Tag: FWSM

E-Commerce Implementation

Core layer

  • Cisco 6509.
  • Static routing used to ISP ( or basic BGP ).
  • FWSM or ACE module used as initial filter.
  • Static route down to VIP of aggregation layer FHRP.

Aggregation Layer

  • Cisco 6506 ( MSFC ).
  • Traffic received from core routed to CSM
  • CSM load balances to VLANs at the access layer
  • Simple Design allows inter-vlan routering ( web, app, db )
    • Inter-vlan routing without a FWSM can lead to access from the VLANs.

Access Layer

  • Cisco 6509
  • Servers typically devided into web, app, and database VLANS.
  • Server gateways set to CSM, FWSM, or VIP of the FHRP on L3.
  • Firewall restrictions between layers common.

E-Commerce

A design that must stay up

  • Public face of an organization
  • The place where downtime is incredibily harmful
  • The place where budgets are approved\

Ultra Redundant, Ultra secure Firewall Design

  • Only Method through layers is via servers
  • Option of using different firewall vendors at different layers
  • Supports virtual firewall using FWSM (Firewall Services Module) or ACE (Application controle engine) module

(more…)

Datacenter Design I (Core, Aggregation, Access Designs)

Core

  • Not all datacenter designs needs a core layer
  • Access to aggregation, aggregation to core : 10 or 40GBps
  • CEF load balancing tuning (L3 + L4)
  • Core should run L3 only, Aggregation acts as L3/L2 boundry to access
  • Core runs OSPF / EIGRP with aggregation

Aggregration

(more…)