I am relatively new to data center design and implementation.
I am designing a Intranet data center with active and standby sites which are 20 miles apart. One site (DC1) is active and all the user requests must be forwarded to this site.
The other site (DC2) does not accept any request from users while DC1 is up. In case of DC1 goes down or an Application or database server goes down, a failover of application happens, and all user requests must then be forwarded to DC2. Once the DC1 comes up the DC2 should go to standby mode and users must connect now to DC1. Im using 3 tier architecture for servers. In the 2nd tire I have got web servers and many other servers which will be accessing database servers located in 3rd tier.
We are using 6500 on both sites with firewall, CSM. Database servers are placed behind an external firewall as shown below.
DC1 (similar setup on DC2)
Dual Network Core
FWSM --- CSM---------web and other servers
My concerns are.
1.Is this design including the placement of CSM correct?
2.What about IP addressing. Should I design different IP networks on DC1 and DC2 switches?
3.Do i need to run HSRP between the DC1 and DC2?
4. Application load balancing is my main concern. Can i use RHI? Will it work when CSM is place behind the firewall?
5. Can I use GSLB on CSM? Can u please provide a sample config for GSLB for Active and standby kind of setup
Plz can any one post standard design for Active/Standby datacenter design with GSLB config.
If you have a Layer 2 link, then you can use same ip addressing and you can use HSRP.
If this is L3, then you need different addressing and you can't use HSRP.
4.. RHI simply insert a static route in the MSFC routing table. The MSFC should then be configured to redistribute the static into the routing protocol. The information does not go on the wire, so the FW can't block the communication between CSM and MSFC.
The route will point to a CSM ip address.
So you will need another route to point this address to the firewall.
Honestly, I did not try it, but I believe it should work.
5.. We do not recommend using GSLB on the CSM. You should look for the GSS [Global Site Selector].
1.I was planning for a L3 Etherchannel between DC1 and DC2. But the im still have an open option to replace L3 channel with L2 or add another L2 link. what would you suggest which option would be better how its goin to affect other design parameters.
2. Since RHI install route on MSFC when it is directly connected to MSFC. I have a firewall between, Im not sure what cisco say about RHI with FWSM? any link??
3.We will be only having 2 sites with purely one active and another standby. so i believe CSM GSLB is a bette choice.
Biggest hurdle im facing is about Application failover. Imagine a DB server goes down in DC1, the DB server in DC2 reconiges the failure and becomes active on its own. However network will know about this? How user trafice will automatically directed to DC2???
Is GSLB the solution? is there some other solution?
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...