Failover/redudant solution question

Unanswered Question

Hi,

Recently our current gateway solution went down due to a hardware failure, resulting in production loss etc.

We now want to secure our gateway (Lan->Wan) the best we can to prevent this from happening again.

We only got one WAN line (10/10mbps) and the provider cannot garantee a redudant connection (meaning if one goes down, most likely a second also will) - so we are stuck with only one line.

The hardware however should be possible to secure!

What kind of router will make is possible to configure a failover solution on only one line??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sdoremus33 Sat, 09/13/2008 - 07:58

What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH

sdoremus33 Sat, 09/13/2008 - 07:59

What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH

Ryan Carretta Sun, 09/14/2008 - 00:11

You can only implement redundancy mechanisms within your LAN in this instance.

If the provider only supplies one WAN line, there is necessarily a single point of failure in the system. The line has to come in at one point, and in doing so that becomes the single HW point of failure. You can implement redundancy mechanisms further down the path, but short of something that can change the WAN connection at layer-1 in the event of a failure (like a person), there isn't going to be anything you can do in the event that there is a failure on the HW that terminates the line.

Hi,

At out current location we have to accept the fact that the line it self is a single point of failure. Getting a second line would not change much (except increasing the bill from our ISP).

This however shouldn't prevent us from securing the gateway futher down the path.

So what we're looking for is in fact a redundancy solution inside our LAN.

Would it be possible to setup two 871 routers, and configure a virtual gateway address inside the LAN?

The two router surely have to be connected to the one (and only line) through switched solution with a separate address on each device.

How about incoming trafic? Is it possible to use HSRP on the outside as well ??

Actions

This Discussion