CSS site redundancy questions

Unanswered Question
Jun 18th, 2007

I have found out that BGP is configured to advertise the HQ subnet of

2.1.1.64 out of the DR site during a failover of the HQ Internet connectivity, or an entire site failover.

Since this is the case, I do not need the DNS solution, but I will still need to put the second CSS in the DR site.

This brings up this problem:

I have the one CSS configured in the HQ site with services and VIP's in

the 2.1.1.64 subnet and is is working.

If the primary server is down, the CSS points to the DR server NAT configured

in the HQ PIX, and the traffic is routed tthrough the HQ PIX through our

internal MPLS cloud to the DR server.

The DR site has it's Internet in the 6.2.1.128 subnet.

The DR pix had it's outside Interface configured in the 6.2.1.128

subnet, but has static NATs for the servers in HQ AND DR the same as HQ, in the 2.1.1.64 subnet.

This way, when a failover happens, DNS does not need to be changed.

So what this means is I will have to configure the CSS services and VIPs pretty much the same as the CSS in the HQ site.

What I am not sure about are these three things:

1. What IP Address subnet do I put the CSS interface and server services in? I will put the VIPs

in the HQ subnet 2.1.1.64, due to the fact that BGP will route to this subnet, but how do I set up the CSS interface itself?

2. Do I need to set up communication between the HQ CSS and the DR CSS through an App service?

What would I gain in my scenario? I am not sure it will help me much in this

setup.

3. Can I set up the DR site services with the same addresses as the HQ site services?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Fri, 06/22/2007 - 08:11

Using the CSS switches DNS capability, a higher level DNS server (in this example, the one authoritative for yourdomain.com) will be configured to use both CSS' circuit VLAN address as NS records for a sub-domain called www.yourdomain.com. Whichever CSS is referred to by the higher level DNS server will then resolve that a record request with the IP address of the DNS content rule on the CSS.

The primary site will be preferred through a combination of using an ACL on the secondary CSS, an application session between the two CSS switches, and configuring the above mentioned NS records on the higher-level DNS server

http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801dcd75.shtml

Actions

This Discussion