Solved: Re: Guidance on redundancy solution

shree_nav · ‎11-18-2010

Dear All,

We want to implement redundancy for our LAN-to-WAN connectivity. There are 2 redundant L3 swithches running HSRP connected to the LAN, and there is a single WAN router(7206 VXR, with NPE-G1). The WAN router is connected only one L3 switch. So current solution is such that ports on both L3 have been configured with the correct HSRP VLAN groups for the router, and in event of a failure of active L3, a cable swap to standby L3 will do the trick. Now the problem is that if we actual benefits of HSRP is to be realised, we have to have another LAN connection from router to L3. All three Gigabit LAN ports from the NPE have been used up.Which port adaptor do i use to gain additional Gi lan ports? Will this be the correct solution?What will be the layer3 considerations on the LAN ports on the router in such a case?

Pavol Golis · ‎11-18-2010

http://www.cisco.com/en/US/products/hw/modules/ps2033/ps2595/index.html

or

http://www.cisco.com/en/US/products/hw/modules/ps2033/ps2546/index.html

So either 2xFast Ethernet (metallic) of Gigabit Ethernet with GBIC, you can buy GBIC for 1000-BASE-T (metallic). If your WAN link is slower than 100Mbps then 2xFastEthernet PA should be cheaper & sufficient and gives you one extra physical port.

From the design perspective, you can either run routing protocol between 7200 and L3 switches, and let it take care of redundancy or run HSRP on router ports (this should work, but I haven't tried it)

View solution in original post

Pavol Golis · ‎11-18-2010

http://www.cisco.com/en/US/products/hw/modules/ps2033/ps2595/index.html

or

http://www.cisco.com/en/US/products/hw/modules/ps2033/ps2546/index.html

So either 2xFast Ethernet (metallic) of Gigabit Ethernet with GBIC, you can buy GBIC for 1000-BASE-T (metallic). If your WAN link is slower than 100Mbps then 2xFastEthernet PA should be cheaper & sufficient and gives you one extra physical port.

From the design perspective, you can either run routing protocol between 7200 and L3 switches, and let it take care of redundancy or run HSRP on router ports (this should work, but I haven't tried it)

aqeel.karim · ‎11-18-2010

A drawing would help visually, if you could produce it. But what I can see if the following:

Current

C7206

Gi0/0

|

C3700 series

Gi1/1 Gi1/2

| |

C4500 Series C4500 series

| |_____| |

| Gi0/2 |

| VL2 |

Gi2/1 Gi2/1

Vlan2 Vlan 2

HSRP1 HSRP2

Gi2/2 Gi2/2

| |

VLAN2-Users

Proposed

C7206

Gi0/0 Gi1/0

| |

C3700 series |

Gi1/1 |

|

| Gi0/4 Gi0/1

C4500 Series C4500 Series

| |_____________________| |

| Gi0/2 |

| VL2 |

Gi2/1 Gi2/1

Vlan2 Vlan 2

HSRP1 HSRP2

Gi2/2 Gi2/2

| |

VLAN2-Users

So, you have redundancy on the LAN via different modules but technically, you are still single threaded because both LANs are on the same chassis. Also, you are single threaded because you have one WAN router with an interface. And your stating an additional port on the 7206 is becoming available but you're not sure how to achieved HSRP when a interface opens. Correct?

You have good and bad situation...

1. Even if you open a another interface on the C7206 for the you appear to still be signle homed on your distro/L3 switch. But you have a valid question where to place the new PA on the 7206. Cisco uniquely assigns PA BW points for certain modules in the 7200 series routers. See the below link

http://www.cisco.com/en/US/docs/routers/7200/configuration/7200_port_adapter_config_guidelines/3875In.html#wp1115595

But when you perform this addition, it should be pretty simple. Move an interface on Vlan 2 with a correct IP. Of course, depending on how you subnet is managed you may find a IP address out of range if you start with the normal GW addrs of .1 - 4.

2. Better option would be to bypass your Distro switch and go directly into your L3 switch. This will allow you to have a full redundant network with redundant interfaces and devices. And if ever such a time arises where you have more than 1 network that has priorities a simple sub-interfaces on the 7206 will accomplish that. With trunks placed on the L3 switch instead of routed IP's.

My other issue as I list this is that HSRP is on the user switch which places routing and switching on the same device. But really the HSRP process should be done either on the router or the distro switch as it will see the failures first. In which most times comes from the WAN and not the LAN. If the LAN fails then the users will definitely experience an outage but if the WAN fails a percentage of business can continue locally with printing, resource servers and things of that nature. Remember the approach should be the 80/20 rule and not the 20/80.