Re: How do you build dynamic failover routes

whitemike · ‎06-15-2010

I am trying to build redundancy in our network, and have run across an issue. I have traffic coming into my network from multiple satellite offices, they are coming into 3 different firewalls (non-Cisco) and if one of the firewalls goes down I would like my Cisco 3750 to point the traffic going to the one that is down to one of my other firewalls. How would I do that dynamically?

Jon Marshall · ‎06-15-2010

Mike

You would run a dynamic routing protocol between your 3750 switch and the firewalls. If the firewalls are non-cisco you could use OPSF between the firewalls and the 3750 switch.

You would need the IP services image ie. not the IP Base image on the 3750 to run OSPF.

Jon

whitemike · ‎06-16-2010

Thank you for the info Jon.

djh278778 · ‎06-15-2010

Another option you could explore if you want to avoid dynamic routing would be the use of "object tracking". With the use of either the "ip sla"/"rtr" (depends on ios) and the "track" commands, your device can monitor and track the reachability state of a host on the internet for example, and force down your primary default route (routes have to be created with different metrics) thereby forcing your secondary route into the route table and so on. You can also track the state of the interfaces but this doesnt always help because the outage could be downstream and your switch interface would still be "up" to your firewall. Check out the resources for Cisco RTR, IP SLA, or object tracking online.

whitemike · ‎06-16-2010

Thank you for the info djh278778.