cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
6
Replies

Failover/redudant solution question

ssj
Level 1
Level 1

Hi,

Recently our current gateway solution went down due to a hardware failure, resulting in production loss etc.

We now want to secure our gateway (Lan->Wan) the best we can to prevent this from happening again.

We only got one WAN line (10/10mbps) and the provider cannot garantee a redudant connection (meaning if one goes down, most likely a second also will) - so we are stuck with only one line.

The hardware however should be possible to secure!

What kind of router will make is possible to configure a failover solution on only one line??

6 Replies 6

sdoremus33
Level 3
Level 3

What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH

sdoremus33
Level 3
Level 3

What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH

Check out the following doc for more help it is somewhat lengthy

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp.html

Thanks, seems like the way to go.

This however requires two seperates lines from our ISP (which really has no point) - or with one line a WAN subnet with 2 or more adresses, and a switch on top (another point of failure, but not so likely).

Ryan Carretta
Cisco Employee
Cisco Employee

You can only implement redundancy mechanisms within your LAN in this instance.

If the provider only supplies one WAN line, there is necessarily a single point of failure in the system. The line has to come in at one point, and in doing so that becomes the single HW point of failure. You can implement redundancy mechanisms further down the path, but short of something that can change the WAN connection at layer-1 in the event of a failure (like a person), there isn't going to be anything you can do in the event that there is a failure on the HW that terminates the line.

Hi,

At out current location we have to accept the fact that the line it self is a single point of failure. Getting a second line would not change much (except increasing the bill from our ISP).

This however shouldn't prevent us from securing the gateway futher down the path.

So what we're looking for is in fact a redundancy solution inside our LAN.

Would it be possible to setup two 871 routers, and configure a virtual gateway address inside the LAN?

The two router surely have to be connected to the one (and only line) through switched solution with a separate address on each device.

How about incoming trafic? Is it possible to use HSRP on the outside as well ??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: