HSRP/GLBP vs. Layer 3 Redundancy

martin.luethi · ‎05-08-2007

Hello

We need to build a redundant Gbps VPN platform for partner and 3rd party connections. A big discussion started whether to go for layer 2 (HSRP/GLBP) or layer 3 (OSPF) redundancy. Now I'm looking for the pros and cons re stability, complexity, convergence, etc.). Our concern for layer 2 is the risk of STP, broadcast storm, etc. which would take down both systems.

thanks!

Amit Singh · ‎05-08-2007

Martin,

What are the devices you are thinking to use here.What would be the final network topology that you are thinking. Please let us know the toplogy and we will be able to help you. Using HSRP/GLBP or OSPF depends on final network design that you have.

-amit singh

martin.luethi · ‎05-08-2007

It's all very open. We know that the design depends on how we'd want to implement redundancy. That's why we'd like to get a better idea of the two ways.

We have two data centers with full layer 3 connectivity outside the firewalls and on the inside (intranet). The partners need to be able to access our servers with 1:1 NATed public IPs in the DMZs. We terminate the VPN in a different DMZ (on Cisco Routers). The servers are available in both data centers (different physical machines with different public IPs).

One way would be to lay a layer 2 connection between the two sites and connect the two VPN gateways and run HSRP or GLBP. The other idea is to use a routing protocol with reverse route injection on the VPN gateways.

The solution does NOT need to be highly available.

Again, it's not really the design I'm looking for, it's the pros & cons of layer 2 vs. layer 3 redundancy.

thanks!