cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
32978
Views
25
Helpful
17
Replies

Best practice for High availability design, HSRP

Hi,

I am planning to create High Availability for LAN to WAN connectivity.

But I want to know your opinion about the best way how to do this. I googled for a solution/best way how to do this, but I didn't found in my opinion right answer.

The situation:

I have 2 3945E Routers and 2 3560 switches. The design that I am planning to implement is below.

The main goal is to have redundant connection, whatever one of the devices will fail. For example, if the R1 will fail, R2 should become active, if the SW1 will fail, the SW2 will take care about reachability and vice versa. The router 1 should be preferred always, if the link to ISP isn't down, because of greater bandwidth. So why am I drown 2 connections to 2 separate switches. If the SW1 will fail, I will still have a connection to WAN using R1 router.

The Router interface should be configured with sub interfaces (preferred over secondary IP address of interface), because more than 10 subnets will be assigned to the LAN segment. The routers have 4 Gi ports.

HSRP must be enabled on LAN side, because PC's on LAN must have redundant def. getaway.

So, the question is - what is the best and preferred way to do this?

In my opinion, I should use BVI and combine R1 routers 2 interfaces in to logical one and do the same for the R2.

Next, turn the router in to L3 switch using IRB and then configure HSRP.

What would be your preferred way to do this?

design.png

2 Accepted Solutions

Accepted Solutions

Hi Audrius,

I would suggest you to go with HSRP. GLBP you will use where you want load balance.

I think the connectivity between your Routers (3945) and switches (3560) is gigabit connection which is high speed. So keep one physical link from your switches to each router and do HSRP on those router physical interfaces.
In this way you will have high availability like if R1 fails then R2 will take over.

Regarding the config see the below which I have for one of my Customer DC.

ACTIVE:

track 1 interface GigabitEthernet0/0 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol


interface GigabitEthernet0/1
ip address 10.10.10.12 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
standby use-bia scope interface
standby 0 ip 10.10.10.10
standby 0 priority 110
standby 0 preempt
standby 0 authentication peter2mo
standby 0 track 1 decrement 30
standby 0 track 2 decrement 30


STANDBY:

track 1 interface GigabitEthernet0/0 line-protocol

interface GigabitEthernet0/1
ip address 10.10.10.11 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
standby use-bia scope interface
standby 0 ip 10.10.10.10
standby 0 priority 90
standby 0 authentication peter2mo
standby 0 track 1 decrement 30

Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

Hi Audrius,

OK, see the below per vlan HSRP config example...

HSRP config in Primary 3560:

interface Vlan1
ip address 10.1.1.2 255.255.255.0
standby 1 ip 10.1.1.1
standby 1 priority 110
standby 1 preempt

interface Vlan2
ip address 10.1.2.2 255.255.255.0
standby 1 ip 10.1.2.1
standby 1 priority 110
standby 1 preempt

interface Vlan3
ip address 10.1.3.2 255.255.255.0
standby 1 ip 10.1.3.1
standby 1 priority 110
standby 1 preempt


HSRP config Secondary 3560:


interface Vlan1
ip address 10.1.1.3 255.255.255.0
standby 1 ip 10.1.1.1

interface Vlan2
ip address 10.1.2.3 255.255.255.0
standby 1 ip 10.1.2.1

interface Vlan3
ip address 10.1.3.3 255.255.255.0
standby 1 ip 10.1.3.1


Hope the above will help you, also remember to rate all the helpfull posts which will give value to the contribute efforst put on it and encourage others throughout this great CSC.


Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

17 Replies 17

boban-petrovic
Level 1
Level 1

Use HSRP for core routers, but it's good idea to use GLBP with distro switches. Also link between distro switch should be L3 layer so L2 loops can be avoided.

Anyway, read the folowing document:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html

Hi Boban,

thank you very mutch for your response and sorry for a delay I was on short vacation
I am planning to put etherchannnel with 2 trunk uplinks as link bentween distro switches but I am not sure about HSRP.
I saw several configurations, where just 2 links are involved. In my case will be 4 for the same standby group.
Will be possible to do HSRP for 4 Router interfaces connected to LAN Side? Or I need to use BVI and IRB as a workaround.

Hi Audrius,

What I would suggest is use etherchannel between your Router and 3560 switches.
So you will have one physical link between router and switch pair and same for another pair.
Now you can do HSRP by using those two main physical interfaces.

The physical ports for HSRP of your routers like this...
R1-->interface Fa0/0 & R2 interface Fa0/0

But logically in each router Fa0/0 and Fa0/1 are bundled.

Hope the able clear and understand you.


Please rate the helpfull posts.
Regards,
Naidu.

Hi Nadu,

thank you for a great advise.
But to be sure, are you talking about such design?

Regards,
Audrius

Hi Nadu,

in the same scenario can we add ASA Failover, please suggest How It will work.

if possible with Diagram..

Of course, etherchannel is good idea to use between distro switches.

But you should pay atention on some stuff: if you use trunk mode for etherchannel in this case, you will probably make L2 loops per vlan depending which vlans you include in trunk. Then you will HAVE TO configure STP on switches, but when you do that pay attention that you match STP and HSRP configurations, because one of the links from access switch to distro switch will be blocked because of STP (per VLAN) (don't have to be but it's good idea to keep link between distro switches in forward mode per VLAN, so distros can communicate directly).

And of course, best practise is that link between distros slhould be L3, so loops are avoided, and no STP needed.

Leo Laohoo
Hall of Fame
Hall of Fame

Why use 3560 as your distro switches?

Could you, for example, use 3750 so you can stack them?

Your WAN (Cloud), are both going to the same exchange?  IF they are, could you specify the provider that they go different exchange?

Hi Audrius,

Yes, I suggested about that design. If that is not the right one then tell us the exact of your design.
And hope you are doing HSRP between your edge routers.

As said above even you have redundant internet links but they both going to single provider (single exchange) so what will be the high availability.

Did you get any confirmation from your ISP saying 99.99% uptime like that. Because eventhough they are going to single

exchange the paths may different from different local loop something like that.

Please rate the helpfull posts.
Regards,
Naidu.

Hi leolaohoo,

Our company already bought 3560 switches, so here is nothing to change.
Our WAN connections are totaly separated (the 1st picture is more correct) and they are used to reach different remote offices. The 1st provider has 100 Mbps link, so should be allways prefered. The second connection should be used only if the main link fails. Actually, they are 2 separate private WAN clouds.

Hi Audrius,

As suggested in my previous posts.
You can achieve this by using HSRP.
Configure one router which is connected to 100 MB link with high priority (standby priority 110) and then configure the second router with less than 110 priority (actually you no need to configure the priority in second router as it will take the default priority 100 which is less than the another router (primary).

Please let me know if you need any configuration guidense. Because I have the same setup for one of my customer Data Center.


Please rate the helpfull posts.
Regards,
Naidu.

Hi Nado,

thank you for a response. Any configuration guidance would be great!
One more question. Which HA technology should I use for distro switches, HSRP, GLBP? What about the link between them.
I have no experience with HSRP or GLBP reliability, so I am not sure what will be the best in such case.

Regards,

Audrius

Hi Audrius,

I would suggest you to go with HSRP. GLBP you will use where you want load balance.

I think the connectivity between your Routers (3945) and switches (3560) is gigabit connection which is high speed. So keep one physical link from your switches to each router and do HSRP on those router physical interfaces.
In this way you will have high availability like if R1 fails then R2 will take over.

Regarding the config see the below which I have for one of my Customer DC.

ACTIVE:

track 1 interface GigabitEthernet0/0 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol


interface GigabitEthernet0/1
ip address 10.10.10.12 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
standby use-bia scope interface
standby 0 ip 10.10.10.10
standby 0 priority 110
standby 0 preempt
standby 0 authentication peter2mo
standby 0 track 1 decrement 30
standby 0 track 2 decrement 30


STANDBY:

track 1 interface GigabitEthernet0/0 line-protocol

interface GigabitEthernet0/1
ip address 10.10.10.11 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
standby use-bia scope interface
standby 0 ip 10.10.10.10
standby 0 priority 90
standby 0 authentication peter2mo
standby 0 track 1 decrement 30

Please rate the helpfull posts.
Regards,
Naidu.

Hi Nadu,

thank you for configuration guidance.
With Routers is everything now clear.
But I am not sure, should I use HSRP between 2 3560 switches. They will be L3 and will do a lot of LAN routing. Both links from different 3560 switches will be connected to Access layer (which can be Router or switch, dependent on location).

Hi Audrius,

I would suggest you use HSRP between your 3560 switches too.
I guess you have same multiple layer 3 vlans configured on both 3560 switches.
So here you need to do per vlan hsrp to have complete redundancy.

Say for example you have vlan10 (192.168.10.1) on both switches configured, your accesslayer switch connected to both 3560 switches (mesh type connection). Now if you do per vlan HSRP even the active default gateway of vlan10 is down then the standby default gateway will take over.

See the below link for HSRP config between your two 3560 switches.
http://www.experts-exchange.com/Hardware/Networking_Hardware/Switches/Q_24034862.html

Please rate the helpfull posts.
Regards,
Naidu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: