cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1141
Views
0
Helpful
4
Replies

Failover using to Point-2-Point Links Between Different Buildings

markoldhamuk
Level 1
Level 1

Hi,

I'm in need of some advice and hope you guys and girls maybe able to help.

We have a client who wants to install their own circuits into our Data Centre's but want us to manage the routers.  We usually allow clients to install thier own circuits but they usually manage thier own routers, the other option they have is to use our fully managed MPLS solution but they are really pushing to just install a circuit.

So we need to provide a redundant solution for them. The easiest option would be to run HSRP which is possible within our DC's as we can span the VLAN between our DC's but at present we are not sure if we will be able to communicate at layer two between the clients buildings.

I've included a basic topology as an attachment to help understand the setup.

This isn't for load balancing just failover, our primary route needs to be via rtr1 and rtr3 and in the event of a failure rtr2 and rtr4.  We need to be able to target single IP addresses to hit services held at the DC and also a single IP to target hosts at the client site.  We are unable to specify multiple target addresses in the services which is why HSRP would have been ideal.

The hosts at the clients site will be in different subnets so I was also thinking about issues that could be caused using NAT as we would usually NAT addresses but if were not using HSRP I'm not sure if we can still do that or not.

Any help would be much appreciated.

Mark.

4 Replies 4

Mohamed Sobair
Level 7
Level 7

Hi,

Do you have any backdoor link between your client's sites? what is the addressing Scheme for the client primary and Secondary sites?

If you dont have a backdoor link between the client sites and you Only have to use One Network at both routers, you can have an IPsec tunnel  from the client to the DC, Only the primary IPsec tunnel is active , the secondary will be a backup for the primary one.

If you have a backdoor link between your client site's , then I would suggest running EBGP between your DC router's and the client's routers with IBGP between the backdooor link.

At the client you would then have control for outbound and inbound connection to prefer your RTR1 and RTR3 path over the secondary path.

HTH

Mohamed

madhu.kumar_2
Level 1
Level 1

Based on the data provided by you , we have a option to play on the BGP can you have the BGP running between your devices, i have a sample configuration below which makes the link Rt-1 to Rt-3 as secondary for both outbound and inbound , if the link fails the data flow will be

from your core-switch it will point out to the Primary router if you run HSRP , if you have RTR1 as HSRP primary and if the link b/w RTR1 and RTR3 fails the data flow will be core-switches to RTR1-----IBGP to RTR2 and reach RTR4

RTR1

router bgp 65484

bgp log-neighbor-changes

neighbor x.x.x.x remote-as 1234

neighbor x.x.x.x description rt3

neighbor x.x.x.x route-map from_Rt3 in

IBGP between RTR1 to RTR2

neighbor x.x.x.x remote-as 65484

neighbor x.x.x.x description iBGP rt2

no auto−summary

OUT-BOUND TRAFFIC CONTROL

route-map from_Rt3 permit 10

match ip address 98

set local-preference 90

IN-BOUND TRAFFIC CONTROL

router bgp 65484

neighbor x.x.x.x route-map AS_PATH_PREPEND  out

no auto−summary

!

route-map AS_PATH_PREPEND permit 10

match ip address 98

set as-path prepend 65384 65384

access-list 98 permit 192.168.236.0 0.0.0.255

RTR2

router bgp 65484

bgp log-neighbor-changes

neighbor x.x.x.x remote-as 1234

neighbor x.x.x.x description rt4

IBGP between RTR1 to RTR2

neighbor x.x.x.x remote-as 65484

neighbor x.x.x.x description iBGP rt1

Hi Madhu

Thank you for your reply, I will lab out your suggestion next week and let you know how I get on.

I'm still waiting to find out if we will be allowed to run HSRP internally on the clients network or if there is any Layer2 connectivity between the Routers at the client sites.

Regards

Mark.

"So we need to provide a redundant solution for them. The easiest option would be to run HSRP which is possible within our DC's as we can span the VLAN between our DC's but at present we are not sure if we will be able to communicate at layer two between the clients buildings."

Have you thought about using a Pseudo-Wire (l2tpv3) to pass the L2 info?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: