[afnog] Kindly recommend best step to take.

Kweku Folson kweguf at gmail.com
Thu Apr 17 17:48:43 UTC 2014


Hi Ike,
To answer your question...Technically,yes, you can use the Cyberoam to route between the 3 vendors. I have experience with Cyberoam although not in the core but as an Internet Edge device. It performed marvelously well as a security/routing device at the edge although I believe that having a device such as this sitting at the WAN aggregation might not give you the full opportunity to "milk" it's wonderful UTM features. As Phil suggested a Cisco/Juniper will serve the WAN aggregation well, but I sense you already have the Cyberoam in house awaiting deployment? If that is the scenario you can go ahead. It is a workable solution and should be able to handle the traffic from the vendor WAN routers for your 300+ remote sites. My $0.02

Regards,

Kweku

> On Apr 17, 2014, at 5:30 PM, "Ikemefuna Odiachi." <i.odiachi at ixp.net.ng> wrote:
> 
> Thank for you technical advice,
> The three vendors needs to drop a line each.. at the HQ.. the WAN in not a private network.
> The question here is can we use cyberoam utm to act as a router where the three vendors, we and all the 340 branches can interconnect.
> Thanks
> 
> Warm regards,
> Odiachi I.
> 
>> On 17 Apr 2014, at 14:16, Phil Regnauld <regnauld at nsrc.org> wrote:
>> 
>> Ikemefuna Odiachi. (i.odiachi) writes:
>>> 
>>> Requirement:
>>> All 3 Vendors will drop 1x E1 modem and 1x router as CPE at the HQ DC
>>> I need to integrate the 3 WAN links so that the entire WAN is centrally managed/provisioned from a single core network device
>> 
>>    Hi Odiachi,
>> 
>>    You mean: each vendor will terminate a link to your premises, to aggregate
>>    their "share" of the 340 locations ? Or will they each bring a router ?
>> 
>>    How will each of the 340 locations be presented to you ? VLAN ? other ?
>>    Or will you have to point statics down to each vendor's WAN aggregation
>>    point ? Or will you see each of the IP of the remote location's router ?
>>    (will this be L3, or L2, basically).
>> 
>>> My asks:
>>> 1. Which network device would you recommend to do this (aggregation router, multi-layer switch)?
>> 
>>    How much inter-site trafic do you expect ? Or will it all be mostly to
>>    and from Internet and core services/servers ?
>> 
>>    Cisco ASR comes to mind, or even a beefy Linux/UNIX box, depending on
>>    the throughput.
>> 
>>> 2. If this is unavailable, do you agree that we can use a Cyberoam UTM (CR2500iNG-XP) to perform this aggregation? (We are looking to do this with a default route set up from each of the 3 WAN routers to the Cyberoam)
>> 
>>    I would definitely leave the security part upstream, and not mix those two
>>    layers. To be honest, I don't know the Cyberoam, but I would keep routing
>>    and firewall separate, to make things easier to debug. There may be
>>    restrictions in throughput via licensing or simply filtering/inspection
>>    performance.
>> 
>>    Cheers,
>>    Phil
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20140417/b08fb44a/attachment.html>


More information about the afnog mailing list