cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3100
Views
25
Helpful
9
Replies

VRF and HSRP or VRRP

MrBeginner
Spotlight
Spotlight

Dear All,

I would like to request your advice for my network migration.Please see below diagram and let me know your advice.My existing network have one router and two wan links.So i am running VRF for two wan links.

Now i would like to add new router as below diagram to get redundancy . So i consider to run VRF for two wan links in new router and run VRRP/HSRP to get redundancy .

So ,Let me know can i run VRF and VRRP/HSRP together in my network design ?

Let me know your advise for any concern for design ?

Let me know the best practice to get redundancy ?

Existing network.PNGMigrate Network.PNG

 

 

1 Accepted Solution

Accepted Solutions

Hi,

No, both will not talk with each other. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

9 Replies 9

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Both VRRP and HSRP support VRFs. VRRP is an open standard, so if you are mixing your router vendors then it is you only option. If you are using a pair of cisco routers, the HSRP would be my preferred option.

 

Regarding your design, it would be standard design for a single router to be connected to just one ISP and then run a layer3 link between the routers.

blah.png

 

 

cheers,

Seb.

Hi ,

Thank for your advise. we are using multi vendor. I for got to explain how to use WAN1 and WAN2. WE have many brach and we are using WAN1 and WAN2 concurrent to connect to our branches. WAN1 for untrusted user to connect to our DC and WAN2 for trusted users connect to our DC. So we are using VRF. Previous our design ,If WAN1 is down ,untrusted users cannot connect to our DC. If WAN2 is down,trusted user cannot connect.

So We we add new router and new links.We want to use router 1 is primary and router2 is secondary .Let me know your advice.

 

OK, so if you want to make both WAN connections available to both VRFs then you will need another layer of networking equipment upon which you can merge the two VRFs, allow them to share the routing table and therefore have access to both WAN connections.

A note about the diagram, the two parallel lines are a trunk interface carrying a layer3 link from each of the VRFs to the edge router layer.

blah2.png

 

Technically it should be possible to collapse the edge router function into the ‘VRF’ routers. You would do this by taking the L3 trunk link and connecting it back into the router to an trunk port with interfaces in the default routing table. However some platforms will detect this as a loop when it sees its own MAC addresses. You may been to place a Layer2 switch in the path of this link to stop this from happening.

Better still, since it has not been discussed, place a firewall in the path of this link.

blah2.png

 

cheers,

Seb.

Hi,

Thanks for your help.

Let me know can i run as below design ? I am running VRF in two router. I will run static route in Firewall.i don't use default route not only in Router but also in Firewall.Can i run vrrp or hsrp between vrf ? switch is l2 switch.

VRRP.png

Hi,

Yes, it is looking good and you can configure VRRP or HSRP. But keep in mind that this is not a fully redundant solution on your switches. Because If anyone of one switch will fail means you will be lost the One ISP connection. Try to make it more redundant solution on the switches as well. and How many free ports are available on the ASA?

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

HI there,

You are a still missing the Layer3 link between the routers.

 

To answer your immediate question, yes you can run a FHRP with VRFs.

 

cheers,

Seb.

Hi,

I am no experience in HSRP or VRRP. i need to use vrrp because different vendor device.let me know L3 link between routers must be used ?

The HSRP/VRRP ,they cannot talk over switch link ?

The FHRP will use the link to the switch for inter-router communication of hello messages.

 

The L3 link between the routers is to allow them to advertise their default route via their local ISP connection. This is required in case one of the switch-to-router links fails. IE the link between R1 and Sw2 fails, traffic could still go to R2 and be routed to R1 and then out via ISP1.

 

cheers,

Seb.

Hi,

No, both will not talk with each other. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Review Cisco Networking for a $25 gift card