Dan Brisson wrote the following on 2/12/2014 9:06 PM:
My Cisco SE brought up an interesting alternative. This summer we're
replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts.
It is where all our internal Fiber terminates and where internal
routing happens. He said we can add extra memory and terminate our
BGP sessions here and use that for our Internet connections. After
thinking it over, I'd still rather have dedicated routers for our
Internet access but I'm curious what you guys think about this
suggestion.
I think at the Internet edge, physical separation trumps logical
unless you have no other choice. Personally, I would keep them separate.
My .02,
-dan
A point to consider:
Layer 3 infrastructure and the services that run on L3 devices (ssh,
ntp, routing protocols, packet classification, monitoring, shaping, etc)
have a much higher surface area for attack and bugs. They therefore
(theoretically) require more frequent updates and encounter more
problems. Do you want to disrupt your layer 2 infrastructure every time
you update your L3 infrastructure? Do you want to expose your L2
infrastructure to the potential bugs in L3 and above code? Separate
physical devices can create a more available network.
Counter point:
A router in front of a router adds an additional point of failure. If
you're not gaining anything (features, redundancy, etc) by its
introduction you're just wasting money and hurting your (potential)
availability.
If you provide a lot of L2 only services, or have a substantial amount
of traffic that never leaves L2, I would recommend dividing your network
by OSI layer. This allows you to easily have different update, security,
warranty, etc policies for the different services your network provides.
If you are an ISP offering L3 only services or all traffic on your
network hits L3, then a failure of any one layer will disrupt all
communication; In this case, you may save time/money and increase
availability by combining L2 and L3+ functions.
--Blake