What would YOUR layout be for a 200 node LAN with T3 sharing?

[Quad]

this is theoretical. but if you were given the task to network 200 computers all sharing T3 access, where cost isn't a really big issue (but we don't want to go overboard on the spending), what would your layout be? where would you place your routers/switches/servers ?

 

[spidey07]

All one closet?

cisco 6500 with one gig blade and 5 48 port blades, FlexWAN module with T3 port adapter. dual power. Servers gig attached to gigE ports.

done, super clean.

 

[Quad]

bump

 

[spidey07]

guess the real question is how much do you wanna spend and how much performance/features are you looking for?

you're gonna spend a fair amount just getting something to terminate that T3.

 

[Garion]

The 6509 is good, but it's pretty limited - No firewall security (could use the IOS firewall, but.. Eww...) and everyone has to be in a single wiring closet. Plus it's very pricey - That setup would run you about $120,000+.

With 200 computers you are pushing the limit of a flat network without any internal routing. By the time you add in servers, printes, etc. you're starting to push the 250 count and that's where you usually want to start breaking it down. Optimally, you'd want to split it into a couple of subnets and use layer 3 switching (routing within a switch at switching speeds).

I'd consider a Cisco 4000-series switch with a layer3 card and some gigabit and 10/100 ports for your "core" switch. Connect all your users to Cisco 3548XL switches and connect each of them to the 4000 via gigabit. You'd need about 5 3548's. Total price would be about $50K. If you could get away with a flat network with no routing you could use a 3508G instead of the 4000 and you'd end up paying about $35K but would have much less flexibility and room for growth.

Are all your users going into a single wiring closet or are they split around the building(s)? If they are split, you couldn't use a single switch as Spidey suggested, you'd have to go with a core switch and smaller distribution switches.

What is this T3 used for? Does it connect to a WAN to go back to the corporate office? Does it go to the Internet? If it's a WAN, just throw a 3600 with a HSSI card and an external CSU (Or a 7204 with the embedded T3 CSU card) and connect it to your switch.

If you're goin to the Internet you'll need a firewall. For a T3 you need something pretty beefy - Probably best bet is for one of the new Nokia firewall appliances. Pretty hot, very secure, very high performance and easy to manage.

- G

 

[spidey07]

Also...3508 now has a L3 engine. pretty cost effective. Cisco seems to be really pushing the 3500 line and laying off the 4000 line. I had a long talk with the switching product manager about this. Personally I'm stayin away from the 4000s now after I talked to him.

IOS firewall!!???? ewwwwww. :disgust:

 

[ScottMac]

Extreme Black Diamond(s)in the core, Alpines in the distribution, Summits at the access. Probably a Cisco router for the WAN interface, but maybe I'd be looking at a Juniper M5, maybe an M20, depending on the projected growth pattern of the WAN-side of the business.

If there's several buildings on the campus that need high-speed interconnect, Extreme has a DWM blade to trunk bunches of Gig across one pair of single mode, and depending on the contract for the DS3, they have Packet-Over-SONET blades (I think they can do OC48)that would probably be better for connecting several campuses...depending on their locations...and maybe the ISP can deliver service with POS.

Within the scope of price and performance, Extreme kills Cisco every time. Cisco's OK, I like 'em, but performance is not the reason to buy Cisco...Price, well, Cisco won't win many contests for price either. You pretty much buy Cisco because you want the company support (which is a great argument), just like when people bought IBM because "Noone ever got fired for buying IBM (company support).
Cisco is certainly a leader in the support arena.

JM.02 / FWIW

Scott

 

[Garion]

L3 3508? That's pretty cool. Must be "inside information", however, as I don't see it anywhere on the website or in any of their pricing docs.

I hadn't heard the bad news about the 4000-series - My company might be buying a LOT of them and if they are getting phased out.. Well.. Might want to reconsider.

- G

 

[loosbrew]

dude...i toootally cant wait to be able to understand anything you guys just said!

/me bows down...."I'm not worthy, I'm not worthy!"

loosbrew

 

[Moonark]

OK, here is a question....why use multiple subnets? I do a lot with networking, and I hear a lot of people say to use multiple subnets, but why?

 

[Garion]

There's a lot of theories on how to subnet networks. I'm a fan of the "keep the subnets small to provide room for growth". Your network is ALWAYS going to expand with new apps and services (Unless you're at a .com that's going downhill!) and I like to leave room overhead.

Troubleshooting often easier with subnets - "Oh, that IP is a workstation on the 4th floor!" instead of having to hunt for it, looking through CAM tables and MAC addresses.

The "traditional" break for subnetting is to limit the size of your network to a single class C address space - 254 nodes. These nodes will be in a single broadcast domain, so when one machine sends a broadcast (such as an ARP) all will get it. That's not a really big deal with 100BaseT, but in the days of Arcnet it could get nasty.

With 200 users you should assume at least 10 printers, 10 network devices, 5 servers, 5 people with at least two PC's etc. That gives you a total of 230 IP's used. If you've used a standard class C subnet mask (255.255.255.0) you'd only have expansion room of 25 IP's. Definitely not enough.

You can either subnet this into two (or more) networks or you can use supernetting - a mask like 255.255.252.0 gives you 1000 addresses on one network. That's too big (IMHO) and very confusing for non-IP savvy people. "My IP address is 192.168.6.22 and my default gateway is 192.168.4.1???"

There's two ways to break up a network - Physically or logically. For example, if you have three floors you could use four subnets - One for the users on each floor then a fourth for all the servers, routers, etc. You could also make subnets for PC's, a subnet for Unix workstations, a subnet for servers, etc. More of a logical structure than physical.

NOT subnetting is easier, certainly. Everyone plugs into the same network and has all the same settings - You don't have to worry about VLAN assignments in the switches to put the port on the right subnet.

If you already have routing functionality (Layer3) in your switch and you're using private IP addresses there's really no reason NOT to subnet out. You're not losing any performance and it doesn't cost you anything. If you do it right you'll never run out of IP's and gives your company a lot more flexibility in how they run their business.

- G

 

[chaotic]

Subnetting allows you to group your nodes into groups. You may want to separate accounting from support, management from grunt, etc. It also keeps collisions at the switch to a minimum, because less nodes per subnet means less collisions.

 

[chaotic]

Garion> Beat me to the punch

And much better said...

 

[Moonark]

thanks....that helped

 

[Garion]

One other thing - Now I get to give Spidey a hard time. The 3508 doesn't have Layer3 capabilities - He was thinking of the 3550-12T which is a gigabit over copper - The 3500's are gigabit over fiber and have no L3 capabilities.

- G

 

[spidey07]

Main purpose nowadays to subnet in a LAN is manageability, scale and broadcast reduction.

better management with some kind of logical IP address plan (I like one per floor)
Scale - with the use of private addressing, setup no more than 50% used on day one...keep on growin
Broadcast - broadcasts are still a big problem, especially in switched networks. General design rules call for 300-400 nodes in a IP only network (microsoft not included..limit to less than 200 if you use windows).

The choice of whether you want to do layer3 switching would be a tough one. You are right on the breaking point of where I would insist on it.

<edit> I'm still going to defend my single chassis suggestion. higher performance (not that you'd ever fill a gig pipe anyway) and easier troubleshooting. No spanning tree to worry about either.

 

[Xanathar]

Please break this down into the following: Servers accessable to internet, Internal servers, Users, Power Users (Big transfers to server or other clients).

 

[xyyz]

do your own case study!!!! ;p