HSRP - 3845

0jimlong0 · ‎09-15-2009

HI, we had a data provider come in and install 2 3845's for us so we could have redundant connections to thier site. They have told me they can give me only redundancy/failover or load balancing but not both. Is this accurate?

The way is is set up currently if the active router/circuit fails it take 5 minutes to failover is this the best I can expect?

Maybe you can tell I'm not sure that I'm getting what I'm paying for. If this is the best these routers can do then I guess it's ok, but I would expect a little more.

thanks for any insight you can provide.

jim

Jon Marshall · ‎09-15-2009

Jim

"They have told me they can give me only redundancy/failover or load balancing but not both. Is this accurate?"

Kind of accurate ie. either you run all traffic through one router and then if that router fails it will use the other one

OR

you use both links at once ie. load-balancing. Where i think it is a bit misleading in what they told you is that if you load-balance ie. use both links at the same time and one of the routers/links fails you still have redundancy because the other router/link is still up.

So it sounds like you want load-balancing. The other advantage of load-balancing is that if one of the routers/links fails then it is almost instantaneous that all traffic then goes via the remaining router/link.

If you want redundancy/failover however 5 mins does seem a long time. It depends on the routing protocols in use etc. but you should be able to improve on that time.

Jon

Richard Burts · ‎09-15-2009

Jim

I am sure that there are aspects of the environment that we do not know which impact the time to failover. But I find it hard to believe that anything about the routers (or the model of the routers) is responsible for a 5 minute failover.

In terms of failover or load share, the simple implementation of HSRP has a single standby group wich results in an active router which takes all of the load and a standby router which carries no load. But there is an alternative to configure HSRP with 2 standby groups. You set up HSRP so that one router is the lead in one group and the other router is the lead in the other group. (each router is the standby router in the group for which it is not the lead) Then you configure the end stations so that one half have their default gateway as the first group shared address and the other end stations have their default gateway as the shared address of the second group. In this way each router carries some load and there is redundancy so that one router carries all of the load if there is a problem with the other router.

There may be reasons why your provider did not give you this alternative. We can not know about that without knowing a lot more about the provider and the details of your environment. But the constraint is something in the provider and is not inherent in the routers.

HTH

Rick

HTH

Rick

0jimlong0 · ‎09-15-2009

As these routers sit outside my firewall I route all traffic to the networks they maintain to a single (shared) address. Not sure there's a way for me to divide that traffic across two addreses (gateways), If that's the only way to get load balancing then I guess I'll pass.

Not real pleased with 5 minute failover, each router is connected via gig interface to a 50mb optiman connection with a VPN tunnel from end to end.

Joseph W. Doherty · ‎09-15-2009

As Rick correctly notes, we might not have sufficient information, but the response, on it's face, seems inaccurate. (Much might have to do with what they consider "redundancy/failover or load balancing ".)

Besides what Rick was describing (I believe mHSRP), the 3845's should support GLBP although from a firewall this might not be useful. If the firewall supports multiple gateways, mHSRP might be very suitable.

Even without balancing across gateways, it should be possible to have one router send half it's traffic to the other router.

Like both Jon and Rick noted, 5 minute failover seems very, very long. Failover can be sometimes brought down in the range of subsecond to several seconds, so there should be some room for improvement.