Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1229
Views
0
Helpful
8
Replies

Redundant Routers with 1 ISP and 1 MPLS connection

Jake Stroud
Level 1
Level 1

‎01-20-2016 01:46 PM - edited ‎03-05-2019 03:09 AM

I have a fairly large site with 150+ remote locations.  We are adding redundancy at our data center, replacing one router running BGP, DMVPN and all connections (Internet, EWAN and MPLS) with 3 routers.  The idea is to use the existing router just for DMVPN and 2 new routers to do BGP; one active and one standby.  We only have one ISP for internet at the data center, however we have an ewan connection to our corporate site with an Internet connection going out at corporate (all sites currently go out to internet at data center).

I was thinking we may be able to get multiple interfaces on the MPLS and Internet equipment and setup an HSRP type configuration where if we lost one router the other would take over.  Any suggestions?

Ideally, failover between the 2 routers at the datacenter and then if the link to the datacenter fails, a failover to the corporate office would be desired.

Labels:
0 Helpful
8 Replies 8

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-20-2016 05:53 PM

That's quite a bit to take on in a forum like this.  :-)

HSRP is "intended" to provide first hop redundancy for those hosts that can not dynamically determine the best default route (aka your typical server).

So yes, you could use two routers, like your two BGP routers, to provide an HSRP address for the servers, assuming the BGP routers and servers are on the same VLAN.

Another option, which I like to do, is to use a stacked or redundant pair of layer 3 switches.  They can then do all the forwarding between the VLANs at wire rate, and talk dynamically to the routers using a routing protocol.

It depends a lot on your DC design.  Do you have a single VLAN or lots of VLANs?  Are the routers connected inside of the firewall directly to those VLANs?  What sort of switching kit do you have that could be used?  How many physical servers do you have?

0 Helpful

Jake Stroud
Level 1
Level 1
In response to Philip D'Ath

‎01-21-2016 04:57 AM

It's not a flat network, multiple VLANs.  We have requirements that justify the routers on the edge, just not sure what the best solution is. 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Jake Stroud

‎01-21-2016 01:23 PM

Any chance of a quick diagram showing exactly what connections would be connected to which routers as it not entirely clear how if both MPLS routers fail you intend to connect to corporate for internet.

Is this connection on a different device altogether.

Is a default route being sent from the DC to all other MPLS sites for internet ?

Jon

0 Helpful

Jake Stroud
Level 1
Level 1
In response to Jon Marshall

‎01-26-2016 01:00 PM

Attached is a very basic layout.  The two routers circled in red are the ones I want to setup HSRP (or a redundancy solution) on.

The EWAN connection is between the colo and our corporate office directly.  If MPLS our corporate office can still get to needed resources.  We are planning to configure for a redundant internet route as well, when needed.

Preview file
38 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Jake Stroud

‎01-26-2016 01:08 PM

Who exactly are you trying to provide failover for ?

Is it for all your remote sites and do you want failover for both internet ie. if the DC goes then the corporate internet is used and also for access to the DC ie.again if MPLS goes then you can access the DC going via the corporate site and across the EWAN connection ?

Also where does DMPVN come into this ?

Sorry for all the questions but it's not clear exactly what failover you want between links and for who.

Jon

0 Helpful

Jake Stroud
Level 1
Level 1
In response to Jon Marshall

‎01-26-2016 01:11 PM

There's another router doing nothing but DMVPN that plugs into the switch as well.  Under the routers at the data center is our virtual environment; all the servers, hosts, etc.

Out lots are connected via the MPLS and all come back to the data center for internet.

The goal is if the core router fails, we want another that is on standby to take over...

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Jake Stroud

‎01-26-2016 01:20 PM

If you have both routers connected to the MPLS network then why not have them both advertise the DC subnets and the default route which I assume you use for internet.

Or do you want to use one for backup only ?

If you don't does it really matter which MPLS router the clients come in and go back out on ?

Jon

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-20-2016 05:55 PM

Just reading about the replacing of the BGP router.  A layer 3 switch running "sp services" or "advanced ip" could do all the BGP routing for you.  You would end up with a lower box count making it easier to manage everything.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card