1

i need to find out what would be best way to bridge current datecenter with new DR datacenter. I have following network configuration (show in picture).

https://i.stack.imgur.com/KDUgi.jpg

So on internal 3850 i have 2 VLANs for hosts and 2 vlans connecting it with Edge FW and ASA in the back. On ASA i have 2 vlans for hosts and 1 VLAN connecting it to 3850.

The plan is to have exact network layout on DR DC but the question would be how to bridge everything? Seems to me i need brigde interface in every VLAN where hosts are? With current equipment is it possible to do it (i have 1 more Cisco Nexus 5548 with IP base license that is currently used for SAN and Vmware hosts all the way down). From the network technologies that would enable me to do it i was looking at L2TPv3, OTV and maybe IRB. From opensource openvpn looks to be a possible solution.

2 DCs won't have point-to-point link, only Internet connectivity will be enabled so i guess i need to open firewall ports to somewhere where i would terminate the bridge connection. Any suggestions?

Thank you

opti2k4
  • 21
  • 3
  • 3
    I would strongly suggest that you take another call to your provider and ask for either a managed Multi-IPVPN (MPLS) or a 802.1ad (QinQ) link. It will make your life so much easier. – pauska Jan 23 '15 at 11:22
  • Well we have our own BGP ASN so not sure that is viable solution. We are connected to 2 ISPs. We did ask for point-to-point link and it was i think $2500 USD per month for 1 gig which was to expensive. – opti2k4 Jan 23 '15 at 12:26
  • There are many different ways of looking at expenses and returns.. I strongly recommend using a managed link between datacenters if possible (SLA, QoS, monitoring etc). – pauska Jan 23 '15 at 13:08
  • I think i am not in positing in getting that, i need to find a solution with existing equipment. Opensource on Linux is also a solution. – opti2k4 Jan 23 '15 at 16:56
  • Is there a reason you wouldn't just use a site-to-site VPN? – jlehtinen Jan 23 '15 at 20:27
  • Well it's obvious, i need to have same IP subnets on other side and all VLANs have to be extended to DR site. – opti2k4 Jan 24 '15 at 19:23

0 Answers0