|
Home > Archive > Voice over IP Cisco > November 2005 > Network Change Recommendations
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Network Change Recommendations
|
|
| TechGuy 2005-11-23, 8:45 pm |
| We have some engineers in helping with a new callmanager and IPCC
implementation at a secondary company of ours.
They have made some recommendations on some network changes and I wanted to
ask others about the changes and what you think would be the pro's and con's
of doing so and why do you think they are suggesting these changes.
1. Move the inter-VLAN routing to the switches. (This office has a maxed
out 3845 acting as the core router and voice gateway, it currently does all
routing)
2. Seperate VLANs for servers, pc's, callmanagers, phones (Currently we
have one vlan for servers and pc's, and one VLAN for callmanagers and
phones)
3. Remove class B addressing and utilize Class C addressing (The internal
network was originally configured with Class B addressing throughout)
Thats the bigger changes that I really just want to understand the various
pro's for why they would recommend them. They make sense and I don't
question that these are not best practices but I want to really understand
why the changes to sell it to management. Their philosophy is "if its not
broke dont fix it" and feel that the network has been working fine so why
all the changes.
Thanks for your time!
| |
| Voll, Scott 2005-11-24, 2:45 am |
| 1. if your router is "Max out" why not route the vlan's at a layer 3 switch. your going to have better through put anyway. If your simply routing vlan's this can be done at wire speed in hardware with a switch. let a router interface your PSTN and bigger routing protocols ie. BGP
2. Seperating out into more vlan's gives you more options to secure and protect. Good Idea.
3. Less host per subnet equals less arp and better performance.
They are telling you right.
So tell management your doing it for Better performance, Security, and reliablity. That makes my management buy off ;-)
Scott
________________________________
From: cisco-voip-bounces@puck.nether.net on behalf of TechGuy
Sent: Wed 11/23/2005 4:04 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Network Change Recommendations
We have some engineers in helping with a new callmanager and IPCC implementation at a secondary company of ours.
They have made some recommendations on some network changes and I wanted to ask others about the changes and what you think would be the pro's and con's of doing so and why do you think they are suggesting these changes.
1. Move the inter-VLAN routing to the switches. (This office has a maxed out 3845 acting as the core router and voice gateway, it currently does all routing)
2. Seperate VLANs for servers, pc's, callmanagers, phones (Currently we have one vlan for servers and pc's, and one VLAN for callmanagers and phones)
3. Remove class B addressing and utilize Class C addressing (The internal network was originally configured with Class B addressing throughout)
Thats the bigger changes that I really just want to understand the various pro's for why they would recommend them. They make sense and I don't question that these are not best practices but I want to really understand why the changes to sell it to management. Their philosophy is "if its not broke dont fix it" and feel that the network has been working fine so why all the changes.
Thanks for your time!
| |
| Kazmi, Zeeshan 2005-11-24, 7:45 am |
| Without knowing the number of users/servers involved, I can comment
generally. They are suggesting what I believe are best practices.
1. If you have capabilities on the switches to do intervlan routing, it
is best to configure them that way. Likely if you have dual core
switches, you should set-up HSRP. If not, you can still configure HSRP
with the 3845 as standby, however you should look at "sh process cpu" to
ensure that your current routing process is not eating up more than 75%.
Consider EIGRP on the whole network if you are not running it already.
Business benefit: Faster routing, better redundancy, less
susceptibility to storm based DoS, more capability to do
broadcast-control.
2. This is the ONLY setup that will provide you with clear delineation
between the naturally "different" roles of these devices and therefore
the capability to put ACLs or VACLs (which you should put) that disallow
access to all voip services from user data subnets to voice subnets
except for only the needed ports. Users and in some cases servers
should not access voice vlan to manage or perform normal windows based
transactions to VoIP servers. This should be VERY selective, only
serving the validated needs, for example Port 80 for CCM user and Admin,
port 80 for any internet app access to a proxy, etc. You will also
prevent a broadcast issue or DoS in data VLANs in affecting the voice
vlans. Voice to voice vlan communications should not be restricted as
they are trusted devices to each other. Business benefits: Better
security and robustness for voice applications, more admission control
base don business needs.
3. Where possible it's advised to reduce the arp broadcast domain, i.e.
use smaller chunks of IP addressing. Easiest way to accomplish is
divide floors or sections of floors into chunks of Class C. In almost
all general cases, users should all be trying to access the server vlan
and voice vlan anyway, not each other. That routing load is there
already once those vlans are separated out, however setting the L2/L3
architecture this way segments the network for better performance as all
PCs do not have to process large amounts of broadcast arps, and also
allow better identification of where data is coming from or problem
might be.
There is good reference in cisco CCIE fundamentals for network design
and case studies if you can find it on the web or at a book store.
Hope this helps.
________________________________
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of TechGuy
Sent: Wednesday, November 23, 2005 7:04 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Network Change Recommendations
We have some engineers in helping with a new callmanager and IPCC
implementation at a secondary company of ours.
They have made some recommendations on some network changes and I wanted
to ask others about the changes and what you think would be the pro's
and con's of doing so and why do you think they are suggesting these
changes.
1. Move the inter-VLAN routing to the switches. (This office has a
maxed out 3845 acting as the core router and voice gateway, it currently
does all routing)
2. Seperate VLANs for servers, pc's, callmanagers, phones (Currently
we have one vlan for servers and pc's, and one VLAN for callmanagers and
phones)
3. Remove class B addressing and utilize Class C addressing (The
internal network was originally configured with Class B addressing
throughout)
Thats the bigger changes that I really just want to understand the
various pro's for why they would recommend them. They make sense and I
don't question that these are not best practices but I want to really
understand why the changes to sell it to management. Their philosophy
is "if its not broke dont fix it" and feel that the network has been
working fine so why all the changes.
Thanks for your time!
| |
| Tim Fletcher 2005-11-24, 5:47 pm |
| My $.02 below.
TechGuy wrote:
> We have some engineers in helping with a new callmanager and IPCC
> implementation at a secondary company of ours.
>
> They have made some recommendations on some network changes and I
> wanted to ask others about the changes and what you think would be the
> pro's and con's of doing so and why do you think they are suggesting
> these changes.
>
> 1. Move the inter-VLAN routing to the switches. (This office has a
> maxed out 3845 acting as the core router and voice gateway, it
> currently does all routing)
This is fairly simple to do, and there is no real down side. I would
absolutely do this.
>
> 2. Seperate VLANs for servers, pc's, callmanagers, phones (Currently
> we have one vlan for servers and pc's, and one VLAN for callmanagers
> and phones)
If I'm understanding this correctly, you currently have 2 VLANs, one for
voice and one for data, and they are recommending 4 VLANs. On most small
to mid sized networks, I would recommend keeping the phones and CMs in
the same VLAN. So the question becomes, should you put the servers and
desktops in separate VLANs? And the answer is, it depends on the size of
the network and what administrative or security controls you want. In
most small to mid sized networks I don't really see much advantage to
splitting them up. Also keep in mind, splitting the servers and desktops
to separate VLANs will require re-addressing (more on that below).
>
> 3. Remove class B addressing and utilize Class C addressing (The
> internal network was originally configured with Class B addressing
> throughout)
Are they talking about splitting up the network, or just re-addressing.
If they are just talking about re-addressing, I would recommend against
it. Re-addressing can be difficult and risky, and should probably not be
done without a good reason. If they are talking about splitting up the
network, that may or may not be a good idea. There are two reasons to
split up a network. The 1st is for administrative or security controls,
which doesn't sound like an issue here. The 2nd is to reduce the amount
of broadcast traffic (ARP, etc.). Do you know how much broadcast traffic
you have on your network now? Unless there is a problem here, I would
have to agree with your management on this one.
>
> Thats the bigger changes that I really just want to understand the
> various pro's for why they would recommend them. They make sense and
> I don't question that these are not best practices but I want to
> really understand why the changes to sell it to management. Their
> philosophy is "if its not broke dont fix it" and feel that the network
> has been working fine so why all the changes.
>
> Thanks for your time!
> ------------------------------------------------------------------------
>
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
| |
| TechGuy 2005-11-28, 5:54 pm |
| I seemed to have incorrectly stated something when I said the router was
"maxed out", is what I was referring to was that this brand new 3845 was
fully loaded and maxed out with ram and so on. Not maxed out as in over
worked. :-) Poor choice of words.
I appreciate all the information everyone has shared with me on this. It
has really helped me to put together some information to better understand
it all myself and to explain it to others who will make the decisions.
|
|
|
|
|