Solved: Router failover without HSRP etc. - Auto Port Failover

mattp0002 · ‎03-26-2015

Quick question for you all:

I want to do a multi-router fault-tolerant design for my interconnection between my ISP and my public network. (Outside firewall)

I am BGP-peered with my ISP, receiving a default route advertisement inbound and sending one prefix out to the world for my IP range.

My ISP and I peer using only a /30 point-to-point network, therefore I can't peer on two border routers at the same time. Additionally, I can't use HSRP or VRRP for the same reason, and furthermore from what I understand I can't BGP peer using a HSRP/VRRP-created VIP.

My ISP connection is 100 mbit ethernet over twisted-pair. I was thinking of plugging this into a switchport, then have both my border routers also plugged into this switch. Can I configure both router ports identically, both with the same IP address valid for my end of that /30, and simply have one router's switchport active and the other in shutdown state?

Is there any way on a cisco switch to have the shutdown port come online after the active port is no longer "up/up"? As in, is there any way to do interface tracking on a switch and have these ports flip-flop from active/shutdown to shutdown/active without any human intervention?

Thanks!!

PS - Or, is there another way to provide clustered-router connectivity to a single ethernet ISP connection using a /30 and BGP peered as I've described?

Vasilii Mikhailovskii · ‎03-27-2015

Hello.

You may try to configure FlexLink (swi backup interface) on the switch to automatically enable backup port.

But in this case you would face an issue with ISP's arp cache. ARP cache issue might be solved with VRRP ip-addresses equal to real IP-address.

PS: regardless of possible options, it's not a good idea to stack a lot of failover features one over another - the best would be to have /29 subnet, running both eBGP sessions simultaneously.

View solution in original post

Vasilii Mikhailovskii · ‎03-27-2015

Hello.

You may try to configure FlexLink (swi backup interface) on the switch to automatically enable backup port.

But in this case you would face an issue with ISP's arp cache. ARP cache issue might be solved with VRRP ip-addresses equal to real IP-address.

PS: regardless of possible options, it's not a good idea to stack a lot of failover features one over another - the best would be to have /29 subnet, running both eBGP sessions simultaneously.

mattp0002 · ‎03-27-2015

Thank you Vasilii, you are correct as usual!

I spoke with my ISP and they are willing to use a /29 to implement this, or alternatively two separate /30's. I'll just do the eBGP and maybe to some as path prepending on the secondary router if I want to prevent asymmetric routing - or, maybe I won't and I'll just let it do its thing.

On the "internal" interfaces of my 2 border routers I guess I will run HSRP or VRRP in order to provide redundancy for all the devices plugged into that segment.

I wasn't familiar with flexlink but it does sound like exactly what I was looking for. I'll probably set it up in the lab and test that out too just for fun.

Thanks again!