I thought so. Thanks for the sanity check.
--Matt Ross Ephrata School District ----- Original Message ----- From: Andrew S. Baker [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 13 May 2010 14:21:35 -0700 Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question) > Always encrypt between sites... > > -ASB: http://XeeSM.com/AndrewBaker > > > On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross > <[email protected]>wrote: > > > I have a related question: > > > > If you are separated, site to site, with a large layer 2 fiber network... > > would you put the traffic between routers over a VPN? Or is it common > place > > for companies to "trust their providers" not to have a man in the middle, > > and just route? > > > > I can't imagine anybody actually does this without an IPSec or OpenVPN > > tunnel of some kind... But I'm curious if there are. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: Kim Longenbaugh > > [mailto:[email protected]] > > To: NT System Admin Issues > > [mailto:[email protected]] > > Sent: Thu, 13 May 2010 > > 13:05:09 -0700 > > Subject: RE: Network/WAN question > > > > > > > It sounds like you have 10 PPP circuits to your remote sites, each > > > currently a T1. You're replacing the T1s with Ethernet circuits. > > > > > > Just replace this: > > > >Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > > > Site > > > >(172.21.x.x) > > > > > > With this: > > > >Main Site (172.20.x.x) ------ Ethernet "Wan" link (192.168.x.x) ------ > > > Remote Site > > > >(172.21.x.x) > > > > > > Your broadcast and collision domains would remain separate, just like > > > they are now. > > > > > > Unless your existing routers have the Ethernet port to handle the new > > > Ethernet "Wan", you'd have to do your routing with the L3 switches > > > anyway, so why not dump the routers and have just one piece of network > > > gear at each remote site to manage. > > > > > > > > > How would this work without routing? How's traffic on 172.20.x.x get to > > > 172.21.x.x, since those are separate subnets? > > > > > > >When setting up the Fiber, because layer 2, I do NOT have to have a > > > >seperate network for that WAN link anymore. I can set it up like: > > > >Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > > > (172.21.x.x) > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[email protected]] > > > Sent: Thursday, May 13, 2010 2:42 PM > > > To: NT System Admin Issues > > > Subject: Network/WAN question > > > > > > > > > Hello. Looking for input on our current/proposed network. > > > > > > We have 10 sites. Each site is connected via T1 lines. There is a > > > router > > > at each site that handles the routing. > > > > > > We are replacing the T1 lines with fiber. The company leasing us the > > > fiber > > > is handing off an ethernet port at each site (all layer 2). > > > > > > My question is... Our current WAN setup with the T1s looks like this: > > > > > > Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > > > Site > > > (172.21.x.x) > > > > > > The WAN link itself is on it's own network. > > > > > > When setting up the Fiber, because layer 2, I do NOT have to have a > > > seperate network for that WAN link anymore. I can set it up like: > > > Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > > > (172.21.x.x) > > > > > > The downside with this is, broadcasts would still travel over the Fiber > > > link since the WAN link is not on a seperate network. It does however, > > > simplify things for me a bit. > > > > > > The question is, which of the two methods would you use? Putting the > > > Fiber WAN link on it's own network or, not? > > > > > > One other question. Since my HP switches at the main/remote sites are > > > able > > > to do IP Routing, would you also remove the routers (which are needed > > > with > > > the current T1 WAN links) completly from the enviroment and do all > > > routing > > > at the switch level? I'm leaning towards doing this and ditching the > > > routers. > > > > > > Thanks. > > > J > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
