-)
[20:47]<gndyvx>jesk: 6500
[20:47]<gndyvx>6748 blades
[20:47]<gndyvx>FWSM blade
[20:47]<gndyvx>dual sup-720's
[20:48]<gndyvx>but really here are the things you need to concider
[20:48]<vd2r>oooh. that sounds nice.
[20:48]<sazdn>god
[20:48]<vd2r>I only have supII's to mess with on 6500.
[20:48]<sazdn>i DESPISE people who only distribute crap ins src.rpm
[20:49]<gndyvx>Bandwidth (overprovisioning acceptable), Redundancy (is in-chassis redunancy viable or do you need dual chassis/switches), Security (bandwidth (need a FWSM) or external)
[20:49]<vd2r>with that sniffer module though and an IDS module that I can't get into without sending it to cisco.
[20:49]<vd2r>NAM and IDS. the NAM is neat. IDS not so much.
[20:49]<gndyvx>routing? Use whatever you are comfortable with / already have in place
[20:50]<gndyvx>you can do subsecond failover with both EIGRP and OSPF
[20:50]<vd2r>yeah we have SSO on a 4510 running EIGRP. rather nice
[20:50]<lfyl>hey guys... whats the best way to do load balance two point to point t1's
[20:51]<dffnw>theres a 4510?
[20:51]<dffnw>I guess there is, all we ever use is 4507Rs
[20:51]<vd2r>4510R.
[20:51]<vd2r>we have a few.
[20:51]<gndyvx>flip: MLPPP\
[20:51]<lfyl>nemith: thats it i just forgot the abbrivation.. thanks man :)
[20:52]<lfyl>nemith: actually will that interrupt the nat rules or anything i already have running on the router?
[20:52]<byffyngdjjn>back on iptables, anyone has done a isp redundancy with it before ??
[20:52]<byffyngdjjn>Scrye, you maybe ?
[20:53]<gndyvx>flip: well you'll move all your layer 3 config to the mlppp interface
[20:53]<gndyvx>so yes
[20:53]<ansc>nemith: so you would place into the 6500 firewall modules?
[20:53]<lfyl>nemith: ok well ill just read up then
[20:53]<gndyvx>jesk: depends on your needs
[20:53]<lfyl>thanks for the direction.
[20:53]<gndyvx>jesk: i do like the FWSM but an pair of external pix/ASA/whatever should suffice
[20:53]<ald>Scrye: [off-topic] with your clue on linux kernel internals, what iyo, is the best 1000bt nic for linux?
[20:54]<gndyvx>the nice thing about FWSM's is the bandwidth
[20:54]<gndyvx>ie backups and the such
[20:54]<ansc>nemith: i dont know exactly, but placing firewalls in front of/behind is problematically
[20:54]<ansc>i front of there would be then some routing issues
[20:54]<ansc>i would take two 6500 each of them serving 75 hosts
[20:55]<ansc>these two connected to two core router
[20:55]<ansc>with 4 lines
[20:55]<gndyvx>there are two models really, one where you have the firewalls sit inbetween physical switches
[20:56]<gndyvx>or where the firewalls sit inline using vlans for seperation
[20:56]<gndyvx>FWSM does it automatically
[20:56]<ansc>this is very good
[20:56]<gndyvx>but easy to do on a pix or asa
[20:56]<ansc>but do you see no problems connecting standalone firewall in front of the 6500?
[20:56]<ansc>i would use the 6500 for routing too
[20:56]<gndyvx>absolutly
[20:56]<ansc>redundant via igp on the core
[20:57]<dffnw>what are the failover option on a pix?
[20:57]<gndyvx>jesk: in chassis redundacy?
[20:57]<ansc>i dont have any idea with running an IGP on a firewall with 2 port-channels to the 6500 and two port-channels to the core
[20:57]<gndyvx>need a full gig to each server (no oversubscribtion?)
[20:57]<vz2ufzzzsz>mplex: active/active active/passive
[20:58]<gndyvx>with good address planning, no IGP is needed on the firewall
[20:58]<ansc>nemith: jeah a full gig, but not synchronously on all 150 ports :)
[20:58]<gndyvx>for example your DMZ is 10.128.0.0/16 and your inside is 10.0.0.0/16
[20:58]<gndyvx>two static routes on the firewall takes care of everything
[20:59]<ansc>yeah, but running BGP on these edge 6500er is a nice addon
[20:59]<ansc>isnt it?
[20:59]<dffnw>hmm, if in active active, what if one interface went down on one side of the pix, would it shut itself down completely or still accept packets on the other side
[20:59]<gndyvx>jesk: for what reason?
[20:59]<vz2ufzzzsz>mplex: yes, you can have it monitor interfaces
[21:00]<gndyvx>your IGP will take care of connectivity to the core, correct?
[21:00]<dffnw>nice, thats what I needed to know
[21:00]<ansc>nemith: yeah
[21:00]<gndyvx>you won't be connecting to another AS via the server switches
[21:00]<ansc>no
[21:00]<ansc>with an IGP i could do a little bit load-sharing to the two core routers
[21:00]<ansc>based on metrics
[21:01]<gndyvx>yes
[21:01]<gndyvx>you can do transparent firewalls
[21:01]<gndyvx>and pass the routing protocols through
[21:01]<ansc>yes would be an alternative
[21:02]<gndyvx>as long as you have a small routing table, IGP on your firewalls is possible
[21:02]<ansc>but, without running igp on the 6500er i could use the two connected firewall ips for igp metric sharing based on the two core machines which are connecting to the firewalls
[21:02]<dffnw>I always heard you shouldnt run igp on a firewall or through it
[21:02]<ansc>the the 6500er can announce their routes via bgp
[21:03]<ansc>ok
[21:03]<gndyvx>failover on bgp is great
[21:03]<ansc>iam thinking about stack based switches maybe
[21:03]<gndyvx>and you still need igp or static routes for bgp connectivity
[21:03]<ansc>with RSTP
[21:04]<ansc>jeah
[21:04]<ansc>using 3750 for 150 machines shared on 5 switches is maybe to expensive
[21:05]<ansc>but on failure only one switch is affected
[21:05]<ansc>would this maybe better?
