07-21-2016 07:11 AM - edited 03-08-2019 06:43 AM
Trying to figure out the simplest solution to the following:
- A single VLAN stretched over 2 physical data centers
- Assuming all L2 issues are handled and a dark fibre cable connects the two sites
- HSRP can be configured to ensure router failure doesn't affect egress routing (my understanding is that whichever router is active will simply use its routing table to send packets further)
- The issue of ingress has come up - how do we configure the WAN side to intelligently route from other sites to the data center where HSRP IP is active (to avoid asymmetric routing). Is BGP a solution - and the only one - or can something simpler be used.
If someone could describe the mechanics of ingress routing to HSRP via two routers that would be much appreciated.
07-21-2016 09:18 AM
With HSRP, VRRP, you only have control over outbound traffic and not the incoming. If you have 2 routers connecting to 2 providers, you can run BGP and use AS path per-pend to make the backup side look as it is longer path, so inbound traffic comes to the active router. Do you have a diagram you can post?
HTH
07-21-2016 07:45 PM
07-21-2016 08:27 PM
So, yes in this design you can use BGP on the 6500 and the ASR routers to peer with the routers sitting on the remote location. For example say you want the 6500 to be the primary for inbound traffic and lets say that is your HSRP active you would pre-pend routes coming from the ARS site so the path appears longer and so traffic inbound and outbound uses the 6500.
If you have a lab environment, you can test it before putting it in production.
HTH
07-22-2016 04:07 AM
Alright, very good - but would HSRP failover on LAN be able to drive the BGP advertising correctly - in a way that asymmetric routing would be avoided, so:
- If 6509 is HSRP active, that this is the only gateway advertised for the stretched VLAN on WAN side
- If HSRP fails over to ASR, that the 6509 route is dropped and replaced by the ASR one (hopefully within a couple of seconds not minutes)
I was looking at tracking and IP SLA but have now come to think there should be a simpler way to do this - by just ensuring the right route gets advertised from the right routed - the missing piece being what are the exact config parameters which would achieve this :-)?
Many thanks,
Petar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide