Skip to content
Tag: FWSM
Core layer
- Cisco 6509.
- Static routing used to ISP ( or basic BGP ).
- FWSM or ACE module used as initial filter.
- Static route down to VIP of aggregation layer FHRP.
Aggregation Layer
- Cisco 6506 ( MSFC ).
- Traffic received from core routed to CSM
- CSM load balances to VLANs at the access layer
- Simple Design allows inter-vlan routering ( web, app, db )
- Inter-vlan routing without a FWSM can lead to access from the VLANs.
Access Layer
- Cisco 6509
- Servers typically devided into web, app, and database VLANS.
- Server gateways set to CSM, FWSM, or VIP of the FHRP on L3.
- Firewall restrictions between layers common.
A design that must stay up
- Public face of an organization
- The place where downtime is incredibily harmful
- The place where budgets are approved\
Ultra Redundant, Ultra secure Firewall Design
- Only Method through layers is via servers
- Option of using different firewall vendors at different layers
- Supports virtual firewall using FWSM (Firewall Services Module) or ACE (Application controle engine) module
(more…)
Core
- Not all datacenter designs needs a core layer
- Access to aggregation, aggregation to core : 10 or 40GBps
- CEF load balancing tuning (L3 + L4)
- Core should run L3 only, Aggregation acts as L3/L2 boundry to access
- Core runs OSPF / EIGRP with aggregation
Aggregration
(more…)