2 ISP load balancing and redundancy

aldar bukhaev · ‎12-26-2013

Hello!!

Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.

Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.

Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.

What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco

3700 series routers.

Collin Clark · ‎12-26-2013

STP will block on one of those links. You'll have to talk to your ISP and see if they will build an etherchannel with you. If they won't, one link will be blocked by STP and traffic will not flow over it until the other ink goes down and STP reconverges.

You do mention that you're using 3700's at each location. If you have a L2 WAN then what are the routers doing?

aldar bukhaev · ‎01-07-2014

You do mention that you're using 3700's at each location. If you have a L2 WAN then what are the routers doing?

I forgot to tell they do VPN tunnel cause we don't trust to our WAN provider.

All the branches do VPN tunnel via WAN to central office (exactly to our firewall, which also works as VPN server).

Is there any way to configure STP not to block balanced traffic. And what are methods to make balanced and redundancy solution?

aldar bukhaev · ‎03-20-2015

Sorry for upping 1 year old threat.

We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."

Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.

What could I do to make our L2 WAN redundant? Are there any additional STP settings.

slicerpro · ‎02-05-2014

So you are using ipsec vpn for security? If so, then i'm lost since you also alluded that it is totally L2. If the later is the case, can you consider using QinQ tunnelling?

aldar bukhaev · ‎02-11-2014

slicerpro wrote:

So you are using ipsec vpn for security? If so, then i'm lost since you also alluded that it is totally L2. If the later is the case, can you consider using QinQ tunnelling?

Yes, we do use ipsec vpn. But why QinQ? Our ipsec tunnels with some routes on firewall do transparent connection which is enough for us. Does QinQ belong to some redundant balancing stuff?