[c-nsp] High Availability PoP Design

[Michael Markstaller]

Hi, 

I'm looking for exactly the same and still think about the perfect solution..

To the inside-hosts one can run HSRP for the default-gateway, quite clear; in your case with red. server NICs you simply point them to the HSRP-gateway and do a failover as loadbalancing is IMHO impossible.
But how two connect R1/R2 (and probably later on R3,R4,R5) redundantly to the switches ? 

Now the prerequesites on my side are similar:
- 2x 7206VXR, 2xFE, several Serials on each
- 2x 2950T-24 currently cross-connected over their GE-port
- the 7206 are running iBGP to each other and eBGP to the ouside, quite straightforward: the iBGP session shouldn't get lost for sure if one switch fails.
- addtl. running EIGRP on the inside 
- currently R1 Fa0/0 goes to S1, Fa0/1 goes to S2 (everything is running on Fa0/0 for now)
- R2 Fa0/0 goes to S2, Fa0/1 goes to S1

My requirements:
- There shouldn't be any failure other than for single-connected hosts if a switch fails. From the inside that's no problem; I have the default route redistributed with EIGRP and HSRP as gateway for Servers with failover-enable NIC's
- Failover needs to work when R1, R2 or the uplink-line fails (there's more than one link on each R1/R2)
- I don't want to buy some 6509 and/or PIX because I don't like both ;)

Now I thought about several ways but with all of them I have something missing or have high complexity..
When connect as described above, this gives perfect HSRP-failover in case a router or a switch dies but: a) iBGP would go down and the routers won't see each other when a switch fails.

The only possible solution I can currently think of is a mess of 3 Vlans and some EIGRP (or any other internal routing): 
1. Fa0/0.1 on R1 (-> S1) and Fa0/0.1 on R2 (-> S2) running HSRP and EIGRP - gives redundancy to inside for HSRP and distributing EIGRP via default-route if a router fails
2. Fa0/0.2 on R1 (-> S1) and Fa1/0.2 (-> S1) on R2 running EIGRP in Vlan2 so R1 and R2 see each other if S2 fails
2. Fa0/1.3 on R1 (-> S2) and Fa0/0.3 (-> S2) on R2 running EIGRP in Vlan3 so R1 and R2 see each other if S1 fails
3. running iBGP with a loopback on both as neighbour IP so it won't break in case a switch fails because the Loopback-IP's are disributed over all three EIGRP nets between R1 and R2 - one cross the switches and the other two within each switch

I'm still looking for something more straightforward and simple but this might work.


>> Saku Ytti:
> 
>  Simple solution would be to eplace switches with 3750 stack, 
> and connect
> hosts to both 3750's using 802.3ad.

Got that into mind, sounds quite good. I've palnned to grab two 3750 anyway sooner or later then this might be the best solution..
But one question here: Is it allowed to create a port-channel on two stacked 3750 with any port in the stack (let's say Gig1/0/5 and Gig2/0/9) ?
I just remeber back from the Cat5k-days FEC-ports always needed to be on one module and only 1-4,5-8,...

Michael


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Tohill
> Sent: Monday, October 31, 2005 2:22 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] High Availability PoP Design
> 
> 
> 
> Hi,
> 
> Consider the following:
> 
> | H1------S1----R1----ISP1
> |    \    /\     /
> |     \  /  \   /
> |      \/    \ /
> |      /\     \
> |     /  \   / \
> |    /    \ /   \
> |  H2----- S2----R2----ISP1
> 
> H1/2 are dual-homed hosts.
> S1/2 are WS-2970G-24's.
> R1/2 are 7204VXR's with NPE-G1's connecting to redundant 
> links in providers PoP.
> 
> Was hoping to implement HSRP but can this be implemented? The 
> 2970's ( running Enterprise IOS) can't do layer 3 routing, right?
> 
> How would you connect redundant links to NPE-G1 gig ports and 
> make them act like two switch ports?
> 
> Any advice appreciated. 
> Mark