Dan Brisson wrote the following on 2/12/2014 9:06 PM:
My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion.
I think at the Internet edge, physical separation trumps logical unless you have no other choice. Personally, I would keep them separate.
My .02,
-dan
A point to consider: Layer 3 infrastructure and the services that run on L3 devices (ssh, ntp, routing protocols, packet classification, monitoring, shaping, etc) have a much higher surface area for attack and bugs. They therefore (theoretically) require more frequent updates and encounter more problems. Do you want to disrupt your layer 2 infrastructure every time you update your L3 infrastructure? Do you want to expose your L2 infrastructure to the potential bugs in L3 and above code? Separate physical devices can create a more available network. Counter point: A router in front of a router adds an additional point of failure. If you're not gaining anything (features, redundancy, etc) by its introduction you're just wasting money and hurting your (potential) availability. If you provide a lot of L2 only services, or have a substantial amount of traffic that never leaves L2, I would recommend dividing your network by OSI layer. This allows you to easily have different update, security, warranty, etc policies for the different services your network provides. If you are an ISP offering L3 only services or all traffic on your network hits L3, then a failure of any one layer will disrupt all communication; In this case, you may save time/money and increase availability by combining L2 and L3+ functions. --Blake