Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
0
Replies

Adding Redundant Equipment to Existing WAN

Mike Wagner
Level 1
Level 1

‎10-12-2020 12:46 PM

Hi All,

 

This is something I've been struggling with a bit.  I'm used to learning from others online and adapting proper configurations for our environment, but I'm worried I may have to outsource some assistance on this one...  Our situation is very unique and some of it is out of my realm of experience.  Please let me know what you guys think.

 

We're an IT consortium of several school districts in our region.  We provide ISP services to the school districts (they're connected back to us via leased fiber).  Our upstream ISP is a large academic research network in our state.  We have two carrier/geo diverse fiber paths to this ISP.  Our current edge router is an ASR 1002-X, and we have a Firepower FTD 4110 firewall.  Our ISP has two CPE switches on-site, one going to each of the paths back to them.  Each CPE switch has an uplink to the current ASR.  One of our paths to the ISP is strictly failover, as it's a metered connection (we pay a base fee and then extra for any usage above 100Mb), where the other is dark fiber.  The ISP handles preferences in their switches to make sure the failover path is only taken if the dark fiber is down.  We have our own ASN and IP Space that we advertise.

 

We have a requirement to add redundancy, so we purchased a 2nd ASR 1002-X and Firepower.  We're running into issues with the configuration, mostly due to the fact that each ASR only has (3) 10Gb interfaces.  I've attached two images (current and proposed layout).  As you'll see, in the proposed layout, each ASR will only connect to one ISP switch.  The other two interfaces on each ASR will go to the two Firepowers in HA mode.  

 

I need to accomplish some things.

 

1)  HSRP to the Firepowers - The ISP offered to give us a handful of VLAN's on each one of their switches, so that the ASR's could talk to each other for iBGP and HSRP.  My concern here is that, what if one of the ISP switches goes down?  Plus, I would have to do MPLS.  I'm thinking of utilizing one of the 1Gb interfaces to cross connect the ASR's strictly for L2 traffic for HSRP.

 

2)  iBGP - while the ISP CPE switches handle path preference, we also do preferences in our ASR.  Mostly because we want to keep east-west traffic between the ISP CPE's to a minimum.  So, if ASR1 is connected to the ISP CPE that has the main path, and it's the primary in HSRP, that shouldn't be an issue.  But our concern is a scenario where maybe the primary dark fiber path goes down, we need to make sure ASR1 knows to send east-west traffic to ASR2 so it can route out the backup connection.  Trying to plan for every scenario is very painful.  So if I could have another set of eyes on my scrubbed configs, it would be greatly appreciated!

 

I've tried to upload as much information as possible.  Maybe I'm over-complicating things?  I welcome any input, even if it's to tell me I need to hire someone to help

 

Thanks in advance!

Labels:
Preview file
5 KB
Preview file
4 KB
Preview file
3 KB
Preview file
90 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card