10-07-2010 09:23 AM - edited 03-06-2019 01:23 PM
Hi Folks
I have a customer that is adding redudancy in the network in their facility. A few months ago, they have added a secondary telecom room within the campus but in a different building. The service provider will move/install the backup circuit (MPLS) over there, but prior to do that we are working in the design. there is a fiber optic connecting the 2 telecom room already
Furthermore, my customer has already installed an stack of 3750 on the secondary telecom room and has configured HSRP with the other stack of 3750 currently in the main telecom room for LAN redundancy. It works fine.
the customer is taking advantage of this redesign in order to put 2 Fortinet firewall between the service providers routers (primary & secondary) and each stack. Thus, in each Telecom room we will have 1 CE Router (SP) -------- 1 FW ------ 1 3750 stack
The service provider is reluctant to configure HSRP between their 2 routers.
My question is, is there any limitation in distance (around 1 Km in this particular case) in order to avoid configuring the HSRP in the routers? specially when we have it working on 3750 stacks in the exactly same locations?
The goal is to simplify configuration by using HSRP.
Thx,
10-07-2010 09:37 AM
HSRP could be used in this topology. The physical distance may introduce some latency but I doubt 1 kilometer will even be noticeable. HSRP hello and dead timers are adjustable; I usually set them to 1 second hello's with a 3 second dead timer.
Why not consider a dynamic routing protocol? I'm not familiar with the Fortinet firewall, but most network devices support RIPv2 at a minimum and many support OSPF. This dynamic routing relationship could extend from the SP managed CE through the firewalls to the 3750's.
Chris
10-14-2010 09:41 AM
Hi Chris
Since it is the customer who finally will take care of its own network, they prefer to avoid routing protocols involved if possible.
As a backup plan, we are currently testing with OSPF and the default-information originate option plus ip sla tracking and that allows us to change of default gateway dynamically.
We still need to tune the fortigate portion
Thx, Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide