Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HSRP/GLBP vs. Layer 3 Redundancy


We need to build a redundant Gbps VPN platform for partner and 3rd party connections. A big discussion started whether to go for layer 2 (HSRP/GLBP) or layer 3 (OSPF) redundancy. Now I'm looking for the pros and cons re stability, complexity, convergence, etc.). Our concern for layer 2 is the risk of STP, broadcast storm, etc. which would take down both systems.


Cisco Employee

Re: HSRP/GLBP vs. Layer 3 Redundancy


What are the devices you are thinking to use here.What would be the final network topology that you are thinking. Please let us know the toplogy and we will be able to help you. Using HSRP/GLBP or OSPF depends on final network design that you have.

-amit singh

New Member

Re: HSRP/GLBP vs. Layer 3 Redundancy

It's all very open. We know that the design depends on how we'd want to implement redundancy. That's why we'd like to get a better idea of the two ways.

We have two data centers with full layer 3 connectivity outside the firewalls and on the inside (intranet). The partners need to be able to access our servers with 1:1 NATed public IPs in the DMZs. We terminate the VPN in a different DMZ (on Cisco Routers). The servers are available in both data centers (different physical machines with different public IPs).

One way would be to lay a layer 2 connection between the two sites and connect the two VPN gateways and run HSRP or GLBP. The other idea is to use a routing protocol with reverse route injection on the VPN gateways.

The solution does NOT need to be highly available.

Again, it's not really the design I'm looking for, it's the pros & cons of layer 2 vs. layer 3 redundancy.