cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3990
Views
15
Helpful
13
Replies

Anycast Routing for Disaster Recovery

Hello all, 

I was recently looking into anycast routing and I found it quite interesting. I could not find much information on the process to configure it so I went ahead and opened up Packet Tracer and used the knowledge I had to try to learn more. I ended up configuring a bunch of routers with EIGRP and adding a PC in here and there. Then I created two identical subnets on two different router and had each router advertise the route. Honestly at this point I was expecting some form of error when I tried to advertise the route from the second router (I should be more confident), but to my surprise there was not an error. I began to look at the routing tables on each of the routers and it appeared as if everything was working correctly. Each router had chosen the route to the network that was the shortest path. So from PC1 I could run a traceroute and the traffic would pass through one router and from PC2 that taceroute would take me to the other router. 

This confirmed my theory on what a basic setup would look like, by all means feel free to correct me if this is not correct. However, my main goal with anycast routing is a bit more complex. We have several remote sites in our organization all connected through fairly high bandwidth and low latency metro ethernet links and we are in the process of creating a disaster recovery site at one of those locations. One of the things that will need to happen in the event of a total disaster would be that we need to move the subnets for those servers to the DR site which currently will require making configuration changes to routers to remove the advertisements from the main site and re-advertise them from the DR site. I was hoping that there is some way that I could have the DR site setup similar to what I described above except instead of the routers selecting a route to that location based on hop count have them use the route to the DR site based on some other condition related to a failure. 

I hope what I was asking makes sense I wasn't quite sure how to write it out exactly! If you require any clarification on anything let me know. Is what I am looking to do possible? Is it still considered anycast routing or am I describing something else? I am just looking to make things as simple and automated as possible. In the event of a disaster the less complex and less time it takes to fail over the better and if we could automate the network side it would just be up to the system admins to get the server up and running from that point on. 

Any help is appreciated! 

13 Replies 13

Philip D'Ath
VIP Alumni
VIP Alumni

BGP is popular to do this, but what routing protocol do you use?

If you have a high bandwidth link between the main site and the DR site you could also L2 extend the network, so the subnets are hot at both sites at the same time.

All of our internal routers are running EIGRP. I thought about the L2 extension but ran into a problem. The metro ethernet links are all connected to routers or L3 switches at each location.I tried to look up ways to extend the layer 2 network across layer 3 boundaries but the general consensus was that it is a lot more work than it is worth. If you know of any ways to do this let me know for sure! 

To do this you would use a protocol called L2TPv3.  You need a router on each end with a spare built in port.  This port runs in layer 2 mode, and can not have an IP address on it,  L2TPv3 emulates a long cable.  So whatever goes in the local router's port pops out the remote end.

So you plug each of these into a switch port configured for trunking.  Whatever VLANs go in one end will come out the other.  This makes the vlans "hot" at both sites.

The routers need a DATA licence, which is now known as an AX licence.

A sample config for one end would be something like the below.  Gigabit0/1 is the layer 2 port discussed above.

l2tp-class dr-site
hostname l2tp
password xxx

pseudowire-class pw-prod-dr
encapsulation l2tpv3
protocol l2tpv3 dr-site
ip local interface <wan ip on local router>

interface GigabitEthernet0/1
xconnect <wan ip on remote router> 1 encapsulation l2tpv3 pw-class pw-prod-dr

I read a few other hosts on l2tp v3. It looks really neat! So  since the VLAN would be "hot" at both locations I should in theory be able to configure anycast-like routing similar to the way I have in my lab I posted above. So the routers at that location will advertise the route as being right there while other location will advertise it on the other end but either path is fine because they are both directly connected. Does that sound correct? 

Thank your for your explanation and sample config. Like I said I had researched it and found some other information but your explanation of "really long cable" does help clarify it. It actually looks like I stumbled onto and was referencing one of your older posts on the matter. https://supportforums.cisco.com/discussion/13032766/vlan-extend-l2tpv3

Ah yes, that is one of my prior answers as well.

Yes, because the VLAN would be hot at both sites you would use it like your anycast explanation.  You can run servers at both sites in the same VLAN at the same time (such as AD controllers with inbuilt redundancy).  If your main site dropped off the planet, the VLAN would already be going and working ready for you to restore further servers into - with no network changes.

That sounds ideal! 

Are there any drawbacks to using L3TP? I think I found some documentation stating that there can be performance and other various issues with extending a VLAN. However, I am not sure that it is directly related to L3TP, it could have been in reference to an older solution. Anything you can think of that would be an issue? 

As with any solution you do need a router with enough grunt to drive it ...

Also I strongly like having dual L2TPv3 links, and I prefer they take different paths.  Often I will run one over a WAN and another over a pair of Internet circuits over a VPN - just so they have completely different connectivity.

Sometimes I'll ask a provider to give me a QinQ circuit between the sites (this is basically when the provider does the "l2tpV3" for you, and you just get two cables to plug in) and then do a manual one using L2TPv3 myself.

You should probably ask your favourite provider for a price for a QinQ circuit between the two sites.  If you don't have routers with a spare port this can save you having to buy the needed hardware.

Thank you for all of you're help. I do have some routers, they are ISR 1941's so I know they are not too high on the housepower scale... Do you think that they would suffice? 

They need an "AX" licence.  They will work fine.  I'm going to guess you'll get 50Mb/s to 100Mb/s of throughput.

I thought of a potential hitch with this plan. How would the default gateway work in the event of failure? Would I need to configure something like HSRP so that way the gateway will failover to the DR site as well?

I am assuming that traffic at the DR site will be sent to the subnet because it is the closest route but it will have to circle around over the L2TP to the default gateway on the other side to get back. Is that correct? 

I normally use HSRP.  I have one customer where their DR plan involves manually moving the gateway.

Correct, it would "circle" back over the L2TP.  However you can change the routing metrics to make the DR version of the subnets less attractive (I often use the EIGRP bandwidth command to do this).  Then remote sites will only use it if the primary site is down.

We have EIGRP deployed in almost our entire environment. So you would recommend using the bandwidth command to manipulate the metrics? If what I know about it is correct this has no actual affect on the bandwidth just with route section, correct? 

I know we are basically away from Anycast routing at this point but thank you very much for your feedback it has been very helpful! 

I would use the bandwidth command only at the DR site, and only on the replicated VLAN(s).  Correct, it has no actual effect on bandwidth.

Review Cisco Networking for a $25 gift card