Ethernet Extension Service
Well now.
Firstly, I didn't know where to post this. This really is a design question I am asking, and I am just looking for some opinions on where to go.
Here's the scenario. We have recently opened a new warehouse (and closed several others) and at the moment it is running on a cheapy ADSL2+ LLU, IPSec VPN. It works, but is nothing special and we have numerous issues with it (It was always going to be a temporary solution until we sorted out something better)
Anyway, turns out we can have BT's EES (Ethernet Extension Service) because our two sites are close enough (although attached to two different exchanges) to have this service installed. The service is basically what they call one of their SHDS (Short Haul Data Services) and they basically run a fibre between both sites (via exchanges) and we get presented with an Ethernet drop at each site - 100Mbit!
So, with this fantastic prospect of a 100Mbit link between our sites, it leads me to ask the following: -
A. Even though we have an 100Mb ethernet - is it worth splitting up the two sites with a VLAN? We run two VLAN's as it is (one each for voice/data)
The reason I ask this is because we effectively still have two physical sites, despite the LAN type connection between them - what if the connection were to fail?
I would guess I'd still have to rely on our IPSec connection - With VLAN's I would have thought the ability to use HSRP/VRRP/GLBP would become possible?
Any thoughts?
Firstly, I didn't know where to post this. This really is a design question I am asking, and I am just looking for some opinions on where to go.
Here's the scenario. We have recently opened a new warehouse (and closed several others) and at the moment it is running on a cheapy ADSL2+ LLU, IPSec VPN. It works, but is nothing special and we have numerous issues with it (It was always going to be a temporary solution until we sorted out something better)
Anyway, turns out we can have BT's EES (Ethernet Extension Service) because our two sites are close enough (although attached to two different exchanges) to have this service installed. The service is basically what they call one of their SHDS (Short Haul Data Services) and they basically run a fibre between both sites (via exchanges) and we get presented with an Ethernet drop at each site - 100Mbit!
So, with this fantastic prospect of a 100Mbit link between our sites, it leads me to ask the following: -
A. Even though we have an 100Mb ethernet - is it worth splitting up the two sites with a VLAN? We run two VLAN's as it is (one each for voice/data)
The reason I ask this is because we effectively still have two physical sites, despite the LAN type connection between them - what if the connection were to fail?
I would guess I'd still have to rely on our IPSec connection - With VLAN's I would have thought the ability to use HSRP/VRRP/GLBP would become possible?
Any thoughts?
Comments
-
mikem2te Member Posts: 407Well now.
Firstly, I didn't know where to post this. This really is a design question I am asking, and I am just looking for some opinions on where to go.
Here's the scenario. We have recently opened a new warehouse (and closed several others) and at the moment it is running on a cheapy ADSL2+ LLU, IPSec VPN. It works, but is nothing special and we have numerous issues with it (It was always going to be a temporary solution until we sorted out something better)
Anyway, turns out we can have BT's EES (Ethernet Extension Service) because our two sites are close enough (although attached to two different exchanges) to have this service installed. The service is basically what they call one of their SHDS (Short Haul Data Services) and they basically run a fibre between both sites (via exchanges) and we get presented with an Ethernet drop at each site - 100Mbit!
So, with this fantastic prospect of a 100Mbit link between our sites, it leads me to ask the following: -
A. Even though we have an 100Mb ethernet - is it worth splitting up the two sites with a VLAN? We run two VLAN's as it is (one each for voice/data)
The reason I ask this is because we effectively still have two physical sites, despite the LAN type connection between them - what if the connection were to fail?
I would guess I'd still have to rely on our IPSec connection - With VLAN's I would have thought the ability to use HSRP/VRRP/GLBP would become possible?
Any thoughts?
Anyway, the last place I worked (a famous Welsh Brewery - you might just have heard of them if you like rugby) we used a LES/EES to link head office to a distribution depot and used a single vlan for both sites and the comms (data and voice) between the two sites.
What we found is we had no protection against broadcast issues. Although both sites run a gig backbone and the LES was 100mb, broadcasts would take it's toll and reduce the capacity on the LES.
In an ideal world we would have installed a layer 3 switch in each site and allocated three subnets treating it as a routed network, one each for the two sites and a third between the two switches over the LES. Additionally we would have probably run eigrp over the LES and the backup line we had between the two sites to take advantage of it's enqual load balancing.
Sadly the money men said no!!Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route -
gorebrush Member Posts: 2,743 ■■■■■■■□□□Ah yes, I know the brewery!
Your ideal situation is what I had in mind; i.e.
2 VLAN's at each site (1 for voice, 1 for data)
1 VLAN between the two sites (/30 subnet as routed ports)
The beauty is that I happen to have Cisco 3550's at both ends (I would have preferred 2950's at the remote site, but our reliance on PoE means it is just easier to slot 3550's in, and I happen to have them spare (because we consolidate our other sites)
What I hope to achieve long term then is using the IPSec as a backup, should the EES ever fail. Also, I get 5MB internet access at the remote site and only 3MB locally... would be nice to exploit that now and again... /grin -
DevilWAH Member Posts: 2,997 ■■■■■■■■□□I would say with out doubt separate the sites in to Layer 3 Domains.
If you say have two 3550's (one at each site)
you could set up HSRP (or equlivent) and have the local switch as the primary/Active router for the local VLANS. In the even that a WAN link fail it redirects traffic over the link to the second WAN connection.
Of course with GLBP you can load balance the WAN links as well.
Of course though if the layer 3 switch at one site fails then the ethernet link will go down (unless you have mutiply links) so HSRP is not going to help here. For this resason HSRP is actual going to be quite limited in its usefulness (it is really for whn you have two redundent links to two separate routers that are acting as the DFGW). It would be better to look at a routing protocal (such as EIGRP) to offer you load balancing and to take care of your WAN link redunddence- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
networker050184 Mod Posts: 11,962 ModI'd go routed with SVIs if you need some L2 connectivity. If not, I'd go with dot1q sub ints to route incase you need another logical connection in the future.An expert is a man who has made all the mistakes which can be made.