01-18-2019 10:00 AM
Hello,
Looking for some direction on how to setup a second site with Exchange. Right now we have a single cisco router setup with BGP to two different ISPs strictly for failover. We have one independant block advertised to both providers with our own ASN. We also use a Sonicwall firewall behind the router.
If I want to setup an identical second active site to replicate with the first, what would I need to do? I'm thinking of using the same two providers with BGP for the second site and opening a VPN tunnel between the two Firewalls.
Can I just use another IP address in the same independant block with the same ASN? Would this require Internal BGP if I have a VPN tunnel open between the two networks for replication? Can I do this without IBGP? I'm sure this is a basic setup but I'm having trouble visualizing this.
Please see the attached for the layout.
Thanks for your help.
01-18-2019 11:14 AM
It would help if we knew more about your environment. At first glance it seems to be a challenge to have 1.1.1.1 at one site and to have 1.1.1.2 at a different site. Perhaps it works if both sites are on something like Metro Ethernet where 2 different physical locations appear to be connected on the same subnet. Otherwise I am not clear how you get 2 sites into the same subnet.
HTH
Rick
01-21-2019 06:34 AM
I probably shouldn't have put them on the same subnet in the drawing. That is not my goal. I was merely trying to represent that they would be public ip blocks handed to us from the same provider. Most likely we would have two completely different blocks. These IPs are only used to route our independent IPs back to the providers.
My goal is to have two sites with active AD domain and email services replicating between them, enabling users to move seamlessly between them. The difficult part for me is working out how to have two ISPs at each site setup for BGP failover. I need to have email flow to either site and then replicate to the other site. I'd would prefer to keep it simple and setup a VPN tunnel to connect the two sites rather than adding a physical connection.
01-21-2019 03:09 PM
Thanks for the clarification. It seems to me that the real challenge here is how to arrange replication for AD and email services between sites. And I do not have expertise in those aspects. Once we have a better understanding of how to achieve that then we can address the aspects of arranging routing from the sites to the providers.
HTH
Rick
01-21-2019 04:13 PM
I believe I have that worked out. I have Sonicwall firewalls at each site and will configure a vpn tunnel between the internal subnets. I will install another dc and exchange server with dag to sync across the vpn.
The question for me is not how to get from routers to providers, but from providers to routers. how do I route emailers from the internet to connect to domain.com at the primary site and at the backup site in case of primary site failure? Can I add a second site with two more isp connections to the bgp with a longer prefix? Then if we have power outage at primary, emailers will connect to our backup site using the same independent public ip block and asn.
I’m looking into SD-WAN as a possible alternative.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide