High Availability & Redundancy - DC (for Routing Protocol)

netbeginner · ‎08-28-2014

Dear Friends,

Sharing a proposed architecture of datacentre (image attached). Where we are using below devices.

1) Two routers for MPLS WAN (Rtr-1 & Rtr-2)

2) Two L3 core switches (CSW-1 & CSW-2) --> with Etherchannel

3) Two Perimeter firewall (PF-1 & PF-2) --> connected with DMZ

4) Two Internal Firewall (IF-1 & IF-2)

5) Two L2 Access Switch ( ASW-1 & ASW-2) --> from where datacentre servers are connecting (zones). Etherchannel between both these switches.

All Connectivity will be in High availability/redundancy mode. We have planned to run First HSRP instance between MPLS routers. Second HSRP instance between Perimeter firewalls and Third HSRP instance between Internal Firewalls.

Although we feel that our high availability and redundancy purpose will be fulfilled with above mentioned process, but still request to please have a look into scenerio and advice if routing protocols (with their purpose) are also need to be implement between any of the devices.

Thanks.

Vasilii Mikhailovskii · ‎08-31-2014

Hello.

If you use ASA as firewalls, you won't have an option to run HSRP there, but ASA has built-in HA solution.

Also I doubt if it's a good idea to plug MPLS to the same FW, as Internet connection (but it's a matter of security requirements).

PS: if you don't need a lot of throughput between DC and DMZ, then you might find FWSM useful.

PS2: what switch will be servicing your DMZ zone?