[c-nsp] Solution for 'DR' Site

Oliver Garraux oliver at g.garraux.net
Mon Apr 8 19:12:02 EDT 2013


If it meets their needs, the simplest way would probably be to use separate
IP space at each site, with DNS based load balancing to fail their
applications over to the DR site.

Cisco's ACE is dead.  Look at F5's products.  Their GTM product (DNS based
load balancing) is solid and really flexible.

If the site to site connectivity is over the Internet...then yeah you're
going to need IPSec or something of that nature.  If there's some kind of
private WAN connectivity, then it just depends on people's comfort levels.

If you need more specific or in-depth advice, let me know.

Thanks,

Oliver

-------------------------------------

Oliver Garraux
Check out my blog:  blog.garraux.net
Follow me on Twitter:  twitter.com/olivergarraux


On Mon, Apr 8, 2013 at 3:27 PM, Sanjeev Maniks <midoasis at hotmail.com> wrote:

> Hello,
>
> I am new to this list and wanted some guidance on a Cisco solution for the
> following requirement.
>
> We have a client (bank) who have two sites - A and B - both located in
> difference towns.  A is the HQ and B is to be their Disaster Recovery (DR)
> site.  Client has requested for -
>
> * Internet bandwidth (~ 20 Mbps) to be supplied to Site A, and if there is
> any failure there, this bandwidth is to be re-directed to B.
>
> * The services to be hosted by the bank is basically their Internet
> Banking Platform (web-based) and mail.  The databases for both services
> will be replicated across A and B.  Client will handle this, but we will
> provide communication channel between A and B.
>
> A and B are to be connected via fiber through intermediate IP-based
> routers.  (There is no MPLS.)
>
> So my question is what is the best way of handling the failover for both
> their services ?  DNS changes ?  Is there anything better I can do with a
> Cisco product placed at A and B ?  I know Linux has a Virtual Server
> implementation and I see Cisco's ACE does something similar though I am not
> an expert with Cisco products.  And for the secure channel to enable the
> databases at the sites to synch up, should I be thinking of IPSEC ?
>
>  One of our suppliers mentioned something about using HSRP or VRBP.  I am
> yet to do some research on that.
>
>  Any suggestions would be appreciated.
>
>  Thank you,
>
> Sanjeev
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list