40G/10G network issues/config

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
D

Decafpancakes

New Member
Jul 5, 2024
3
0
1
I have a 40gb network that handles the storage for my ESXI enviroments, 3 hosts and a SAN. For a while this networrk was only ever accessible to the machines connected directly to the SX6036. I wanted some of my other machiens to be able to access this on their 10g conenctions that are connected to a Unifi 10gb aggregation switch.

The 2 networks now have entries in Unifi:
10G
10.10.70.0/24
10.10.70.1

40G
10.10.80.0/28
10.10.80.1

My issue that im running in to is that there is alot of headache around routing traffic between these 2 as the unifi agg switch is only L2. Here is how the switches are currently connected:

1737052134906.png

My question here I guess is what is the easiest/best way to set this up so that both networks and their hosts can talk to each other with minimal config on the host side.
 
S

Scott Laird

Well-Known Member
Aug 30, 2014
431
261
63
Also, UDMs don't really have the horsepower to route 10 Gbps at full speed generally; I've seen claims of 4-5 Gbps when acting as a firewall. There's a chance that they're a bit faster when routing between networks.

Do you really need isolation between networks here? You could put each IP network on its own VLAN between the UDM and switches, and have the SX6036 either put some 40G ports onto an accessible network *or* trunk directly to each server and let them deal with security policies (or what listens on each interface) themselves.
 
D

Decafpancakes

New Member
Jul 5, 2024
3
0
1
Scott Laird said:
Also, UDMs don't really have the horsepower to route 10 Gbps at full speed generally; I've seen claims of 4-5 Gbps when acting as a firewall. There's a chance that they're a bit faster when routing between networks.

Do you really need isolation between networks here? You could put each IP network on its own VLAN between the UDM and switches, and have the SX6036 either put some 40G ports onto an accessible network *or* trunk directly to each server and let them deal with security policies (or what listens on each interface) themselves.
Click to expand...
No I dont really need isolation, they were made at different times when the sx6036 was completley disconencted. What im thinking now is just making a new network 10.10.90.0/24 and have the sx6036 handle that entire network and will just plug the devices that need 10g stroage into it. Just trying to figure out how I can make sx6036 handle this as im not to familiar with it. Any help there would be apprecriated.
 
K

kapone

Well-Known Member
May 23, 2015
1,823
1,213
113
That is...quite a convoluted setup.

Why can't the SX6036 be your core L3 switch?
 
You must log in or register to reply here.
Top Bottom