Setting up a small Cloud Hosting Suite

senate014

Hi there

I'm wondering if someone can give me some advice please….

I'm setting up a small cloud hosting suite. We currently sell a lot of used HP servers to various end users throughout the UK and a lot of them ask us if we have somewhere to host them...

I thought I'd take advantage of this requirement and setup a small 8 rack hosting suite setup in the following fashion...

Rack 1    Networking Rack (2x Cisco Catalyst 6509 with 2x SUP720 Supervisors, 4x 48 Port CAT5 Gigabit Line Cards, 1x 16port Gigabit Ethernet Fibre Line Card
Rack 2    UPS Rack
Rack 3    Customer Rental Space
Rack 4    Customer Rental Space
Rack 5    Customer Rental Space
Rack 6    Customer Rental Space
Rack 7    Customer Rental Space
Rack 8    Customer Rental Space

My question surrounds the networking side and how I should set it up.
This is the setup that I'm thinking of in my head....

Cisco Catalyst 6509 runs the layer 2 network & VLANS
PFsense Router with a 100mbit over 1Gbit lease line terminating into the PFsense Server (Installed on a vSphere 5.5 server cluster with VMware FT (Fault Tolerance) enabled on the PFsense VM)

I will have a 128 IP allocation (RIPE) from my lease line provider... I want to pass these IP's through to my customers routers on their own dedicated VLANS configured on the Cisco Catalyst 6509.

How would I go about passing through customer traffic to all the different VLANS on the network from the PFsense router? Would this be done by setting up the Virtual IP's on the PFsense router?
I know traffic can be passed from the internet through my PFsense router to the clients VLAN using Virtual IP's, but what about back out to the Internet? I wouldn’t want all my customers passing data back out to the internet using the same IP. I'd want them receiving the sending data from their own dedicated Internet IP assigned to them from my pool of 128 provided by the lease line company.

Is this something PFsense can do or would I need to use a more sophisticated router, like the routing functions on the SUP720's in the Cisco 6509's?

I think that's as best I can explain what I'm trying to achieve.

Looking forward to some replies  :D

Thanks

Andy

jgraham5481

Heres how I would do it, starting from the WAN forward

Build a PF sense Box or VM, I'm liking physical box lately….

On the WAN interface, set it up with your /25 subnet, 192.168.164.1/25 for example
create virtual IP's on the WAN interface for the remaining 2-125 in this case.

Let PF Sense route your VLANs, so create them there.

Create your inbound rules for NAT whatever public IP to whatever internal VLAN/subnet

Create outbound rules to route outbound traffic from whatever internal VLAN/subnet to whichever public IP

Add VLANs to the switches VLAN database, configure ports.

There may be better ways in 2.2, but this would be my way of doing it in 2.1.x

Because you are offering this as a service, I would set up two firewalls for HA.

That will get you started, you can add traffic shaping to keep one customer from saturating the WAN or LAN, I would add other rules for security, for instance blocking customer access to the pf sense configurator page, ssh, etc.

senate014

Thanks for replying.

I'll get this setup a go and post the results.

Much appreciated!

Andy