redundancy w/ vrrp and ?

Unanswered Question
Mar 21st, 2007
User Badges:

Hi,


I am testing VRRP and it seems to work very well. Below is my config


R1-3640 Primary Router

R2-3640 Secondary Router

S1-2960 Internal Switch

S2-29?? External Switch


I have a single ethernet drop from our colo provider, I will have it go into a switch then to each of my routers on FA0/0. The internal switch uses Gi0/1 for a link to R1 and Gi0/2 to R2 on the router port Fa1/0. VLANs are used from the router to hosted machines on S1. I have a public /24 for each VLAN grouping Windows and Linux servers on their own respective VLAN.


Currently there are no defined routes between the routers. Our upstream only points to R1 for our IP space which they are announcing for us.


Should I lose any of my links VRRP will take over for that link. What is the best way to make sure that traffic doesn't go to a router that has a dead link on another port? I thought about OSPF, but it might cause a route flap should VRRP drop and recover quickly.


I think it would be nice to have some type of routing between the 2 routers to allow traffic to flow during a link failure on another interface. We have a /22 on our network and I could setup something similar to this..


R1

ip route 1.2.3.4 255.255.252.0 R2-Fa0/0 10

ip route 1.2.3.4 255.255.252.0 R2-Fa1/0 10

ip route 0.0.0.0 0.0.0.0 R2-Fa0/0 20

ip route 0.0.0.0 0.0.0.0 R2-Fa1/0 20


R2

ip route 1.2.3.4 255.255.252.0 R1-Fa0/0 10

ip route 1.2.3.4 255.255.252.0 R1-Fa1/0 10

ip route 0.0.0.0 0.0.0.0 R1-Fa0/0 20

ip route 0.0.0.0 0.0.0.0 R1-Fa1/0 20


Should I look at doing route maps possibly?


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owaisberg Tue, 03/27/2007 - 09:44
User Badges:

If you have only one link to upstream

provider then the task can be achieved

much easier by forcing VRRP to track

connected interfaces and decrement priority

value if router's connection fails.

In that scenario you don't need to run any

routing protocols or use route-maps.

(I assume we are talking of Internet connectivity)


HTH,

OW

paarlberg Tue, 03/27/2007 - 11:40
User Badges:

Thanks for the info. We are in a carrier neutral facility with our current link being via the colo space provider which has 6gbps of connectivity to several Tier 1 providers. We are considering adding a link to 1 or more providers directly to reduce dependency on the colo provider's network. Even a $500 a month cheap Cogent (in the building) link will be enough during a failure. In the colo arrangement we are billed (from what I have been told) based on 95% usage.


We are looking at building redundancy to multiple providers with R1 going to the colo and our direct links via R2.


With uplinks from both routers, then BGP can take over in that scenario.


The main concern is if we lose the local side of the router, under the current single uplink scenario, we will be able to route out R2, currently the colo provider is forwarding traffic to R1 IP only. We would like to be able to pass that traffic to R2 should there be a partial router failure (interface, cable, etc..).


If we use OSPF and only use connected subnets, that would help the situation, but R1 needs to know that the route of last resort is via R2 if the WAN and/or LAN sides are down on eaither router.


I was thinking of something like this.. I hate static routes, but it will work. If this runs over a NM-1Exx on each router, then the failover is not dependent on any of the VRRP interfaces. It will be slower, but it will be up.


ip route 0.0.0.0 0.0.0.0 R2 100

ip route 1.2.3.4 255.255.255.252 R2 100


If I use route maps, can they be applied to the interface instead of sub-interfaces? This will simplify the config if additional subs are added later.


thanks



owaisberg Tue, 03/27/2007 - 13:06
User Badges:

In the case you will have two up links, BGP

solution would be a big help to provide the

full redundancy, assuming of course both ISPs

will agree to peer with you. As well, if you

have a firewall behind these two routers then

you would need to choose one of these routers

as your default (since most of the firewalls

wouldn't allow you to have multiple defaults)

In that case you would need to use HSRP/VRRP

for redundancy (outbound) and route-maps on

primary router to redirect portion of your

traffic to the second link for specific sources. Route-map itself can be applied

on any interface in that case (of course on

inbound from LAN to the edge routers to allow

PBR to work properly)


HTH,

OW

Actions

This Discussion