RE: Redundancy design question [7:6646]
Jon, There was a thread a few weeks ago that discussed this as well - sorry, can't think of the subject, but try the archives. I think most solutions simply involve adding another WAN link (either permanent or dial on demand), because (in my experience anyway) WAN links are far more likely to break than routers. So adding lots of router redundancy follows diminishing returns when it's your single WAN link that fails most. Don't put too much faith in telcos providing redundant paths - a couple of weeks ago 'Bob the backhoe man' dug up some cables and took out all comms access to a sizeable chunk of NSW for almost a day - in an area where the telco supposedly has plenty of redundant paths. I realise that that's not the solution you're discussing, but it means that other solutions are less likely to be discussed because people have less experience of them. JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 04/06/2001 10:50 am --- Jon @groupstudy.com on 01/06/2001 07:38:01 am Please respond to Jon Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: RE: Redundancy design question [7:6646] Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover of the connection, provided by the circuit provider -- note that this isn't a second complete circuit, just a split demarc connection. Any ideas? Or is this too theoretical -- not a real enough scenario? Real world solutions might well include a second circuit, of sufficient bandwidth to get by until a repair is effected. Or provisioning two circuits for load balancing, with each capable of get by bandwidth in a fault state. But, I'm seeing a few cases where the answer presented is to double up on equipment -- never stating (perhaps always assumed) that you'll also be doubling up on all your WAN circuits to make it work. -jon- --- Chuck Larrieu wrote: Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject: Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single
Re: Redundancy design question [7:6646]
Well, worse case scenario, use 56K modem as backup point being, there are ways to provide backup WAN connectivity for not alot of money. HSRP could be used (as mentioned before), or the modem/ISDN could be designated as a backup interface. A bit easier to configure than HSRP. Mike W. Brian wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... ISDN is not so cheap in cali unless you can get Centrex.. Brian Sonic Whalen Success = Preparation + Opportunity On Thu, 31 May 2001, Michael L. Williams wrote: Well, having more than one router connected to the same WAN connection still leaves a single point of failure. Where I work, we have hundreds of remotes sites, each of which has 2 routers connected together to the remote LAN using HSRP. One router has a frame relay connection, and the other has an ISDN dial-back up interface to the same WAN destination (Central Site). This way if the primary circuit goes down, the HSRP priority gets reduced (even on a subinterface level) until the connection is completely down, thus router 2 then invokes the ISDN dials. ISDN is cheap, so this sounds like a good method to me for providing redundance without having to mess with trying to connect 2 routers to a single WAN connection.. My 2 cents Mike W. Jon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6983t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
Jon, There was a thread a few weeks ago that discussed this as well - sorry, can't think of the subject, but try the archives. I think most solutions simply involve adding another WAN link (either permanent or dial on demand), because (in my experience anyway) WAN links are far more likely to break than routers. So adding lots of router redundancy follows diminishing returns when it's your single WAN link that fails most. Don't put too much faith in telcos providing redundant paths - a couple of weeks ago 'Bob the backhoe man' dug up some cables and took out all comms access to a sizeable chunk of NSW for almost a day - in an area where the telco supposedly has plenty of redundant paths. I realise that that's not the solution you're discussing, but it means that other solutions are less likely to be discussed because people have less experience of them. JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 04/06/2001 10:50 am --- Jon @groupstudy.com on 01/06/2001 07:38:01 am Please respond to Jon Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: RE: Redundancy design question [7:6646] Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover of the connection, provided by the circuit provider -- note that this isn't a second complete circuit, just a split demarc connection. Any ideas? Or is this too theoretical -- not a real enough scenario? Real world solutions might well include a second circuit, of sufficient bandwidth to get by until a repair is effected. Or provisioning two circuits for load balancing, with each capable of get by bandwidth in a fault state. But, I'm seeing a few cases where the answer presented is to double up on equipment -- never stating (perhaps always assumed) that you'll also be doubling up on all your WAN circuits to make it work. -jon- --- Chuck Larrieu wrote: Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject: Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single
Re: Redundancy design question [7:6646]
ISDN is not so cheap in cali unless you can get Centrex.. Brian Sonic Whalen Success = Preparation + Opportunity On Thu, 31 May 2001, Michael L. Williams wrote: Well, having more than one router connected to the same WAN connection still leaves a single point of failure. Where I work, we have hundreds of remotes sites, each of which has 2 routers connected together to the remote LAN using HSRP. One router has a frame relay connection, and the other has an ISDN dial-back up interface to the same WAN destination (Central Site). This way if the primary circuit goes down, the HSRP priority gets reduced (even on a subinterface level) until the connection is completely down, thus router 2 then invokes the ISDN dials. ISDN is cheap, so this sounds like a good method to me for providing redundance without having to mess with trying to connect 2 routers to a single WAN connection.. My 2 cents Mike W. Jon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6939t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redundancy design question [7:6646]
Jon, the answer to your question is NO. here`s the reasonyou COULD make yourself a Y cable from your CSU/DSU ,but you would have a few issues. I tried this sometime ago and found out the hard way. OK.first thing if both routers are on you have a major routing loop problem..AKA split horizon/Spanning tree both routers would recieve the input packet from the CSU and both would try to route it at the same time...(VERY BAD)i totally screwed up my lab routing by doing this . Also packets from host to internet are not routed properly... So i tried HSRP but found that only worked if i had only one VLan and didn`t load balance.it also was not as fast as just having one router..( pass as to why) SO you could set-up the cable and say shutdown one int on the backup router...which still means you have a latency (until you re-enablen the int and re-convergence takes place). i hope this is helpfull... BTW Please don`t ask me about CSU/DSU clocking as it was a BT leased line CSU/DSU and all i did was rip the cable apart and duplicate it ... Sorry steve From: Jon Reply-To: Jon To: [EMAIL PROTECTED] Subject: Redundancy design question [7:6646] Date: Thu, 31 May 2001 15:09:25 -0400 I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6733t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
...in an attempt to torch the straw man... We could talk at length about the pros and cons of the straw man you present; if I understand the main question at hand the question is how to provide some redundancy to the WAN link. Short answer is that real-world solutions would include some type of alternate or backup circuit (ISDN has already been mentioned on this thread) connected to the same router or a redundant one. To look at the hypothetical scenario you propose - I assume there is some way to do as you propose, I don't know how you could have the router interface active on both routers at once such that automagic failover was possible. Aside from the physical-layer issues (splitting the wire(s), noise, clocking problems, etc.) and the data-link layer issues (having three devices on what is supposed to be a point-to-point circuit); consider the network-layer problems. If Core-Rtr1 is primary and Core-Rtr2 is backup connecting to some remote router(s) (Remote-RtrX) and assume we're talking IP - say the network is 192.168.1.0/24. Then Each core router will need an (active) interface on the 192.168.1.0/24 network but, Core-Rtr2 needs to send all traffic via Core-Rtr1 when it is alive and well. Well, I'm sure that somebody, somewhere is doing something pretty similar to this (I continue to be amazed at what I find out there...) but I would make sure that my pager number wasn't on the call list for support. The closest thing I've seen to what you're talking about (in a common, supportable, lowest $$ configuration) would be to utilize frame-relay and connect every router into the cloud. Yes, you end up paying for the additional local loop and F/R port charge for the 2nd core router but most carriers offer DR PVCs at little or no cost to customers. Throw a little ISDN into the pot to backup the frame network...just keep adding the $$ In the real world, it all boils down to how many 9's the company is willing to pay for - I don't care how hard you try, you're not going to get 99.999% availability on a three-9's budget. Since this is purely an academic discussion...I think others will agree that having a hot-standby router (especially a fairly costly one - you did say 7206, right) but only one serial link is probably a mis-direction of funds. In my experience, serial lines fail much more frequently than hardware. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Sent: Thursday, May 31, 2001 4:38 PM To: [EMAIL PROTECTED] Subject: RE: Redundancy design question [7:6646] Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover
RE: Redundancy design question [7:6646]
However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- -- With only one WAN circuit coming in, your only choice is dial-backup (either Analog or ISDN) Irwin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6651t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject:Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6654t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redundancy design question [7:6646]
Well, you have pinpointed the problem with many redundant campus network designs. They may not be redundant into the WAN. To meet your goals, you may need a backup WAN connection of some sort. Depending on the level of performance you want for the backup and the amount of traffic that you have, you could use a low-speed and low-cost backup such as ISDN or even an analog modem. You'll need to think about the cost, benefits, risks of not doing anything, etc. How often do failures occur with your current WAN? (Mean Time Between Failure)? When problems occur, how quickly do they get fixed? (Mean Time To Repair) What's the cost of downtime? Any layer 8 (politics) issues you need to deal with? Like will you lose your job and/or credibility if the WAN connection is down for a long time? When provisioning backup WAN links, you should learn as much as possible about the actual physical circuit routing also. Different carriers sometimes use the same facilities, meaning that your backup path is susceptible to the same failures as your primary path. Be sure to analyze your local cabling in addition to your carrier's services. Perhaps you have designed an ISDN link to back up a Frame Relay link. Do both of these links use the same cabling to get to the demarcation point in your building network? What cabling do the links use to get to your carrier? The cabling that goes from your building to the carrier is often the weakest link in a network. It can be affected by construction, flooding, ice storms, trucks hitting telephone poles, Bob the back-hoe operator, etc. Priscilla At 03:09 PM 5/31/01, Jon wrote: I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6656t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
An excellent book on this subject is High Availability Networking with Cisco by Vincent Jones ISBN 0201704552. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Thursday, May 31, 2001 3:11 PM To: [EMAIL PROTECTED] Subject: Re: Redundancy design question [7:6646] Well, you have pinpointed the problem with many redundant campus network designs. They may not be redundant into the WAN. To meet your goals, you may need a backup WAN connection of some sort. Depending on the level of performance you want for the backup and the amount of traffic that you have, you could use a low-speed and low-cost backup such as ISDN or even an analog modem. You'll need to think about the cost, benefits, risks of not doing anything, etc. How often do failures occur with your current WAN? (Mean Time Between Failure)? When problems occur, how quickly do they get fixed? (Mean Time To Repair) What's the cost of downtime? Any layer 8 (politics) issues you need to deal with? Like will you lose your job and/or credibility if the WAN connection is down for a long time? When provisioning backup WAN links, you should learn as much as possible about the actual physical circuit routing also. Different carriers sometimes use the same facilities, meaning that your backup path is susceptible to the same failures as your primary path. Be sure to analyze your local cabling in addition to your carrier's services. Perhaps you have designed an ISDN link to back up a Frame Relay link. Do both of these links use the same cabling to get to the demarcation point in your building network? What cabling do the links use to get to your carrier? The cabling that goes from your building to the carrier is often the weakest link in a network. It can be affected by construction, flooding, ice storms, trucks hitting telephone poles, Bob the back-hoe operator, etc. Priscilla At 03:09 PM 5/31/01, Jon wrote: I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6660t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover of the connection, provided by the circuit provider -- note that this isn't a second complete circuit, just a split demarc connection. Any ideas? Or is this too theoretical -- not a real enough scenario? Real world solutions might well include a second circuit, of sufficient bandwidth to get by until a repair is effected. Or provisioning two circuits for load balancing, with each capable of get by bandwidth in a fault state. But, I'm seeing a few cases where the answer presented is to double up on equipment -- never stating (perhaps always assumed) that you'll also be doubling up on all your WAN circuits to make it work. -jon- --- Chuck Larrieu wrote: Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject: Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've
Re: Redundancy design question [7:6646]
Well, having more than one router connected to the same WAN connection still leaves a single point of failure. Where I work, we have hundreds of remotes sites, each of which has 2 routers connected together to the remote LAN using HSRP. One router has a frame relay connection, and the other has an ISDN dial-back up interface to the same WAN destination (Central Site). This way if the primary circuit goes down, the HSRP priority gets reduced (even on a subinterface level) until the connection is completely down, thus router 2 then invokes the ISDN dials. ISDN is cheap, so this sounds like a good method to me for providing redundance without having to mess with trying to connect 2 routers to a single WAN connection.. My 2 cents Mike W. Jon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6676t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
