Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.
Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.
High Availability & redundancy on the edge of the LAN
There is no doubt, on the edge of the network some kind of the redundancy is always desireable.In this article I am going to discuss 2 examples to provide redundancy. First one: there is ONE router with 2 WAN connections leading to different ISPs and second one we have TWO switches with 2 WAN connections leading to two different ISPs.
I added also internal web server with ip address 192.168.1.50 on the LAN side, in order to show how to deal with NAT issue. Generally there is no NAT issue when we have 2 routers on the edge, cause we have 2 different routing tables with single statement about default route and next hop address, but it’s becoming the problem in scenario with a single router on the edge. We have to use two default routes one of them will be so called “floating route” with higher metric. I’ve choosen two L3 switches instead od 2 routers because I wanted to show HSRP with SVI’s but of course you may use routers with addressed physical interfaces.
2 switches 2 ISPs
In the case when we have 2 switches the most reasonable way to provide redundancy seems to be deploying any First Hop Redundancy Protocol. We may choose among HSRP, VRRP and GLBP. I will focus on HSRP. HSRP may be deployed in 2 ways: on physical interfaces or with using of SVIs. On physical interfaces switches are connected via another L2 switch, with SVIs switches are connected directly via trunk with using 802.1q protocol. The advantage of using HSRP or any other redundancy protocol is that we may run a couple of HSRP instances on both switches with different virtual gateways, what gives us not only redundancy but load balancing as well. Moreover one switch may work as a primary default gateway for VLAN 10 and secondary for VLAN 20 and the second one switch conversly. Now, if we use physical interfaces and we are going to do load balancing for two different VLANS let’s assume 10 and 20, then for each VLAN we have to create separate connection to the L2 switch. If we use SVIs we don’t have to worry about that, all we have to do is creating Vlan interfaces with assigned IP addresses and allow appropriate VLANs on the trunk port.
NAT issue
When we use 2 routers on the edge any NAT issue doesn’t take place.
SVIs
Switch 1
Interface Vlan 10
ip address 192.168.1.251 255.255.255.0
Interface Vlan 20
ip address 192.168.2.251 255.255.255.0
ip route 0.0.0.0 0.0.0.0 100.100.100.100
Interface Vlan 10
standby 1 ip 192.168.1.1
standby 1 preempt
standby 1 priority 150
Interface Vlan 20
standby 2 ip 192.168.2.1
standby 2 preempt
ip sla 1
icmp-echo 100.100.100.100
ip sla schedule 1 start-time now life forever
track 1 ip sla 1 reachability
interface Vlan 10
standby 1 track 1 decrement 60
Switch 2
Interface Vlan 10
ip address 192.168.1.252 255.255.255.0
Interface Vlan 20
ip address 192.168.2.252 255.255.255.0
ip route 0.0.0.0 0.0.0.0 200.200.200.200
Interface Vlan 10
standby 1 ip 192.168.1.1
standby 1 preempt
Interface Vlan 20
standby 2 ip 192.168.2.1
standby 2 preempt
standby 2 priority 150
ip sla 1
icmp-echo 200.200.200.200
ip sla schedule 1 start-time now life forever
track 1 ip sla 1 reachability
interface Vlan 20
standby 1 track 1 decrement 60
Physical interfaces
R1
interface fa0/0
ip address 192.168.1.251 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 preempt
standby 1 priority 150
standby 2 ip 192.168.1.2
standby 2 preempt
R2
interface fa0/0
ip address 192.168.1.252 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 preempt
standby 2 ip 192.168.1.2
standby 2 preempt
standby 2 priority 150
1 router 2 ISPs
A single router scenario may leads to a problems if we are going to use any type of NAT. I prepared 2 scenarios with PAT and with static NAT. Firstly I used IP SLA feature for tracing ISPs interfaces, I pointed out 4.2.2.2 DNS server, this way or another ICMP packets in order to reach 4.2.2.2 have always pass via ISPs interfaces.
interface fa0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
interface fa1/0
ip address 2.2.2.1 255.255.255.0
ip nat outside
interface fa1/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip sla 100
icmp-echo 4.2.2.2 source-ip 1.1.1.1
frequency 10
ip sla schedule 100 start-time now life forever
track 1 ip sla 100
delay up 10 down 10
ip route 0.0.0.0 0.0.0.0 2.2.2.2 2
ip route 0.0.0.0 0.0.0.0 1.1.1.2 1 track 1
1 router – PAT
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
route-map ISP_1 permit 10
match ip address 100
match interface fa0/0
route-map ISP_2 permit 10
match ip address 100
match interface fa1/0
ip nat inside source route-map ISP_1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP_2 interface FastEthernet1/0 overload
1 router – STATIC NAT
route-map ISP_1_STATIC permit 10
match interface fa0/0
route-map ISP_2_STATIC permit 10
match interface fa1/0
ip nat inside source static tcp 192.168.1.50 80 1.1.1.1 80 route-map ISP_1
ip nat inside source static tcp 192.168.1.50 80 2.2.2.1 80 route-map ISP_2