I have two cisco ASR 1002 routers. I also have 2 ISPs. I do not want to load balance between both ISPs, but I want to fail over to one if the primary ISP suffers a failure. One thing I don't want to have happen is, if our primary router fails we would then have to fall back to our secondary ISP. I would prefer to keep using ISP 1 on the secondary router.
The proposed diagram I have is atached. I am using a L2 connection to reach each ISP on both routers.
Personally, I wouldn't want to use the switches inside your firewalls to link your outside ASRs to each ISP.
I know the ASRs are under your control and you want to provide as much resiliency as possible, but there will be several more single points of failure along each circuit before traffic reaches any redundant infrastructure within each ISP network.
An alternative approach is ask your primary ISP if they can provide a redundant service. You'd need a third ASR though, and perhaps a pair of layer-3 switches as well, depending upon the design constraints.
Currently we don't have the budget for another ASR and Level3 cannot provide that link without another substantial cost. We could look into BGP fast fail over (I forget what it's called) with our ISPs. That way we could fail back to our primary without incurring another long outage.
IP SLA echo works well for outbound traffic to the Internet. Your primary ASR could Ping various routers within your primary ISP cloud and, if all echo requests fail for a pre-set period, then route all your outbound traffic via the secondary circuit.
Once connectivity is restored, you can also configure a delay period before traffic is restored to the primary link, and that way help mitigate against a flapping link.
IP SLA echo should be quicker than BGP and is also able to look further into the ISPs cloud. For example, if they lose their core or all transit and peering links, but their edge router connected to your network stays up, then the default route being advertised to your ASR might not be withdrawn, and your outbound traffic would be blackholed. However, if you're running an intemittent ping to their core routers, plus a couple of specific websites, then you can detect these outages. I can't imagine Level3 getting into such difficulty, but you never know. I've known at least one nationwide carrier suffer a major outage like this, several years ago.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...