What benefits would I get by having a L3 switch (MS250) for this setup?

Solved
hinewwiner
Here to help

What benefits would I get by having a L3 switch (MS250) for this setup?

Forgive me if this question is horribly misguided. I'm primarily a developer, but my company has asked me to work on setting up a new datacenter (we never had one before and currently use consumer grade ethernet router for internet use.  We would like to start building our own data center to host Active Directory server and ERP systems. ).  (I do have at least a basic understanding of networking).

 

 Attached is my current proposed set-up. As you can see we have many (20) remote locations who will VPN to our datacenter's MX100 over internet.  

 

My questions is... I currently have MS250 (L3 switch) planned in the datacenter.  I want to use VLAN to separate our server networks from other devices and setup QoS for VOIP devices but I believe VLAN is also supported on MS225 (L2 switch).  Also many of our users will be remote and VPN to MX100; I am not sure what kinds of benefit I would get from having MS250 in the data center.

 

What kinds of benefit would I get by using this MS250 L3 switch in my setup?

 

Thank you!Network.jpg

 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Typically I use layer 3 switches when I want high speed routing between VLANs. For example, say you have a backup server in one vlan, and a file server in another.  With a layer 3 switch these big data flows will be moved at "wire rate",  If you routed that same traffic through and MX100 it would probably top out at 750 Mb/s - and I would have chewed out a lot of the MX's capacity that would otherwise have been available for processing user traffic.

 

Having said that, in a data centre environment I would be more inclined to use the MS250 - because it can take a redundant power supply.  I would also consider putting in two switches (each with redundant power supplies), and making the second switch a warm spare, and dual connecting everything to both switches.  Info about setting up a warm spare switch is here:

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Warm_Spare_(VRRP)_Overview

 

If you stick with the MS225, because it can do everything you need, I would recommend you consider using two of them for redundancy.  They don't support warm spare, but if you are only using them for layer 2 functionality it does not matter.

 

Using either MS250 or MS225 you have the option of hardware stacking them - personally I would not.  When you upgrade a stack of switches they all reboot at the same time - causing an outage.  When the switches are not stacked you can upgrade one switch at a time, and as long as everything is dual connected, they were will be no outage.

 

You can connect a pair of MS225s or MS250's together using their 10Gb/s ports .  I would get a pair of copper 10Gb/s cables (like MA-CBL-TA-1M).   When connecting core switches together - dual connect them.

 

Also I would get a pair of MX100's, and make the second MX100 a warm spare.  When you do this you only have to buy the extra MX100 hardware.  The spare MX100 does not need a licence.  So the cost to go to a warm spare configuration is not as bad.  You can read about warm spares here:

https://documentation.meraki.com/MX-Z/Other_Topics/Warm_Spare

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

Typically I use layer 3 switches when I want high speed routing between VLANs. For example, say you have a backup server in one vlan, and a file server in another.  With a layer 3 switch these big data flows will be moved at "wire rate",  If you routed that same traffic through and MX100 it would probably top out at 750 Mb/s - and I would have chewed out a lot of the MX's capacity that would otherwise have been available for processing user traffic.

 

Having said that, in a data centre environment I would be more inclined to use the MS250 - because it can take a redundant power supply.  I would also consider putting in two switches (each with redundant power supplies), and making the second switch a warm spare, and dual connecting everything to both switches.  Info about setting up a warm spare switch is here:

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Warm_Spare_(VRRP)_Overview

 

If you stick with the MS225, because it can do everything you need, I would recommend you consider using two of them for redundancy.  They don't support warm spare, but if you are only using them for layer 2 functionality it does not matter.

 

Using either MS250 or MS225 you have the option of hardware stacking them - personally I would not.  When you upgrade a stack of switches they all reboot at the same time - causing an outage.  When the switches are not stacked you can upgrade one switch at a time, and as long as everything is dual connected, they were will be no outage.

 

You can connect a pair of MS225s or MS250's together using their 10Gb/s ports .  I would get a pair of copper 10Gb/s cables (like MA-CBL-TA-1M).   When connecting core switches together - dual connect them.

 

Also I would get a pair of MX100's, and make the second MX100 a warm spare.  When you do this you only have to buy the extra MX100 hardware.  The spare MX100 does not need a licence.  So the cost to go to a warm spare configuration is not as bad.  You can read about warm spares here:

https://documentation.meraki.com/MX-Z/Other_Topics/Warm_Spare

hinewwiner
Here to help

Thanks for the reply.

 

Does warm spare MS switch require license too? or can I just have the HW like MX routers?

 

Also when a video voip call is made between the two devices in branch A, does the traffic go thru the router in the data center? I thought it is handled direct pear to pear.

 

Thank you very much

PhilipDAth
Kind of a big deal
Kind of a big deal

A warm spare switch does require a licence, but switch licences are not as expensive as MX advanced security licences - by comparison.

 

I don't know the call flow for your system - but it is common that the audio traffic only go directly between the end points.Mer

hinewwiner
Here to help

Ok thanks for the help. You are the best!

 

One last thing...  if the traffic was for a computer file sharing between two computers in branch A (like windows file share); does the traffic travels to the MX100 router located in the Datacenter? 

 

Thank you!

PhilipDAth
Kind of a big deal
Kind of a big deal

Negative.  Traffic for hosts in the same subnet (or VLAN) remains in that subnet. It does not go via the DC.

 

 

It would be great if you could give me a few Kudos  if you think I have helped.

hinewwiner
Here to help

Thank you for all your help!! 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels