Jon,
There was a thread a few weeks ago that discussed this as well - sorry,
can't think of the subject, but try the archives.
I think most solutions simply involve adding another WAN link (either
permanent or dial on demand), because (in my experience anyway) WAN links
are far more likely to break than routers. So adding lots of router
redundancy follows diminishing returns when it's your single WAN link that
fails most.
Don't put too much faith in telcos providing redundant paths - a couple of
weeks ago 'Bob the backhoe man' dug up some cables and took out all comms
access to a sizeable chunk of NSW for almost a day - in an area where the
telco supposedly has plenty of redundant paths.
I realise that that's not the solution you're discussing, but it means that
other solutions are less likely to be discussed because people have less
experience of them.
JMcL
---------------------- Forwarded by Jenny Mcleod/NSO/CSDA on 04/06/2001
10:50 am ---------------------------
"Jon" @groupstudy.com on 01/06/2001 07:38:01 am
Please respond to "Jon"
Sent by: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: RE: Redundancy design question [7:6646]
Keep in mind, this is not the typical "help me design/fix my network for
free" question. I have been reading various papers, chapters, and case
studies, and am trying to get my head wrapped around the details, now.
I've built some scenarios in my head, trying to see problems and
solutions, rather than ways to buy more gear. I'm also not trying to
solve the WAN redundancy problem, just trying to get the WAN to connect
into my LAN redundancy solution.
The fundamental problem I'm trying to solve is how to protect against any
hardware failure of my core devices knocking out normal operations. I am
not concerned with protecting against any other faults outside my direct
control (e.g. loss of WAN circuit, loss of server, Howard sets off a
tactical device in the CO, etc.).
For the sake of having a straw man to burn:
A remote site is connected to the main office over a SHNS/SONET DS-3
connection, with full SONET protection to the demarc equipment on the wall
of the MDF. (To limit the discussion scope, I will only describe the
remote site -- we will assume the main facility is impervious to faults).
The telco provides a coax connection for connecting the router to their
gear.
Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module,
a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF
wiring closets, one per floor, each with a Cat4006 fully populated with
10/100 blades. Each IDF switch is connected over a single GBIC/GigE
connection to the MDF switch. All users are connected to their IDF over a
single Cat5 run. All servers are connected (single-homed) to the MDF
switch.
To add some protection to this model, I will add a second Cat4006 in the
MDF, with the same blades as the first. I will also dual-home all the
servers to both MDF switches -- assume that the proper NICs are present to
allow this, and that they are properly configured.
I am now protected against the loss of one of my blades, or chassis, or
running over a single cable with my handy BOFH rolling chair. But, my
router might break, so I need to protect against that risk.
Add a second 7206, same blades, dual-homed to both switches. Except I
only have one coax cable from the demarc to carry the WAN signal. How do
I connect the coax to two router blades, so that both routers could use
the media? Or, is there a type of service available that allows for
physical failover of the connection, provided by the circuit provider --
note that this isn't a second complete circuit, just a split demarc
connection.
Any ideas? Or is this too theoretical -- not a real enough scenario?
Real world solutions might well include a second circuit, of sufficient
bandwidth to "get by" until a repair is effected. Or provisioning two
circuits for load balancing, with each capable of "get by" bandwidth in a
fault state. But, I'm seeing a few cases where the answer presented is to
double up on equipment -- never stating (perhaps always assumed) that
you'll also be doubling up on all your WAN circuits to make it work.
-jon-
--- Chuck Larrieu wrote:
> Asked because I don't know: how do you plan on making the switches
> redundant? How are your servers, for example homed on the switches? Is
> it
> real redundancy if closet switches are dual homed to core switches? Is
> your
> internet connection, your firewall, etc dual homed as well?
>
> Chuck
> The world is a single point of failure :->
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Jon
> Sent: Thursday, May 31, 2001 12:09 PM
> To: [EMAIL PROTECTED]
> Subject: Redundancy design question [7:6646]
>
> I've been reading about designing physical redundancy into networks, by
> having hot standby devices and using HSRP between them. As an example,
> if
> a site has a single router and a single core switch, these are points of
> risk. By adding a second core switch and a second router, any hardware
> failure should be overcome by the standby device taking over. If all
> the
> servers and wiring closet switches are multi-homed to both core
> switches,
> users shouldn't notice that a fault has occured. (I assume that the
> loss
> of a wiring closet switch is acceptable -- perhaps local spares are
> sufficient).
>
> However, if I only have one WAN circuit coming into the facility, it can
> only be connected to one router at a time, right? So, if the active
> router fails, how does the WAN connectivity fail over, short of an
> operator moving the cable to the second router? I'm not trying to
> address
> WAN circuit redundancy or multi-homing, that's a different worm-can to
> open.
>
> Is there some way to have both routers connected to the same WAN
> circuit?
> Something along the lines of a WYE-cable that connects both routers to
> the
> demarc connection? Or is this something that the circuit provider would
> address with their equipement (for a fee, I'm sure)?
>
> If this has been hashed over in the past, I couldn't find it in the
> archives. So, if we've covered this before, could someone share the key
> search words to locate the discussion?
>
> -jon-
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7262&t=6646
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
