I have a related question: If you are separated, site to site, with a large layer 2 fiber network... would you put the traffic between routers over a VPN? Or is it common place for companies to "trust their providers" not to have a man in the middle, and just route?
I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel of some kind... But I'm curious if there are. --Matt Ross Ephrata School District ----- Original Message ----- From: Kim Longenbaugh [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 13 May 2010 13:05:09 -0700 Subject: RE: Network/WAN question > It sounds like you have 10 PPP circuits to your remote sites, each > currently a T1. You're replacing the T1s with Ethernet circuits. > > Just replace this: > >Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > >(172.21.x.x) > > With this: > >Main Site (172.20.x.x) ------ Ethernet "Wan" link (192.168.x.x) ------ > Remote Site > >(172.21.x.x) > > Your broadcast and collision domains would remain separate, just like > they are now. > > Unless your existing routers have the Ethernet port to handle the new > Ethernet "Wan", you'd have to do your routing with the L3 switches > anyway, so why not dump the routers and have just one piece of network > gear at each remote site to manage. > > > How would this work without routing? How's traffic on 172.20.x.x get to > 172.21.x.x, since those are separate subnets? > > >When setting up the Fiber, because layer 2, I do NOT have to have a > >seperate network for that WAN link anymore. I can set it up like: > >Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, May 13, 2010 2:42 PM > To: NT System Admin Issues > Subject: Network/WAN question > > > Hello. Looking for input on our current/proposed network. > > We have 10 sites. Each site is connected via T1 lines. There is a > router > at each site that handles the routing. > > We are replacing the T1 lines with fiber. The company leasing us the > fiber > is handing off an ethernet port at each site (all layer 2). > > My question is... Our current WAN setup with the T1s looks like this: > > Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > (172.21.x.x) > > The WAN link itself is on it's own network. > > When setting up the Fiber, because layer 2, I do NOT have to have a > seperate network for that WAN link anymore. I can set it up like: > Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > The downside with this is, broadcasts would still travel over the Fiber > link since the WAN link is not on a seperate network. It does however, > simplify things for me a bit. > > The question is, which of the two methods would you use? Putting the > Fiber WAN link on it's own network or, not? > > One other question. Since my HP switches at the main/remote sites are > able > to do IP Routing, would you also remove the routers (which are needed > with > the current T1 WAN links) completly from the enviroment and do all > routing > at the switch level? I'm leaning towards doing this and ditching the > routers. > > Thanks. > J > > > > > -------------------------------------------------------------------- > mail2web.com - What can On Demand Business Solutions do for you? > http://link.mail2web.com/Business/SharePoint > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
