ravi mishra

Faiover of link and services (DC and DR)


I have a need to setup a failover link from my DC to DR for a project. The setup at dc is such that we have following:

Cisco 2811 router-->Checkpoint UTM-->L3 switch--> App and DB server.

( the web server is hosted at DMZ in UTM)

The setup at DR will comprise of following:

Cisco 2911 router-->fortinet 100D-->L3 switch -->App and DB server

(web server in DMZ in UTM)

The DC and DR will have a dedicated P2P link between them. This system will be accessed by external client organizations through a p2p link to our DC (app server access), whereas the web server will be accessible through internet.

Here i need to create a setup where if one of the server fails the services will be switched over to DR link and delivered from there. (for both webserver and app server) and failback when the link to DC is restored.

At the DB level, we have sql mirroring capabilities to setup the failover through the p2p link. Please suggest me on this. i am new to failover technologies. I was suggested that a vpn can be setup for the failover monitoring but i am not clear on the process.also the protocols to be used and other alternate solutions we may have for the requirement.Need to configure failover for both web server (internet) and app server& DB server (closed nw).

We have a single ISP link and single set of devices at each site currently.

Georg Pauwen
VIP Master



looking at your drawing, to be honest I don't know if a network failover will be the right solution. You don't have redundant links, so the better solution seems to me to set up some sort of failover cluster at the server level. What is the trigger for the failover, server reachability, server load, or something else happening on the server ?

I guess Server reachability. In case a server failure occurred at DC, the services to be delivered from Dr. Can that be done from a router?.we don't have 2 isps at our Dr .

In case the client can't reach the services on app server at DC, they should be forwarded to app server in Dr..similar for web services too...that's the requirement .



you could use Cisco's IP SLA to track the reachability of certain UDP and/or TCP ports. It depends on how the routing on the DC router is set up. IP SLAs work with (static) routes, so if your servers at the DC site are directly connected, you cannot override that with static routes unless you shut down the entire interface. 


Can you post the configuration of the DC router ?

Thank you for the info sir. Actually the whole setup is a new requirement
with new setup both are DC and dr . And I am seeking for suggestion and
guidance on how to go about configuring it with that infrastructure in
place. We have just allocated available devices for DC and dr but haven't
commenced the connectivity work.



I don't think you can (and want to) achieve this by any Cisco or network related failover. Simply because a network failover means EVERYTHING fails over, and since you have several servers, you need to set up the failover on a more granular level. Microsoft Cluster failover would be a good example...


What are your servers running on ?

It's running on windows server 2012. But we do not have a cluster within
the DC and dr servers for failover. Would you recommend it?. For all web,
app and db servers?.



definitely, I would recommend to set up a cluster. That gives you very granular control over which services to monitor, and when to failover. In addition, a P2P link is permanent, so it is perfect to send keepalives between the cluster members.

Thank you. I will work towards it.

But at the same time would clustering help in web server failover because the dns would lock one IP to the domain.bit confused on it.



as far as I recall, the servers in the cluster share a logical name. It can be compared to Cisco's HSRP standby address, which is an IP address shared by multiple routers.

Thanks for the information and recommendation.