HSRP on WAN valid design?

Answered Question
Jan 31st, 2010

I have attached a diagram, but here is the description:

Putting 2 x 2821 in a datacenter, they are providing 2 ethernet cables for WAN/Internet with a single default gateway for us to route our traffic to.

Behind my 2 x 2821 I have a publicly routable (provided by the datacenter) /24.

The DC will be routing all traffic to our /24 to an IP within an interconnect block.

The equipment that will be hosted will be Citrix, http, etc. So basically inbound connections into the datacenter from the internet.

The 2821's will also be VPN terminators for a variety of VPN's that will be used to access resources within the data center.


My plan is to use HSRP for my WAN ports to create a single Virtual IP within the interconnect block which the datacenter will then route our /24 routable subnet to. So basically according to my diagram (ips replaced) my WAN interconnect HSRP IP will be 1.1.1.4, and they will route all traffic for my 2.2.2.1/24 network to 1.1.1.4.


My question is, is using HSRP on my WAN side (as outlined above) a valid design? Or should I be looking at seeing if the datacenter can use routing protocols and my 2821's to achieve high availability/redundancy?

Correct Answer by Paolo Bevilacqua about 7 years 3 weeks ago

A 2821 will practically support only about 50 Mbps.


Yes, you can have all participating routers in the same subnet.


Thank you for the nice rating and good luck!

Correct Answer by Giuseppe Larosa about 7 years 3 weeks ago

Hello,

in your specific case HSRP could be used because what you call WAN links are actually GE or FE links.


However, looking for  the use of a routing protocol is a better choice because the intermediate Layer2 devices makes not possible to detect a failure directly, that is even if both routers are powered off for other 4 hours (default ARP timeout) the DC routers will try to send traffic to your VIP 1.1.1.4.


you and the DC should implement IP SLA to track effective reachability of next-hops. that is a complex configuration to try to emulate a routing protocol.


Using dynamic routing protocol provides better detection and should be preferred because it allows for load balancing over both paths/routers.


deploy two point-to-point subnets /30 to connect DC1 to R1 and DC2 to R2 and you should be fine.


intermediate switches to introduce IPS are not a problem with a routing protocol there are hello messages that track neighbor health for you.


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Loading.
Paolo Bevilacqua Sun, 01/31/2010 - 01:04

HSRP is NOT a valid solution for WAN, will NOT work, must use routing protocol instead.


Also recommend you engage a reputable, certified cisco partner ot consultant for the job.

Correct Answer
Giuseppe Larosa Sun, 01/31/2010 - 02:56

Hello,

in your specific case HSRP could be used because what you call WAN links are actually GE or FE links.


However, looking for  the use of a routing protocol is a better choice because the intermediate Layer2 devices makes not possible to detect a failure directly, that is even if both routers are powered off for other 4 hours (default ARP timeout) the DC routers will try to send traffic to your VIP 1.1.1.4.


you and the DC should implement IP SLA to track effective reachability of next-hops. that is a complex configuration to try to emulate a routing protocol.


Using dynamic routing protocol provides better detection and should be preferred because it allows for load balancing over both paths/routers.


deploy two point-to-point subnets /30 to connect DC1 to R1 and DC2 to R2 and you should be fine.


intermediate switches to introduce IPS are not a problem with a routing protocol there are hello messages that track neighbor health for you.


Hope to help

Giuseppe

cisco-cdn Sun, 01/31/2010 - 10:06

Hi Thanks for the reply, yah I guess my term WAN was incorrect, the interfaces are actually GE that connect to the DC.

Appreciate your answer, it will now set me off in the right direction.

Paolo Bevilacqua Sun, 01/31/2010 - 10:31

I need to correct myself, at least partially.

Although using routing would be the most correct solution, you may find the housing provider unwilling to cooperate in that. So, an HSRP configuration may actually work and be more practical.

Also, how much traffic are you expecting to handle ? A 2821 may not be enough.


Please remember to rate useful posts clicking on the stars below.

cisco-cdn Sun, 01/31/2010 - 10:44

Our expected load would be maybe up to 2000 concurrent sessions into Citrix and RDP.

I will have to contact the data center tommorow to see if routing protocols is something that they will allow us to do, on a different diagram I have from them it lists OSPF, but I am not sure if thats for customers, or just their internal routing.


The previous posted talked about 2 separate /30 networks between one of my routers and DC's router. The DC plans on adding a third router/ISP in the near future. Could I not just use my current interconnect block and have all 4 routers (2 mine, 2 DC) in the /29?

Correct Answer
Paolo Bevilacqua Sun, 01/31/2010 - 10:46

A 2821 will practically support only about 50 Mbps.


Yes, you can have all participating routers in the same subnet.


Thank you for the nice rating and good luck!

Actions

This Discussion