Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
7
Replies

how to make this work: for servers with corp LAN IP at redundant locations

Go to solution
riderfaiz
Level 1
Level 1

‎08-02-2017 08:25 AM - edited ‎03-05-2019 08:56 AM

Hi everyone,

Hope you can help to provide input as I do not have any experience at all.

We are going to replicate our virtual servers at the corporate (with ip 10.10.0.x) to our Emergency Operation Center (EOC) with ip scheme 10.24.12.x. Then from there to replicate to  another agency (different network thru the WAN) for offsite redundancy.

The EOC can access to the corporate server vlan thru a router on a fiber. Let's say... some disastrous events happens at the corp, including the fiber got cut... or the corporate servers were down. We would like to turn on the servers at either EOC location, or the offsite agency location. So there are two scenarios. In these two cases, PCs in the EOC will have to connect to those servers.

1st scenario: turn on servers at EOC

At the EOC, as mentioned, those PCs were able to get to the corp server vlan thru  a static route on a router. But now if the link is down, what do I need to do to make the PCs can "talk" to the vm servers at EOC? Like what route or settings should I do on which equipment.

2nd scenario: turn on servers at the agency - offsite locations

Instead of turning on the VMs at EOC, we like to turn on the VMs at the offsite location. Let assume the internet is still up thru the router that we talk about. Another requirement is by using VPN. If this is the case, how do the PCs at EOC talk to those servers preserved with the same server vlan ip but located in another location? What settings should I go with? Something like NAT or ip route map comes to my mind but again...I really could not think of what I need to do exactly.

I also attached a rough drawing for the network that we like to setup here. In our case, other than 10.10.0.x there is another network 10.10.176.x that we need to make to work...but let's forget about the 10.10.0176 network there for now...

Hope you can help...


Thank you for your help in advance.

Takami

Labels:
Preview file
22 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎08-02-2017 10:40 AM

Hello Takami,

for both scenarios, it is basically a question of redundant routing. If one route is down, traffic gets rerouted through the remaining links. This can be accomplished by e.g. IP SLA's, which track reachability to a certain destination, and if reachability is lost, fails over to the redundant route.

This if course is a very basic assessment. What type/brand is the equipment you have installed at the sites ? It would help if you could provide a mored detailed drawing of your network, including the equipment in use and its configuration; we can then add the necessary bits and pieces...

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Georg Pauwen
VIP
VIP

‎08-02-2017 10:40 AM

Hello Takami,

for both scenarios, it is basically a question of redundant routing. If one route is down, traffic gets rerouted through the remaining links. This can be accomplished by e.g. IP SLA's, which track reachability to a certain destination, and if reachability is lost, fails over to the redundant route.

This if course is a very basic assessment. What type/brand is the equipment you have installed at the sites ? It would help if you could provide a mored detailed drawing of your network, including the equipment in use and its configuration; we can then add the necessary bits and pieces...

0 Helpful

Go to solution
riderfaiz
Level 1
Level 1
In response to Georg Pauwen

‎08-02-2017 12:39 PM

Hi Georg,


Thank you very much for your response!! In fact, we are still in the early stage of the conversation. The other agency we have not even talked to yet. But sure all our equipment are all using Cisco. I will provide more details later once I got more details.


When I first got this assignment a lot of things came to my mind including NAT. And I really do not know how to get into. Now I will follow the path of redundant routes and how to put those component together.

May I bother you for more later once I got more details? I am very nervous on this as this is my first time..but I am really interested in working on this.

THank you again for your help.

Takami

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to riderfaiz

‎08-02-2017 12:44 PM

Takami,

keep posting your updates and questions here...! As stated, it would help if you can draw this out as detailed as possible...

0 Helpful

Go to solution
riderfaiz
Level 1
Level 1
In response to Georg Pauwen

‎08-07-2017 11:55 AM

Hi Georg,


Good morning. Hope you had a great weekend! Here I enclosed another hand written diagram. If my diagram still does not have enough details, please let me know so I can put them on.

In the diagram, there are two corporate networks. One is my corporate, and other one is called GG (so far I do not have any further details on their network). We want to make sure our vlan 500 server in our corporate network will have to setup and replicate over at the offsite location for disastrous recovery and redundancy. The connection bewteen two corporates will be site to site vpn.

When that happens, certainly my network vlan 100 like to be able to access to the server vlan 500 in the GG offsite location. If this is the case, how do I setup the routing?

Besides, we want our branch office SCC, and the secure network vlan 176  (Both are local fiber connections) be able to access it too. HOw the routing be setting up?

I am not good at Site to Site VPN and not sure that would make both corporate networks see each other as if they were the same LAN.

Hope you can help me to clarify how it works?

Finally, there is someone give me this suggestion...

#############

  1. Setup site to site VPN between my corporate and GG
  2. Replica VMs are kept turned off. They are turned on only if the primary VM is not available and the Administrator decides that the replica VM needs to be turned on.
  3. So you have two switches across the WAN link. Now configure the same VLAN on the trunked link in my corporate and also on the DR switch in GG.  Also create the same port groups /subnets/VLANs on the DR site as in PRD
  4. To test DR VMs, you can either disconnect the NIC from the VM or change the port group on the DR VMs to some other port group, so you don’t have duplicate IPs. If you create new port groups, at the next Veeam replication job, the port group info will revert back to the production port group info, since .vmx files will be overwritten from PRD.
  5. Once this is setup, you can do failover (failing from PRD to DR VM) and failback (restoring the primary from the replicated VM) of PRD VMs to DR  and back.

#############

DO you think the above is feasible too?

THank you very much for yourhelp.

Preview file
23 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to riderfaiz

‎08-07-2017 01:24 PM

Hello,

one question: in your drawing it looks like your primary link originates on an ASA firewall, while the secondary link originates somewhere on an edge device in the corporate network ?

0 Helpful

Go to solution
riderfaiz
Level 1
Level 1
In response to Georg Pauwen

‎08-07-2017 03:06 PM

Yeah... are you talking about the router of the "scc" in the diagram? Actually please ignore that. That is a branch  connected with fiber by using layer 3 instead of layer 2.

Simply we only have one primary internet connection (but more story after let's focus on one now :)

Thank you for your help.


Takami

0 Helpful

Go to solution
riderfaiz
Level 1
Level 1
In response to Georg Pauwen

‎08-03-2017 07:12 AM

hI George,


Thank you again for your response. I will put together little more info with a more detailed network diagram later. Stay in touch, and have a wonderful day!

Takami

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card