HSRP question

Hi, I have a design question for failover.
We have 2 routers at a site, 1 managed by Vz, 1 unmanaged by our team.
The main router is the 7200 vxr, which has a ds-3, and provides both internet and mpls vpn.
the backup router is an 1841, with IPSec Crypto tunnels, and is 3 Megs.
The 7200 router is connected to a PacketShaper, and that Packetshaper is connected to a Proxy SG.
we have 3 switches as well (all 3560). There are about 30 users at this site.

The 7200 from the CE to the PE runs BGP
The 7200 to the 3560 runs EIGRP.
The 1841, directly connected into that same 3560, also runs EIGRP.

If need be, I can attach a diagram.

Basically, I want to implement failover (i.e. if the 7200 WAN dies, if the 7200 itself dies, if the 7200 LAN dies, etc., then the 1841 should kick in.

I was thinking of running HSRP but am uncertain of the implications with the PS and the Proxy SG inline, and also, am unsure if SLA is recommended in this case, or needed.

Also, I would need to know where the HSRP would go--this is because we are not sure if we should just use it on the SVIs on the 3560s, and the 1841, and the 7200, or what?

                                                              3560
                                                               |    
WAN---7200-------PS----Proxy SG---3560----------------------1841------Internet (IPSec backup)
                                                              |
                                                            3560

That is the current setup.

I was thinking of doing this:

                           WAN                                                                   WAN
                             I                                                                        I
                       7200 -----------(x-over between fe0/1) / 30------1841
                       |                                                                              |
                    PS                                                                            |
                       |                                                                             |
                   Proxy SG                                                                  |
                          |                                                                           |
                   3560 ----------------L3 Etherchannel------------------3560
                       |  L3 Etherchannel                                                     |
                        |-------------------------------3560-----------------------                                
So basically, the 7200 and the 1841 should be on teh same subnet, which they currently are not.
The 3560s, though....not sure what to do with them (SVIs on both, or all 3?)....



Please advise!
sbempongAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikebernhardtCommented:
I think the only thing you need to do is to let the 1841 advertise a default route into EIGRP, but with a higher metric than what comes from the 7200. Also make sure that EIGRP on the 7200 is learning its default route from BGP.

This is what you'll have going for you:
1. If BGP dies, default goes away and the 1841 takes over
2. If the 7200 dies, same thing happens.
3. If the 7200 LAN connection dies, it's no longer a neighbor to the 3560 and same thing happens.

Regardless of how you want to change your topology, running dynamic routing protocols make it all very easy.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sbempongAuthor Commented:
hi, we are still planning on testing failover--hence, i cannot ensure this will work or not...
0
sbempongAuthor Commented:
just cannot test at this point
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.