Solved: HSRP on layer 3 switch?

louis0001 · ‎10-31-2015

Hi,

we have 50 satellite sites that are on an MPLS network.

These site all point towards our main site (lets call it site A)>
Site A has a 4 switch stack (master/slave) for it's local lan which is has 100 clients & various servers.
The MPLS comes in and goes to our core switch which in turn routes it to our ASA's to the internet if needed.
We also have other sites (10) which come in to the core switch via 100mb lines

We're thinking of implementing HSRP for this core switch. I understand the concept a bit and know that when 1 switch fails the other will take over and still route our lan traffic etc to the internet etc.
My question is if the top core switch (with the physical 10x 100mb connections) goes down, I know the (proposed) bottom switch will come out of standby and still route the lan traffic etc. But what about the 10x 100mb physical connection to other sites? If the active switch dies, they will as well.

What is the best way to deal with this? Is it a case of keeping the same config and manually switching them over? I'm thinking we might be able to put some of those connections into HSRP too but the problem is, some of the endpoints only have a single connection eg the NTE

Any suggestions?

Ganesh Hariharan · ‎10-31-2015

OK, So you mean 100 mb connection are directly terminated on your active HSRP switch and in case of failure of this switch the 100MB also goes away.

So what i understand is single link only beeen proviosned from all these sites with 100 MB link.

But designing a fully H/A architecture requires physical connection between sites so that you can apply any type of redudnacy design.

By seeing the above example i can only suggest to have configuration ready on standby switch so manul ntervention would come in case of primary goes down, As i can figure out any other option as physically you have one port at remote end which is also a limitation with this design.

-GI

View solution in original post

Ganesh Hariharan · ‎10-31-2015

Hi Louis,

Do you have any diagramatic represenattion for you requirment ?

-GI

louis0001 · ‎10-31-2015

At the moment, we haven't drawn anything up but the main gist of the question is if 2 layer 3 switches are operating in HSRP mode, what workaround is there for a single physical connection.

For example, we have a 100mb link directly plugged into the active HSRP switch. If that switch goes down, the 100mb physical link goes down with it.
Now, I know that I could get connection into it's own active/standby config so that the bottom switch has another cable and is ready to take over. Problem is at the other end of the 100mb connection is a single port. I know I could put another layer 2 switch in there but it just introduces another single point of failure again so is there any point?

I'm thinking that if the active switch does go down, some of our connections (lan etc that's connected via 2 ports) will be ok but the single one's purely coming into the top (now standby) switch will need changed over by hand to the (now active) bottom switch.

But at least if we put these single 100mb conections into a active/standby config, then it's only a case of moving the connection from one port (of the now standby switch) to the other port (of the now active switch) if we keep them carefully mirrored in the config

Ganesh Hariharan · ‎10-31-2015

OK, So you mean 100 mb connection are directly terminated on your active HSRP switch and in case of failure of this switch the 100MB also goes away.

So what i understand is single link only beeen proviosned from all these sites with 100 MB link.

But designing a fully H/A architecture requires physical connection between sites so that you can apply any type of redudnacy design.

By seeing the above example i can only suggest to have configuration ready on standby switch so manul ntervention would come in case of primary goes down, As i can figure out any other option as physically you have one port at remote end which is also a limitation with this design.

-GI

Richard Burts · ‎10-31-2015

I believe that there are two aspects of this that we need to look at:

- physical redundancy. If you have a single physical link coming from a site then you have a single point of failure. If the switch where this single link is connected goes down then the site goes down. There is not anything in HSRP that can help this. If you want redundancy for the site connections then you need two links.

- is HSRP appropriate here. The original post indicates that there is a stack of 4 switches. These switches process in a cooperative environment and logically function as a single unit. HSRP requires two switches operating independently. It is not clear from the original post whether there is a second switch (or second stack) that operates independently. You can not run HSRP between two switches in the same stack.

HTH

Rick

HTH

Rick

louis0001 · ‎11-01-2015

The lan stack is for the local clients. If we implement HSRP, the lan clients will have redundancy. What won't have redundancy is the single connections coming in from other remote sites ie the 100mb single links.

We really can't afford to lose the core switch which is why I'm thinking on HSRP which in turn is connected to ASA's in primary/failover mode.

I think the best I can do is run HSRP which gives us a bit of redundancy and accept if the active switch goes down, we will need to do some manual patching.
By running HSRP, we could simply unplug one connection from the failed switch into the now active port on the other switch. Not 100% ideal due to the single connection but there's not much I can do about that