Scott Brien wrote:
Hi,
I have recently undertaken a project for which i am to re-design our border network for our customers and infrastructure.
The design which i have in mind is as follows:
1) Customer WAN comes in on layer 2 on our customer agg switch and terminates in their own VFW where they can access the infrastructure required
2) a /30 public address space is assigned with 1 address on the outside IF of the VFW and the other on our border router which is connected via a trunk to our core switches.
My issue here is how we are to configure redundancy between our 2 border routers which are geographically seperated over a L2 WAN.
The border routers are multihomed HSRP would need to be active standby not load sharing.
Any assistance/thoughts would be appreciated on this one.
Thanks,
Scott
It's difficult to configure HSRP with only a /30 to play with - with two interfaces, you typically need a minimum of 3 addresses (one for each interface and one for the floating "virtual" node).
If you can get a /29 to play with on your edge connection, just configure HSRP normally and configure one router to preempt always - lower the priority so it always takes the "master" role, and configure it to preempt so if it does go down, it will always take the virtual address back as soon as it stabilises after boot/restart.
HSRP supposedly does not do load sharing by default, so you should be OK if you configure your "main" router with the highest priority and absolute rights to preempt the HSRP group.
Of course, if you can't get a /29 to play with, this gets more sticky. :-)
Off hand, I can't think of a way to make this work when you've only got one IP address to play with - not without manual intervention. You could configure the same IP detaisl on both edge routers and leave one interface shutdown (run them in a VLAN and use an SVI to traffic will pass across your layer 2 WAN), but I can't offer anything better than that - I'll watch to see if some other genius can. :-)
Cheers
