Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5476
Views
0
Helpful
10
Replies

Server virtual ip address

Go to solution
Chris Hott
Level 1
Level 1

‎12-22-2010 12:24 PM - edited ‎03-04-2019 10:52 AM

I have a design question that I am hoping someone has already attempted or implemented.  We have 6 seperate sites in our WAN.  4 sites are distribution centers or offices and 2 are data centers (one production, one warm standy backup).  We have an application in the data center that is accessed by the 4 distribution centers and offices by IP address, not DNS or host name.  We would like to implement a solution in our routers (all Cisco) that would allow us to define a 'virtual' IP whereby when there is an issue with the server in the data center, we can make a change on the routers to point to the backup server.  This would eliminate us having to touch every device that uses the application IP when there is a problem with the production site.

My question is whether or not using NAT in the IOS in the 4 sites would allow us to define this 'virtual' IP in each site which would then be translated to the working server.

Any comments are welcome.  Thanks in advance.

-Chris

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
hobbe
Level 7
Level 7

‎12-22-2010 02:05 PM

As a general point

if it is as you have written then just hardcode and change the mac address of the ip address in the router.

it works, its quick, and its dirty.

However if you need to access the server from the local network it is on. then I would check if there where a NAT solution.

Just a thought.

View solution in original post

0 Helpful

Go to solution
hobbe
Level 7
Level 7
In response to Chris Hott

‎12-23-2010 12:36 AM

Sorry my mistake !

I thought you meant that you had the prod and warm server in the same datacenter ie same network or the same ip range in the datacenters.

(l2 connections between them).

So if you want to failover between sites I agree that it should work with a NAT/PAT in the distro site.

Just check that the software does not have a problem with NAT ing. simple to test.

However a thought would be that if you are to change the nat, then you should first shut down all connections to the non working prod machine, unless the software can handle that you have two prod machines and they update eachother, then it should not matter.

ie

change nat distro site 1 to non responding ip

clear xlate

change nat distro site 2 to non responding ip

clear xlate

change nat distro site 3 to non responding ip

clear xlate

change nat distro site 4 to non responding ip

clear xlate

change nat distro site 1 to warm server ip

clear xlate

change nat distro site 2 to warm server ip

clear xlate

change nat distro site 3 to warm server ip

clear xlate

change nat distro site 4 to warm server ip

clear xlate

done

This is to ensure that you do not have connections at the same time to both systems. fx during testing or problems with the backend.

This could be automated through scripts to shorten downtime.

Good luck

HTH

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Mohamed Sobair
Level 7
Level 7

‎12-22-2010 01:07 PM

Chris,

I have almost similar but with different design approach as we have quitely more sites connecting to our Datacenter and the DR site, However , I have both Active at a time.

Now, with your requirment, the Only solution I can think of is to have your distribution sites routed with (More preference) to you primary DC and have a backup Route preference to your DR site.

With Regard to the server availability, I would say you can have this by implementing both Routing preference as I specified above with (IP Sla) to track the server availability and switch to the backup path whenever a failure occurs on the primary one.

Cant say much more without looking at a design, but this how it can be with your scenario

Regards,

Mohamed

0 Helpful

Go to solution
Chris Hott
Level 1
Level 1
In response to Mohamed Sobair

‎12-22-2010 01:51 PM

Mohamed,

Thank you for your reply.  Would we be able to enter the same IP with different routes with only a different preference?  This would allow us to maintain the 'virtual IP' at the distribution sites.

Thanks,

Chris

0 Helpful

Go to solution
hobbe
Level 7
Level 7

‎12-22-2010 02:05 PM

As a general point

if it is as you have written then just hardcode and change the mac address of the ip address in the router.

it works, its quick, and its dirty.

However if you need to access the server from the local network it is on. then I would check if there where a NAT solution.

Just a thought.

0 Helpful

Go to solution
Chris Hott
Level 1
Level 1
In response to hobbe

‎12-22-2010 02:36 PM

What do you mean by 'hardcode and change the MAC address'?

Let me expand the network description so there is no confusion.

4 distribution sites:

172.16.x.x

172.17.x.x

172.18.x.x

172.19.x.x

2 data centers:

172.20.x.x

172.21.x.x

Production server real IP address:

172.20.0.5

Warm server real IP address:

172.21.0.5

Virtual IP we would like to enter into devices accessing the server:

172.25.0.5

I was thinking along the lines of a NAT solution because the 172.25.0.5 would be translated at the dist. site router to appropriate (live) server.  This is the item we would have to touch when the disaster strikes.  We would then update the NAT statement to point to 172.21.0.5 on each router.  The 172.25.0.5 would remain on the devices in the distribution sites.

Does this clarify things?  Maybe I trying to dream something up that is not possible without additional hardware, but it seemed to make sense on paper.

Thanks,

Chris

0 Helpful

Go to solution
Utair Corporation
Level 3
Level 3
In response to Chris Hott

‎12-22-2010 08:22 PM

Could you also draw your topology?

In some cases this is just a matter of static nat on datacenter side.

0 Helpful

Go to solution
hobbe
Level 7
Level 7
In response to Chris Hott

‎12-23-2010 12:36 AM

Sorry my mistake !

I thought you meant that you had the prod and warm server in the same datacenter ie same network or the same ip range in the datacenters.

(l2 connections between them).

So if you want to failover between sites I agree that it should work with a NAT/PAT in the distro site.

Just check that the software does not have a problem with NAT ing. simple to test.

However a thought would be that if you are to change the nat, then you should first shut down all connections to the non working prod machine, unless the software can handle that you have two prod machines and they update eachother, then it should not matter.

ie

change nat distro site 1 to non responding ip

clear xlate

change nat distro site 2 to non responding ip

clear xlate

change nat distro site 3 to non responding ip

clear xlate

change nat distro site 4 to non responding ip

clear xlate

change nat distro site 1 to warm server ip

clear xlate

change nat distro site 2 to warm server ip

clear xlate

change nat distro site 3 to warm server ip

clear xlate

change nat distro site 4 to warm server ip

clear xlate

done

This is to ensure that you do not have connections at the same time to both systems. fx during testing or problems with the backend.

This could be automated through scripts to shorten downtime.

Good luck

HTH

0 Helpful

Go to solution
Chris Hott
Level 1
Level 1
In response to hobbe

‎01-07-2011 02:21 PM

hobbe,

Sorry it has taken so long to reply.  The NAT solution in the distribution site routers appears the way to go.  Thanks for the additional comments and instructions.

-Chris

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Chris Hott

‎12-23-2010 01:12 AM

Hello Chris,

You can do the following at each of the distribution sites,

ip route 172.20.0.5 255.255.255.255 (next hop address) track 1

ip route 172.21.0.5 255.255.255.255 (next hop address) 10

track 1 rtr 1 reachability

ip sla monitor 1

type echo protocol ipIcmpEcho 172.20.0.5 source-ipaddr x.x.x.x

timeout 2000

frequency 3

ip sla monitor schedule 1 life forever start-time now

*** The above providing you have access to both servers from the distribution sites*

Regards,

Mohamed

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Chris Hott

‎12-23-2010 01:16 AM

Hello Chris,

You can add the following Static routes at each of the distribution sites,

ip route 172.20.0.5 255.255.255.255 (next hop address) track 1

ip route 172.21.0.5 255.255.255.255 (next hop address) 10

Track 1 rtr 1 reachability

ip sla monitor 1
type echo protocol ipIcmpEcho 172.20.0.5 source-ipaddr x.x.x.x

timeout 2000
frequency 3


ip sla monitor schedule 111 life forever start-time now

The above providing you have access to both servers from the distribution sites, this will keep track of the primary virtual IP and fall back to the backup server once the primary is down.

Regards,

Mohamed

0 Helpful

Go to solution
Chris Hott
Level 1
Level 1
In response to Mohamed Sobair

‎01-07-2011 02:22 PM

Mohamed,

I appreciate your replies, however we cannot have different IPs listed for the server.  The handheld devices can only be programmed to access 1 IP.  Thanks for your comments and suggestions.

-Chris

0 Helpful
Customers Also Viewed These Support Documents