Educause Security Discussion mailing list archives
Re: Data Center Design - Are discrete routers needed?
From: David Gillett <gillettdavid () FHDA EDU>
Date: Fri, 29 Apr 2011 09:09:02 -0700
We're revising our architecture as part of updating our network equipment. One of the problems to be solved is how to route "interesting" traffic so it will be filtered by a central firewall; this challenge evaporates if the core router IS the firewall.... David Gillett CISSP CCNP _____ From: Flynn, Gary - flynngn [mailto:flynngn () JMU EDU] Sent: Friday, April 29, 2011 09:03 To: SECURITY () listserv educause edu Subject: [SECURITY] Data Center Design - Are discrete routers needed? Hi, We're contemplating new architectures for our data centers. One of our discussions involved whether it is necessary to have both distribution routers and firewalls inside the data center. My contention is that firewalls can handle any internal data center distribution needs as any layer 3 routing or vlan support needs are a subset of firewall functionality and easily handled by them. Additionally, the firewalls are going to be present in either architecture and be inline with any traffic so their performance and reliability capabilities have to be on par with other inline devices anyway. Simply bring the traffic to the data center and terminate it in either a simple router with one leg to the firewall infrastructure or into the firewall infrastructure itself. This, to me, decreases unnecessary complexity and cost. The other side of the argument says: * firewalls won't be able to handle the aggregate performance needs * best of breed devices designed specifically for routing should be used rather than firewalls * having two sets of devices will be more reliable as it will provide more configuration and downtime response options * routers will have more features and capabilities to support redundant, high availability paths between multiple data centers. We're also trying to decide where firewall blades installed in routers fit in the schemes. Any opinions? ;) If you don't want to respond publicly, all non-list responses will be kept confidential and will be shared only within the small IT group evaluating options. I'll also anonymize the response before sharing internally if you desire. If enough off-list responses are received, I'll anonymize the responses and re-post a summary unless asked not to. Thanks in advance for any opinions or experiences. -- Gary Flynn Security Engineer James Madison University
Current thread:
- Data Center Design - Are discrete routers needed? Flynn, Gary - flynngn (Apr 29)
- Re: Data Center Design - Are discrete routers needed? David Gillett (Apr 29)
- Re: Data Center Design - Are discrete routers needed? Valdis Kletnieks (Apr 29)
- Re: Data Center Design - Are discrete routers needed? Everett, Alex D (Apr 29)
- Re: Data Center Design - Are discrete routers needed? Hahues, Sven (Apr 29)