09-21-2002 05:40 PM
Hi all,
I have 2 css11K's , they work brilliantly for my loadbalancing needs.. I have a couple of webserver "groups" which I "balance aca"
Now I would like to use them for something else:
each of the css'es are in different datacenters.
I would like to have two servers, one in each datacenter.
The webserver in datacenter2 as backup and one webserver in datacenter1 as primary.
If anything happens with the primary site I'd like the backup site to pick up.
The secondary site (datacenter2) has a /19, our primary site (datacenter1) is a /21 within the /19, I was lead to believe that if anything happens to the routers/uplink in our primary site all internet traffic would be automaticly directed to our seconday site (through BGP)
So I'd like to have the css in datacenter1 do a keepalive on the primary server if anything happens (serverdown, cable disconnection, broken switch, broken css, broken router etc) have the backup site become live...
How would I start configuring this? Is it even possible?
I hope I have explained enough for you to understand my questions, if not I'd happily give more info.
Thanks in advance..
Bastiaan Spandaw
09-23-2002 02:37 AM
yes, it is feasible.
This is called redundancy.
Check the following url with links to different sample configs :
09-23-2002 12:40 PM
Here is one source of information on distributed data centers:
http://www.cisco.com/networkers/nw02/post/presentations/docs/NSC-284.pdf
-
You have a few options for doing this, but some is dependent on how your
network is setup:
- How do your data centers see each other (Layers 1/2/3)?
Are they IBGP full-mesh, or at least route-reflector/confederation?
How is OSPF connected (single area, multiple area, NSSA)?
What routes are where (static to BGP, static to OSPF, redistribution, etc)?
Are your data centers connected with a transparent LAN?
- How is your BGP setup (especially Inter-Domain or externally)?
Where does the IP space come from (traditional classful networks i.e.
0/1, 128/2, 192/3)?
How are your annoucements seen according to different sources (e.g.
Internet routing table, RIR's like ARIN, IRR's like RADB)?
Who do you multi-home and multi-link to and at which data center or both?
What is the use of LSR/MSR's (less and more specifics) and BGP attributes
(weight/local-pref, AS-path prepends/pollution, MED/metric, communities
especially upstream e.g. no-export, selective prepends, setting local-pref)?
-
Here are the options for distributed data centers or global load
balancing (GLB):
1) HTTP routing (typically depends on option 2 by way of DNS insertion)
Product choices: Cisco Content Router 4400-B, CSS WebNS proximity
Idea: use of Layer 4 information or HTTP/302 defined redirects
Broken: browser problems, DNS delegation problems (need for every
site), users can bypass redirection by going directly to previously
visited IP/DNS URL (e.g. using bookmarks), only works for HTTP
(not SMTP or other important applications that require load balancing)
2) DNS routing
Product choices: Cisco Distributed Director, CSS w/o proximity, Content
Router 4450, and DNS Round-Robin (multiple IN A resource records)
Idea: DNS round-robin but smarter, can be combined with ideas like
edge-intercept where you administratively control the end-user DNS.
Can also be combined with smart site-selection techniques like
using DD IGP/BGP/RTT, Boomerang's one-way race metric and RTT's,
and the CR4450 Scouting or E2SS feature/functionality (see the ICDN
and ECDN documentation or the CECOC course with CSS WebNS)
Broken: Proximity methods are better (end-user DNS != end-user), and
when DNS server caching cannot be controlled (e.g. the global Internet)
then DNS administrators can ignore low TTL's (and generally do)
3) Anycast
Products : Cisco RHI with Catatalyst 6k CSM or IOS SLB
Idea: announce a /32 host route and inject it into OSPF or BGP with a
metric. When service degrades or becomes unavailable, remove route.
Implement at least two servers at two different locations with same IP
Problems: System logs (like web logs) are split up across multiple places,
however this idea scales really well if you understand how it works
4) ARP/subnet take-over
Products : Cisco ONS 15454 TLS + CSS redundancy or CSM FT-VLAN
Idea: Fail over from one location to another by clearing the arp-cache at
the location where the data moves from and re-creating the subnet or
IP addresses at the new location where the data needs to be moved to
Problems: Works really well, but difficult to scale past two distributed sites.
This technique is typically only done with active/passive redundancy
-
If you think I missed something, please let me know.
Andre
10-01-2002 03:27 AM
> - How do your data centers see each other (Layers 1/2/3)?
> Are they IBGP full-mesh, or at least route-reflector/confederation?
They do not necessarily see each other as there is no physical or logical
connection and no IBGP sessions. EBGP sessions are configured with
allowas-in.
This works for some transit links (we see the routes from the other data
center) but not for others, it seems they don't send us routes with our own
AS
number in it. For this we have statics.
> How is OSPF connected (single area, multiple area, NSSA)?
Separate EIGRP instances.
> What routes are where (static to BGP, static to OSPF, redistribution,
etc)?
No redistribution in either BGP or EIGRP, but EIGRP is active for 0.0.0.0 to
get external connected interfaces to show up for BGP next hop.
> Are your data centers connected with a transparent LAN?
No.
> - How is your BGP setup (especially Inter-Domain or externally)?
> Where does the IP space come from (traditional classful networks i.e.
> 0/1, 128/2, 192/3)?
/19 from class A space.
> - How are your annoucements seen according to different sources (e.g.
> Internet routing table, RIR's like ARIN, IRR's like RADB)?
One datacenter announces a /19 and the other a more specific /21 out of that
/19. Both are in the RIPE db and visible world wide. The /21 is also
announced
to peers over a public exchange point.
> Who do you multi-home and multi-link to and at which data center or both?
Transits and peers only slightly overlap.
> What is the use of LSR/MSR's (less and more specifics) and BGP attributes
> (weight/local-pref, AS-path prepends/pollution, MED/metric, communities
> especially upstream e.g. no-export, selective prepends, setting
local-pref)?
In each location each transit ISP connects through a switch to two border
routers. This link has a /29 with one address for the ISP and one for each
of
our routers. Each of our routers has a BGP session with the ISP. So when one
router goes down the other takes over. (There is HSRP on the back end.) We
use
outgoing MEDs to direct all incoming traffic to the primary router. We do
outbound AS path prepending towards one ISP for inbound traffic engineering
and we also overwrite the incoming MEDs and have a lower weight on one
session
to do outgoing traffic engineering. No more specifics or communities.
10-01-2002 10:19 AM
> They do not necessarily see each other as there is no physical or
logical connection and no IBGP sessions. EBGP sessions are configured
with allowas-in. This works for some transit links (we see the routes
from the other data center) but not for others, it seems they don't send
us routes with our own AS number in it. For this we have statics.
- Disconnected backbones are painful. Any plans to connect the data
centers together with a circuit (metro/long-haul fiber) or tunnel (iVPN)?
The additional problem of not being able to see your own routes since
you are announcing from the same ASN (and having to resort to statics)
is also strange. It seems that there should be easier/cleaner ways to
do this.
> /19 from class A space.
One datacenter announces a /19 and the other a more specific /21 out
of that /19. Both are in the RIPE db and visible world wide. The /21 is
also announced to peers over a public exchange point.
- This doesn't exactly follow the principles laid out in rfc2519 or rfc1771.
It does confuse me why you set it up this way, but I realize that you likely
have very good reasons for doing so. I don't think your explicit de-aggregation
is necessarily going to hurt anything, but it does appear that it may prevent
you from fully implementing distributed data centers. It also seems to be
able to create some worst-entrance/exit scenarios for you. It may help your
network to get IBGP connectivity (if possible) and announce all IP space in
all places (as just a single /19).
> Transits and peers only slightly overlap.
In each location each transit ISP connects through a switch to two border
routers. This link has a /29 with one address for the ISP and one for each
of our routers. Each of our routers has a BGP session with the ISP. So
when one router goes down the other takes over. (There is HSRP on the
back end.) We use outgoing MEDs to direct all incoming traffic to the
primary router. We do outbound AS path prepending towards one ISP for
inbound traffic engineering and we also overwrite the incoming MEDs and
have a lower weight on one session to do outgoing traffic engineering. No
more specifics or communities.
- If you read rfc3272 (sections on Inter-Domain traffic engineering), you
can get some better ideas on how you affect outbound (and why in most
cases, you shouldn't even bother affecting inbound). You can acheive
greater stability and control by using inbound metric or even inbound
AS-PP's to control outbound traffic, and maybe a little local-pref when you
really need to. I would suggest using as-path access-lists to do this
instead of regular ip access-lists (AS paths instead of prefixes).
As for doing the distributed data centers, it appears option 3 from my
previous post may work best for you even with your current network.
Option 4 may also be possible for you, but sounds like it would require
too many hacks to make it work.
I also suggest you take a look at:
http://www.nanog.org/mtg-0010/krioukov.html
Which describes dong my suggested option 3 along with some option 1
ideas (which sounds like it could work fairly well for you).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide