I have one question and I'd really appreciate your input on it; I have a setup like the following:
my border router has to be connected to the internet from one side whereas it has to be connected to 2 different switches in the internal network using 2 different interfcaes (each interface is connected to a different switch). Each switch will then be connected to 2 different firewalls working in Active-Passive or Active-Active. My question here is, how can make my router different interfaces to work as a pair (Active-Passive) so if one of the interfaces failed, the other interface will become up and take over, because my thinking here if I kept the 2 interfaces up at the same time then this might cause me problems because the router will be routing the same copy of the traffic twice to the internal network. Please advise.
As u said that there r 2 interface at inside and 1 towards internet.If routing is done properly then shutdown one interface u will see that the traffic should go via second interface.
As u r saying having two interface will do the routing two times but it doen't happen in reality, if u r using OSPF as a routing protocal then it is feature of ospf to find the best path between the two.
First of all, keeping in mind the kind of network you are designing with 2 active/active firewalls to a single router with 2 interfaces will not cause any traffic duplication or problem.
If your network is properly designed and configured, then it will give you an advantage to loadbalance the traffic using the 2 router links. If you have any dynamic routing protocl working or using static routes, router will try to load-balance the traffic across the 2 paths.
If you can forward us the Network diagram, then we will look into it more with the connectivity part and will try to put some more info.The best solution to this problem will be suggested once we have an idea on how the firewalls are setup and how they are working.
Keeping two interface simultanously is truly good for internal network because it will give you redundancy and load balancing as well. But why you think that this router will forward twice the traffic to internal network. if any traffic going towards your internal network will be ethernet and it will go on the destination mac address of firewall's. it would be appriciated if you can expess why you thinking like this.
I'm using static routes in my current setup, and I'm poting to the FW outside interface as my internal GW for any traffic initiated from the router and destined to the internal subnets.
Now the traffic has two ways to send the traffic (one using internal interface 1 and the other option using interface 2), so what's the decision criteria that the router will follow to route the traffic to inside? I was thinking that it will send a copy of the traffic from both interfaces and I will be having problems then, but I'm seeing from your posts that a load balancing will happen... Please help me in understading according to what the load-balancing will happen in this scenario; will this be a simple round-robin or what?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...