Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
2
Replies

NAT Failover for Internal Server

btoups
Level 1
Level 1

‎09-27-2013 11:27 PM - edited ‎03-11-2019 07:44 PM

So I have been kicking this thing around my head (and google) for some time now.

My scenario:  Two data centers connected via MPLS, each with their own internet.  We have replication setup for our VMs to the "Passive" datacenter. Each data center has its own address space.  I want to setup NAT at our main datacenter such that when the VMs failover the internal IP is changed to the new IP at the "Passive" datacenter and traffic is sent over MPLS.  Right now we have to wait for DNS propagation which is not ideal.  I considered going the BGP route but have different ISP's and one isn't  being cooperative.

This is our current architecture.

         

          Internet                                     Internet

          1.1.1.x                                      1.1.2.x

               |                                                  |

               |                                                  |

         Active      ---------mpls--------    Passive

     Datacenter                                DataCenter

         2.2.1.x                                        2.2.2.x

Thoughts/Questions: 

    

     1. Anyway to use internal DNS for the Inside nat address?

     2. Is IP SLA an option with NAT?

     3. How do other people handle this?

     4. Am I missing something really simple?

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-28-2013 12:14 PM

Most often I see this handled with some sort of load balancing appliance.

Cisco's solution had traditionally been the GSS (Global Site Selector). However that's based on the ACE which is being discontinued and would not be a strategic choice.

The newer Cisco solution would involve using LISP but that would have some hardware and software dependencies. More info on that is here:

http://www.cisco.com/en/US/products/ps10800/products_ios_protocol_option_home.html

Other vendors such as Citrix offer it with the GSLB (Global Server Load Balancing) functionality in their Netscaler product. F5 and others offer similar tools.

0 Helpful

btoups
Level 1
Level 1
In response to Marvin Rhoads

‎10-07-2013 01:10 PM

Unfortunately I have no additional funds in the budget to accommodate this.  Below is the current build with equipment involved.  If I could use a DNS name in the NAT statement that would solve all my issues.  But as far as I know thats not possible.

As you can see below LISP is not an option.  Just need ASA's to send the traffic to the New IP when the VM's move.  The old IP will be offline (non-pingable) when the failover happens.  Which makes me think maybe IPSLA? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card