Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2381
Views
0
Helpful
3
Replies

Active - Passive Data Center (Failover Scenarios)

netbeginner
Level 2
Level 2

‎12-31-2019 11:38 AM

Hi Friends, 

 

Having a Query related to Active-Passive data Center (two DC in different geography where one in Active and Other is Passive) Till this point thinks looks OK !!! .

 

but....Devices HA (Active-Standby) are created across the data centers. i.e Active Instance of Device are at DC-1 and Standby Instance of Device are at DC-2.  (Diagram attached as reference)

 

Devices HA formation or keep-alive/sync is through Inter Data Center Link which is Layer-2 (interDC link is connected on Border Leaf at both data Center, This is ACI enabled setup). First Query, is ........Is this type of design is recommended ? If yes then what about the below risks. 

 

However...As of now things working fine. But thinking about the few possible isolation scenarios which result a work condition.

 

1- Assume .. Inter Data center Link (Layer-2) goes down. All HA will break and both devices started behaving as STANDALONE. 

 

OR (other Scenario)

 

2- Assume , if Perimeter Firewall or Load balancer or Internal Firewall having some problem and failover triggered automatically. Say... Load Balancer failover happened now DC-1 Firewall is Standby (which was ACTIVE before) and DC-2 Firewall is ACTIVE (which was in standby mode earlier). But rest other Devices in DC-1 is active Only. i.e Perimeter Firewall , Internal Firewall. you may assume the same case with other devices also. 

 

in this condition how traffic flow would be..and if traffic flow not interrupted even in this circumstances then will there be any performance issue in the application or services to end user........ I thought multiple times on this with different permutation and combination but unfortunately did'nt reached any conclusion. Kindly share your thoughts.

 

 

Pls note , Devices are mixture of hardware appliance and Virtual too.

 

 

Rgds

*** 

Labels:
Preview file
91 KB
0 Helpful
3 Replies 3

netbeginner
Level 2
Level 2

‎12-31-2019 11:05 PM

Can anyone help and suggest.

0 Helpful

ngkin2010
Level 7
Level 7

‎01-01-2020 08:03 AM - edited ‎01-01-2020 08:04 AM

Hi,

 

Kindly share more information on the transit network (e.g. how does the load balancer & firewall connected )... 

 

It depends on the transit networks (e.g. WAN router to load balancer; load balancer to firewall; ...etc) is inter-site capable or not. Please check on the diagram (attachment), if it's on the same layer-2 broadcast domain, for example, the WAN router on DC1 could reach both load balanceres on DC1 & DC2 over the inter-site link. Then the HA will work, but the performance will low. (Your DATA traffic might have chance that physically flow through DC1 -> DC2 -> DC1)

 

And if the inter-site link is dead, and here I will assume the layer-2 broadcast domain will split into two isolated L2 B.C. domains.

 

All of your devices (Load balancers, Firewalls) will become active. But since both active units are now totally isolated, they will still working as two separated infrastructure. 

 

====

 

But I never see the HA design like it before... won't it would be better if they configured as standalone instead of A-P HA?

 

Regards,

 

Preview file
119 KB
0 Helpful

netbeginner
Level 2
Level 2
In response to ngkin2010

‎01-03-2020 01:35 AM

Hi NGK, 

 

Thanks for response. 

 

Yes, Obviously HA is on same broadcast domain (we have stretched fabric ACI data centers). 

 

Point is that , Is Cisco Or Experts recommending this type of design across data center ? I agree with you point that there is no profit for this design. 

 

But still would like to welcome views from other experts as well. 

 

Rgds

***

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card