Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
4
Helpful
2
Replies

Loadsharing between 2 Datacenters

i.va
Level 3
Level 3

‎06-20-2014 01:47 AM

Hi,

I have been assigned the following challenge: a customer wants to build 2 datacenters and connect these to a L3 backbone. I have attached a (very) simplified network diagram. 

Challenge: The customer wants to span a L2 domain across both DCs and needs to have an Active/Active firewall. This in turn means that the traffic flow needs to be symmetric. Since both firewalls (gateways) and clients in this example are in the same stretched L2 subnet, how do I get the clients in DC1 to primarily use the FW 10.0.0.1 as default gateway, and clients in DC2 using 10.0.0.254 as default gateway. Of course clients need to use DHCP ;)

Possible solution: See attached diagram. However this relies on the additional delay of the DCI to assign different default gateways to clients. e.g. a DHCP request from a client in DC 1 will get the quickest response from a DHCP server in DC1, which assigns 10.0.0.1 as default gateway. The DHCP response from DC 2 (which would assign 10.0.0.254 as deault gateway) would arrive late and ignored by the client.

This does not seem like the perfect solution to me, since we are relying on many factors (e.g. delay may change due to other circumstances). Does anybody have other suggestions?

Thanks in advance!

 

 

 

Labels:
Preview file
27 KB
0 Helpful
2 Replies 2

Sam Byers
Level 1
Level 1

‎06-20-2014 08:33 AM

Relying on the timing of DHCP offer is not deterministic.

Maybe:

  • keep your DHCP split-brain idea
  • block DHCP offers going out of the DCI link (to the other DC) on both sides
    • this way hosts in DC1 never get .254 as the default gateway, and vice versa.
    • make sure DHCP server has redundancy in each DC1 (e.g. two DHCP servers in each DC)
  • bring the first hop down to the L3 switch the hosts connect to
    • use a routing protocol between the FW's and the switches.
  • Use a FHRP between the two DC access switches
    • two vIP's, .1 and .254.
    • DC1 is active for .1, DC2 is standby
    • DC2 is active for .254, DC1 is standby
    • You could track interfaces, routes, etc. for when to change who is active forwarder.

i.va
Level 3
Level 3
In response to Sam Byers

‎06-24-2014 05:20 AM

Hey,

Thanks for your reply! Blocking DHCP on the DCI is a good idea...it should have the result I an looking for. The first hop will need to be the Firewall though, since we have the networks assigned to different security zones. Not the optimum regarding performance, but it will me the more secure approach. I am aware that in a failover scenario e.g. data from DC2 destined for another network in DC2 will traverse the DCI to get routed.

 

Regards

0 Helpful
Customers Also Viewed These Support Documents