mark.tinka at seacom
Oct 1, 2012, 6:30 AM
Post #12 of 12
On Wednesday, August 01, 2012 05:23:05 PM Erik Nelson wrote:
> I have always thought it is a best practice to not put
> servers or PCs on links/subnets that connect routers
> together. I also have always thought that router to
> router links should be 1:1. For example, the link from a
> top-of-rack or end-of-row router to the data center core
> should be a dedicated link.
> I have run into a situation where there is insistence
> that both of these practices not be observed. I am being
> asked to put many router uplinks on a single subnet
> connected to a single port on the core router. I am also
> being asked to put a web server on this same subnet.
> What do others think of this? I have been unable to find
> anything on the web that says anything for or against.
> If anyone knows of authoritative guidelines on the web
> about this I would be very interested.
Within a PoP, I've normally had 2x core switches. All edge
and peering routers will share the same VLAN on each core
switch, but different VLAN's between the switches (the
switches are interlinked, but this is superfluous, as
traffic never follows that path anyway due to all routers
multihoming to both switches).
The core routers also connect to the core switches, into the
appropriate VLAN on each core switch in order to be on the
same subnet as the edge and peering routers on that
The reason we use VLAN's on the core switches is because in
some PoP's, there are border routers too. Those will live in
a separate VLAN from the edge and peering network, along
with the core router interfaces to match (in the past, a PoP
would have 4x core switches to support this, but routers
have now gotten more powerful and major upstream providers
all support 10Gbps hand-offs now).
So yes, I agree that sharing a subnet between your
infrastructure makes sense, i.e., between your core routers,
border routers, edge routers, peering routers, e.t.c.,
particularly if you find that you're massively
underutilizing port bandwidth in a point-to-point topology.
However, I also wouldn't recommend placing your services on
the same subnet as your core infrastructure, particularly if
you can afford not to.
What I have done at previous employers is to have a so-
called "Production" router, which hooks into the core switch
also. This router is responsible for aggregating downstream
traffic from services-oriented infrastructure, e.g., DNS,
RADIUS, FTP, HTTP/HTTPS, SMTP, POP3, DHCP, e.t.c. This way,
you keep your services separate from your transport network,
in case it makes sense for you to do so.
In smaller networks with little cash to spend, everything is
collapsed into a single router, including transit and
peering traffic, customer edge termination, services
aggregation, e.t.c. It will work, but presents challenges
that only you will discover down the line.
Hope this helps.