Hi Imran, In ur scenario u have a single uplink and two routers connected to that link. So better use a switch between three routers from Router 1 is connected to both Router 2 and Router 3 . And all three routers are connected in same broadcast domain. So better use HSRP or GLBP or VRRP for this.
If u want NAT synchronisation , then u need FHRP . In Stateful Firewall , u need IOS routers dude. so the ethernet handoffs from the ISP should be done inorder to provide this requirement for router redundancy Or else for system redundancy u can use dual RP or else Line Card synchronisation . If primary RP fails, ur secondary RP can take care after synchronising with the entire control plane and avoid any kind of inconsistencies from a LC On Mon, Jan 2, 2012 at 8:25 AM, WaLeEd two AlShErIf <[email protected]>wrote: > Hi Imran , > > Could you add some topology , > > I could suggest that you may have modular Router and you may apply the LPU > hardware failure recovery , so you can use two interfaces on separate Line > Cards ( LPU ) this is the way to have redundancy . > > Yours, > > Waleed Alsherif > > > ________________________________ > From: Bob McCouch <[email protected]> > To: Imran Ali <[email protected]> > Cc: [email protected] > Sent: Sunday, January 1, 2012 11:07 PM > Subject: Re: [OSL | CCIE_RS] router redundancy > > You could look at the Stateful NAT feature for NAT table sync across > multiple devices. > > http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml > > As far as I know, though, there is no equivalent feature for IOS stateful > firewall (ZFW or CBAC). So if you're doing anything beyond basic ACLs and > NAT for firewalling (hopefully you are) you will still have session > breakage during a failover event. > > The ASA active/standby feature is much more tightly integrated than two IOS > routers. > > You could still accomplish device redundancy by using two routers with a > FHRP and a switch to split off the incoming ISP link (assuming Ethernet > handoff) as others have mentioned, and you could also put a pair of > active/standby ASAs behind the router pair to provide you redundancy at the > routing layer and stateful failover of firewall/NAT/VPN function. > > You could build a 2N design all the way from the routers back, and in front > of the routers have a single switch (dual buys you nothing other than a > warm standby) with the ISP link into it. > > > > On Sun, Jan 1, 2012 at 2:24 PM, Imran Ali <[email protected]> wrote: > > > Marc abel , > > > > you are spot on ! > > > > but does i think this is going to be state less failover ? > > > > > > is their a way to NAT synchronisaiton ? > > > > On Sun, Jan 1, 2012 at 10:15 PM, marc abel <[email protected]> wrote: > > > > > Plug your uplink and the interaces from the routers into a switch in > the > > > same vlan. Use hsrp. You still will have a single point of failure. > > Unless > > > your provider provides dual hand offs. In this case plug each uplink > and > > 1 > > > router into seperate switches and trunk them together. > > > On Jan 1, 2012 12:50 PM, "Imran Ali" <[email protected]> wrote: > > > > > >> Hi all, > > >> > > >> i have only one uplink and my boss wants to implement redundancy of > > >> routers . > > >> > > >> > > >> if one router fails other should take over . HSRP , vrrp and GLBP all > > >> required dual links . but i want to achieve hardware redundancy and > not > > >> link redundancy . is this possible ? > > >> > > >> > > >> the same can be achieved with asa in active and stanby mode > .....but > > we > > >> have routers instead of ASA. > > >> > > >> Any idea , expert can guide me ? > > >> _______________________________________________ > > >> For more information regarding industry leading CCIE Lab training, > > please > > >> visit www.ipexpert.com > > >> > > >> Are you a CCNP or CCIE and looking for a job? Check out > > >> www.PlatinumPlacement.com > > >> > > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > > >> > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- With Warmest Regards, CCIE KID CCIE#29992 (Security) _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
