I have a Cisco Catalyst 3550 with SMI.
I wanted to know if it is possible to have 2 providers come in the 3550, but everything is statically configured.
Meaning I do not run BGP, I tell my providers to statically route my IP's and in my 3550 I put the routes to those 2 providers with distances (for example the backup provider I want will have a higher distance)...
Is that possible? what possible problems can that make? anything else you would suggest?
Yes, it's possible. Just like you said, you can configure floating static route(s) i.e routes with higher admin distance, to serve as backup route(s).
You didn't mention in your original post how you connect to the providers. I assume you have some sort of layer 2 connection. A problem can arise with that setup, the ethernet interface connected to the provider mayn't go down but the provider's next hop address mayn't be actually reachable. This can result in problems as the floating static route wouldn't come into the routing table if the interface didn't go down. You can use a solution called reliable static routing using object tracking to remedy this problem. The following CCO link has info on how to configure it.
Hope that helps!
Thank you for your answer, I will explain to you how everything will be connected.
I will have one FIBER connection from provider X in my gig port of my 3550 and I will have one ETHERNET connection from provider Y in a fast ethernet port.
Basically, since those providers have BGP, if they both announce the routes, I will always get the best INCOMING routes... Now for outoing I will set it up like this:
ip route 0.0.0.0 0.0.0.0 XX.XXX.XX.XX (Provider X)
ip route 0.0.0.0 0.0.0.0 XX.XXX.XX.XX 200 (Provider Y), note the higher admin distance of 200 on the second outgoing route.
I assume that by that way everything should work properly just for the routing, am I correct to think that way?
If yes, let me know ANY and ALL problems that can cause like you mentionned in the above answer and all other issues it can bring, I want to cover all my bases...
According to your last reply. The static route itself works fine. You selected one path as preferred path and let other as backup. However, I want to know did you own a public IP ? If not, the public IP will be provided by the providers.
Here is the problem, due to both providers will announce their public IP, the incoming traffic will be based on the provider's connectivity to the Internet and you cannot control which path will the incoming traffic from the Internet. However, if you do not need to select the preferred incoming path then it is fine.
In additional to above case, if two providers' router can enable HSRP, you simple ask them to enable it and your switch only point the virtual IP as next-hop is fine.
If it is private connection, then the remote end should also configure similar static route to maintain the consistant path.
Hope this helps.
From the providers I get a /30, one IP for them on their end and the other one for me on my end. So my default 0.0.0.0 route points to the preferred provider on my side and then second 0.0.0.0 to the other one with higher admin distance.
Now I know I cannot control incoming traffic, that will depend on the peering agreements between all ISP's worldwide and how they connect to me, but I CAN control outgoing.
Here are some questions:
1) I did not understand your part with HSRP exactly please?
2) My big question is, if I have TWO 3550's that eventually I would want TWO providers on my network with the HSRP option between my two 3550's is that possible? Basically how can I have TWO 3550's with two active providers working seamlessly (I think I would need one provider in the first as uplink and the second provider in the second 3550 as uplink) but what do I use to achieve this goal?
Your answer to my two above questions are very much appreciated.
I remember your case.
1) For the HSRP, what I mean if the 3550 treated as L2 switch only and enable the HSRP at two ISP router w/ same HSRP group. And users point to the HSRP virtual IP as default GW, then it will be much simpler. Because the outgoing path is depending on the active HSRP router and no need to worry about routing issue.
2) Can you explain more detail ? Where do you mean to enable the HSRP ? At ISP router or 3550 ?
In this case, I prefer to setup two HSRP groups, partial of the users point to group A as GW; remaining users point to group B as GW. i.e. two virtual IPs.
Please clarify. Thx.
1) ISP router cannot do this because they do not offer that service, it is up to me to do it.
For this question also, remember I had MANY routes in my 3550, if I want to put ALL these in VLANS now, how can I do it WITHOUT affecting the customers gateway they use? Because if one has his primary IP of the server with one subnet and additional IP's in another subnet which I route to that primary vlan with the routing table, now if I change everything by VLAN, they will all be in separate subnets..... so How do I do it?
2) Basicaly I want TWO PROVIDERS in static mode, NOT BGP and the TWO 3550's in HSRP redundancy, what solution do you suggest?
1) IC, You can enable both 3550 w/ static route and only point to the connected ISP as next-hop for default out-going path. Then configure HSRP at all VLANs. The HSRP can be used to control which ISP as out-going path. Because if traffic go to primary 3550 then use primary ISP to Internet; if traffic go to backup 3550 then use backup ISP to Internet.
As I remember, I proposed to separate different subnets with VLAN. If the user is directly connecting to the 2950, there should be no problem. Because you can configure the user port as access with corresponding VLAN. Where the VLAN will be routed by 3550. When the packet come from user via 2950 and 3550, the 3550 will treated the traffic as connected interface and no need specific static route. i.e. only the default route is required for out-going to ISP.
2) Above suggestion should able to fulfill your requirement. No BGP, static route and HSRP. But you need to understand that you cannot control incoming traffic flow. And there is no need to interconnect two 3550 directly, because two 3550 has been connected via 2950 and different VLAN.
The principle of this design is to let the router to use the local connected path to go to the Internet and use HSRP to select the out-going path. SO there is no need to consider inter-3550 routing. But this design only workable if two ISP are available, if there is only one ISP at the moment, I suggest not to use HSRP to prevent any problem and spend time on troubleshooting. Do you agree ?
Please feel free to comment.
For number 1, I have tried what you said but it doesn't seem to work. I am trying to put the trunk on my 3550 bigger for a certain port, then trying to add an IP from another subnet on a server from the default subnet and I cannot ping the IP... I added on the 2950 the dynamic desirable so ONE port can access MANY Vlans but it doesn't seem to work... Is there is a way to say to my 2950 (layer2) that ONE port can have multiple vlans? I think that is my problem, how do I do that?
2) Also for the static route in which you said to have second provider on second 3550, but then the second provider will come into play for ANY vlan that is as active for the standby 3550 or ONLY when the primary switch is completely dead?
Thanks for your update.
1) Can you confirm you configured the default gateway in the server to match w/ the new setting ? i.e. the VLAN IP address. Please provide the new config. if it still not work.
You can use trunk port to allow one port to many VLANs. Just like 2950 to 3550 connection.
Moreover, please check below link that the 2950 require EMI to support 250 VLAN, SMI supports 64 VLAN only.
2) According to my proposal, the VLAN in standby 3550 will active all the time. It means no matter the primary 3550 is up or down, the VLAN in 3550 still active. If there is traffic come from 2nd provider, it will go through standby 3550 then VLAN and the user/server.
In the porposal solution, the HSRP control which provider will be the out-going path. But the incoming path is depending on the provider.
Hope this clarify. Please provide the updated 3550 config. if there is still the problem.