cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2505
Views
4
Helpful
15
Replies

Hardware recommendation for redundant WAN connections

tfatheree
Level 1
Level 1

I am going to be connecting three sites, each approximately 3-4 miles apart from one another, with point-to-point wireless bridges.  Each site will have two independent bridges that each connect to bridges at the other two sites, creating a "ring".  The idea is that if any one radio link goes down, there will be a redundant path to keep communications up.  We estimate the speed of the wireless links will be in the 50-70Mbps range.  At each site, I need to connect the Ethernet connection from the two bridges into something, which then will go into a firewall.  My first thought was to connect the bridges into a router, but I've had a couple of people suggest that a better solution would be a layer 3 switch.  I figure I'll need to run some kind of routing protocol (EIGRP, OSPF), so any solution should support that.  Keeping in mind that price is always an issue, I'm interested in hearing suggestions on workable solutions.

I've included a diagram if it helps.  If possible, I'd appreciate a specific product recommendation.

Thanks in advance for any assistance.

15 Replies 15

david.tran
Level 4
Level 4

do you have layer-2 encryption for these wireless?  If you do running eigrp or ospf on top of GRE is enough.

If you do not have layer-2 encryption, then OSPF or EIGRP on top of GRE and then tunnel everything over IPSec tunnel.  The routing will provide redundancy (classic ccie security lab scenario)

or better yet, DMVPN will also work just as well.

my 2c

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

As you may want to shape or QoS manage the limited wireless bandwidth, a full featured router would probably be a better option.  Cisco's recommendation to support up to 150 Mbps (your two up 75 Mbps paths) of WAN bandwidth would be for a 3945.  If the dual paths were only 50 each, then Cisco would recommend a 3925.

Cisco recommendations are conservative and assume you'll be using about every possible feature at the maximum bandwidth.  If you're not, and most don't, you can often drop down a "size" or two.

If you do want to go with a L3 switch, you might look more toward the MetroEthernet type switches, as they are a little more feature rich than pure "LAN" L3 switches.

BTW, what's the purpose of the firewall in this topology?  Reason I ask, full blown routers also have pretty extensive security options too.  Switches, though, do not.

The firewalls are already in place, so I'm using them rather than purchasing a firewall IOS for a router/L3 switch.

Right now, I'm leaning toward a 1921/1941 with an added 10/100/1000BaseT EHWIC.

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Cisco recommends a 1921 for up to 15 Mbps and a 1941 for up to 25 Mbps.

Good point on the speed limitations.  I'm now thinking of the 2911, which supports up to 75Mbps and has three GE ports.  I don't suspect we'll be using all of the router features and can get by without having to go up to a 3900 series.  I see that there is an option called "Data License for Cisco 2901-2951", P/N SL-29-DATA-K9.  I'm not finding much info on this.  Any idea what it's for?

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not   be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In    no event shall Author be liable for any damages whatsoever  (including,   without limitation, damages for loss of use, data or  profit) arising  out  of the use or inability to use the posting's  information even if  Author  has been advised of the possibility of such  damage.

Posting

I've attached a Cisco document that provides performance information for the current ISRs.

Sorry, not current of latest feature licenses.

The licensing breakdown (Data vs Sec vs UC vs IPBase) is described here:

http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985.html

The Data license would unlock a set of features listed in the document above and beyond IPBase. 

Thanks, Eric...that's just what I was looking for.  It looks like IPBase gives

IPBaseK9

Offers features found in IPBase IOS image on ISR 1800,2800 and 3800 + Flexible Netflow + IPV6 parity for IPV4 features present in IPBase. Some of the key feature are AAA BGP, OSPF, EIGRP, ISIS, RIP PBR IGMP, Multicast DHCP HSRP, GLBP NHRP HTTP HQF QoS ACL, NBAR GRE CDP, ARP NTP PPP PPPoA PPPoE RADIUS TACACS SCTP SMDS SNMP STP VLAN DTP IGMP Snooping SPAN WCCP ISDN ADSL over ISDN NAT-Basic X.25, RSVP, NTP, Flexible Netflow etc.

and Data adds

DATA

Data features found in SP Services and Enterprise Services IOS image on ISR 1800,2800 and 3800 e.g. MPLS, BFD, RSVP ,L2VPN, L2TPv3 ,Layer 2 Local Switching , Mobile IP, Multicast Authentication,FHRP-GLBP ,IP SLAs, PfR ,DECnet, RSRB, BIP, DLSw+, FRAS, Token Ring ,ISL, IPX ,STUN, SNTP, SDLC, QLLC etc.

Looking through the list, I don't see anything in the Data license that I think we need. 

Regarding port speed, I read through the document you attached and ran across the following.  It's a bit hard to read, but the gist is that the test used to evaluate port speed severely understates the capability when using normal packet sizes.  Based on this info, I wonder if the 2900 series would work.

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Actual performance is very much dependent on your actual traffic and how you've configured the router.  Table 1 list Kpps for minimum size packets (worst case) but bandwidth for when forwarding maximum size packets (best case).  Generally, "normal" traffic falls between the two. 

Hi ,

Cisco recommends a 1921 for up to 15 Mbps and a 1941 for up to 25 Mbps.

15Mbps AND 25Mbps , these means unidirection or bidirection traffic bandwidth ?

Thank you!

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not   be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In    no event shall Author be liable for any damages whatsoever  (including,   without limitation, damages for loss of use, data or  profit) arising  out  of the use or inability to use the posting's  information even if  Author  has been advised of the possibility of such  damage.

Posting

For those particular stats, I believe they're for bidirectional.

Hi JosephDoherty,

Let us talk about 1941 Router 25Mbps.

Do you means it is for bidirectional , input and output are both 25Mbps ?

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

lcd_shouldit wrote:

Hi JosephDoherty,

Let us talk about 1941 Router 25Mbps.

Do you means it is for bidirectional , input and output are both 25Mbps ?

Yes.

This because the 25 Mbps is recommended for "WAN Circuit Speed" which unlike Ethernet is generally bidirectional.

Review Cisco Networking for a $25 gift card