[afnog] Kindly recommend best step to take.

Ikemefuna Odiachi. i.odiachi at ixp.net.ng
Thu Apr 17 17:30:09 UTC 2014 

Thank for you technical advice,
The three vendors needs to drop a line each.. at the HQ.. the WAN in not a private network.
The question here is can we use cyberoam utm to act as a router where the three vendors, we and all the 340 branches can interconnect.
Thanks

Warm regards,
Odiachi I.

On 17 Apr 2014, at 14:16, Phil Regnauld <regnauld at nsrc.org> wrote:

> Ikemefuna Odiachi. (i.odiachi) writes:
>> 
>> Requirement:
>> All 3 Vendors will drop 1x E1 modem and 1x router as CPE at the HQ DC
>> I need to integrate the 3 WAN links so that the entire WAN is centrally managed/provisioned from a single core network device
> 
>    Hi Odiachi,
> 
>    You mean: each vendor will terminate a link to your premises, to aggregate
>    their "share" of the 340 locations ? Or will they each bring a router ?
> 
>    How will each of the 340 locations be presented to you ? VLAN ? other ?
>    Or will you have to point statics down to each vendor's WAN aggregation
>    point ? Or will you see each of the IP of the remote location's router ?
>    (will this be L3, or L2, basically).
> 
>> My asks:
>> 1. Which network device would you recommend to do this (aggregation router, multi-layer switch)?
> 
>    How much inter-site trafic do you expect ? Or will it all be mostly to
>    and from Internet and core services/servers ?
> 
>    Cisco ASR comes to mind, or even a beefy Linux/UNIX box, depending on
>    the throughput.
> 
>> 2. If this is unavailable, do you agree that we can use a Cyberoam UTM (CR2500iNG-XP) to perform this aggregation? (We are looking to do this with a default route set up from each of the 3 WAN routers to the Cyberoam)
> 
>    I would definitely leave the security part upstream, and not mix those two
>    layers. To be honest, I don't know the Cyberoam, but I would keep routing
>    and firewall separate, to make things easier to debug. There may be
>    restrictions in throughput via licensing or simply filtering/inspection
>    performance.
> 
>    Cheers,
>    Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20140417/cd4a9641/attachment.html>

More information about the afnog mailing list