Always encrypt between sites... -ASB: http://XeeSM.com/AndrewBaker
On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross <[email protected]>wrote: > I have a related question: > > If you are separated, site to site, with a large layer 2 fiber network... > would you put the traffic between routers over a VPN? Or is it common place > for companies to "trust their providers" not to have a man in the middle, > and just route? > > I can't imagine anybody actually does this without an IPSec or OpenVPN > tunnel of some kind... But I'm curious if there are. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Kim Longenbaugh > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Thu, 13 May 2010 > 13:05:09 -0700 > Subject: RE: Network/WAN question > > > > It sounds like you have 10 PPP circuits to your remote sites, each > > currently a T1. You're replacing the T1s with Ethernet circuits. > > > > Just replace this: > > >Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > > Site > > >(172.21.x.x) > > > > With this: > > >Main Site (172.20.x.x) ------ Ethernet "Wan" link (192.168.x.x) ------ > > Remote Site > > >(172.21.x.x) > > > > Your broadcast and collision domains would remain separate, just like > > they are now. > > > > Unless your existing routers have the Ethernet port to handle the new > > Ethernet "Wan", you'd have to do your routing with the L3 switches > > anyway, so why not dump the routers and have just one piece of network > > gear at each remote site to manage. > > > > > > How would this work without routing? How's traffic on 172.20.x.x get to > > 172.21.x.x, since those are separate subnets? > > > > >When setting up the Fiber, because layer 2, I do NOT have to have a > > >seperate network for that WAN link anymore. I can set it up like: > > >Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > > (172.21.x.x) > > > > > > > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: Thursday, May 13, 2010 2:42 PM > > To: NT System Admin Issues > > Subject: Network/WAN question > > > > > > Hello. Looking for input on our current/proposed network. > > > > We have 10 sites. Each site is connected via T1 lines. There is a > > router > > at each site that handles the routing. > > > > We are replacing the T1 lines with fiber. The company leasing us the > > fiber > > is handing off an ethernet port at each site (all layer 2). > > > > My question is... Our current WAN setup with the T1s looks like this: > > > > Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > > Site > > (172.21.x.x) > > > > The WAN link itself is on it's own network. > > > > When setting up the Fiber, because layer 2, I do NOT have to have a > > seperate network for that WAN link anymore. I can set it up like: > > Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > > (172.21.x.x) > > > > The downside with this is, broadcasts would still travel over the Fiber > > link since the WAN link is not on a seperate network. It does however, > > simplify things for me a bit. > > > > The question is, which of the two methods would you use? Putting the > > Fiber WAN link on it's own network or, not? > > > > One other question. Since my HP switches at the main/remote sites are > > able > > to do IP Routing, would you also remove the routers (which are needed > > with > > the current T1 WAN links) completly from the enviroment and do all > > routing > > at the switch level? I'm leaning towards doing this and ditching the > > routers. > > > > Thanks. > > J > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
