Solved

Cisco routers in dfferent building, HSRP will work?

Posted on 2013-01-16
19
1,208 Views
Last Modified: 2013-01-24
Hello guys,

I am setting up two cisco router in different building one will act as primary (IPSEC) and another as secondary (MPLS)

Both the router router wil be on same LAN network but there will be no physical connection in between the routers.

Will hsrp work?  if yes then any idea If I need to do some additional work on configuration.
Also there is no routing protocol at LAN.

I haven't tried hsrp in such scenario
0
Comment
Question by:Sandeep Gupta
  • 7
  • 6
  • 2
  • +3
19 Comments
 
LVL 5

Accepted Solution

by:
Leeeee earned 167 total points
Comment Utility
HSRP requires layer 2 adjacency for the hello's/heartbeat to work. If they aren't connected with a layer two segment between them, HSRP won't work.
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
The way you describe it this will work.
0
 
LVL 5

Expert Comment

by:Leeeee
Comment Utility
How will it work mat? L2TPv3?
0
 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
More specifically there is no physical connection in between LAN even LAN network is same at both the buildings.

I think HSRP will not work...because there is no LAN to LAN connectivity and HSRP cannot be triggred.

If somehow I take LAN extention form building 1 to building 2 and built physical connectivity then in this case HSRP will work.

for more clarity I have attached a diagram.

What you guys say?
failover.JPG
0
 
LVL 10

Assisted Solution

by:mat1458
mat1458 earned 333 total points
Comment Utility
I read "Both the router router wil be on same LAN network but there will be no physical connection in between the routers."

Which I interpreted in a way that both routers are attached to a switched network that links the two buildings but there is no direct connection (cable, fibre) between the routers.

But the way it looks there is actually no connection, and if there isn't, HSRP doesn't make any sense. What is the distance between the buildings? Do you have any possibility to pull a cable? Is there a possibility to use a wireless bridge (no other buildings or obstacles in between)? Then you might have a chance to build your topology.
0
 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
Thanks Matt..just finished a long discussion with sales guys regarding this...I think customer will be arranging some physical connection in between the buildings....

But this issue built up a new question in my mind and I want to share with you guys..

about "how to achieve location redundency"
0
 
LVL 7

Expert Comment

by:avcontrol
Comment Utility
Easiest way just run fiber between location and connect your routers over fiber ports.
You would probably need "yellow" - single mode fiber, which allows  run over long distances.

Here is some cisco chart will help you choose hardware

http://www.cisco.com/en/US/products/hw/modules/ps4999/products_qanda_item09186a0080abed87.shtml

every brand of hardware have their own charts.

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/reference/specifications/transceiver-m-mx-t-series-oc3-optical-specifications.html?searchid=1358433462178

Once you have cable in place, it will be sufficient to cover any of yours redundancy/HSRP/ else needs.

This of cause will work work if you have this option - run fiber between.
0
 
LVL 5

Expert Comment

by:Rakesh Madupu JNCIE-SP #02079 CCIE-SP#47613
Comment Utility
I dont see why it does not work ? Why do you need to have a cable between two routers to be hsrp redundant ? do you want Routers to be redundant , unless other wise you require , i dont see a topology which demands a direct cable to between two routing devices

typically it would be

r1                         r2
     
    switched network


r1 and r2 can be even connected via a Mpls layer 2 vpn  or vpls or l2tp , why does that really matter as long as it supports multicast for ospf or eigrp if you wish

What do you mean by location redundancy ?

If Understand your question correctly , then you need to have a total of 4 routers with two switched connections r1 r3 r2 r4 and it would be a sort of full mesh

Regards
Game
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
Before we start to make suggestions: can you detail your current hardware and the geographical situation a bit? Then it's probably easier to make a good proposal.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
Okay here is the topological scenario for location redundency:

hardware: 2x Cisco 1941
Primary Wan Link: Internet 10M
Secondary WAN link: MPLS 10M

I want to install one router C9141 /w Internet at NewYork and another C1941 /w MPLS at Paris.
I want both the router will back-up each other and in normal situation only one will be active a time.

In case of faliure Paris router will take over NYC router and when NYC come back all routing again fallback to NYC and Paris router becomes standby again.

There is only one restriction that we cannot run any dynamic routing protocol at LAN...only static can be used.

Any idea?
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
Aha, so there is so much distance between the two buildings. I assumed that they are close.

If you really want to have a backup I suggest you to buy another two routers, one for each site. This way you can be sure that the failure of one router does not cut the connection between the two cities. Use each router for only one WAN link.

And you most likely will use a routing protocol since this is the desinged way to have redundant paths working. Static routes are ok in networks with non-redundant setups. Why don't you want to use a routing protocol?
0
 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
This is my customers request...and he cannot spend money for buying two more routers and links. that's why I am restricted to hardware but open for config suggestion...
0
 
LVL 10

Assisted Solution

by:mat1458
mat1458 earned 333 total points
Comment Utility
Then you have to tell you customer that with the existing equipment you only can failover an error of one of the WAN links. But you will need a routing protocol to do that. Use OSPF or EIGRP, use a GRE Tunnel that you encrypt with IPSEC for the primary link. With the bandwitdth/delay you can make sure that the traffic always takes the IPSEC link when available.
0
 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
Thanks Matt.

I want to achieve WAN failover and Its a good idea I can create GRE tunnel over the TWO WAN and with that GRE tunnel I am trying to track WAN interfaces to check the WAN link availablity and in case of faliure traffic will divert.
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
You need the GRE just on the IPsec side. The MPLS network transports all your IP traffic including routing protocols without any problem.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
How is NY connected to Paris at the moment?

I'm getting confused with the IPSec and MPLS.  What does the IPSec and MPLS connect?

The OP said...

hardware: 2x Cisco 1941
Primary Wan Link: Internet 10M
Secondary WAN link: MPLS 10M

I want to install one router C9141 /w Internet at NewYork and another C1941 /w MPLS at Paris.
I want both the router will back-up each other and in normal situation only one will be active a time.

In case of faliure Paris router will take over NYC router and when NYC come back all routing again fallback to NYC and Paris router becomes standby again.

There is only one restriction that we cannot run any dynamic routing protocol at LAN...only static can be used.

That, to me, says that NY will have an internet connection, and Paris will connect to a MPLS.  However, the Paris site doesn't have any other info regarding the MPLS.

Then, IPSec comes up, but again there's no detail and the apparent topology doesn't make much sense at the moment.

If I've understood the requirement I would say one option would be to connect NY to Paris via a dedicated link and use that for redundancy at each site.  This would enable you to use the one router and IP SLA which is easy to implement.  The local internet feed would be the primary route to the internet and the private link between NY and Paris would be the secondary.

Someone tell me to shut up if I've missed something! :-)
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
I see it this way:

One link across the internet between NY and Paris, IPsec is used to encrypt/authenticate.
The other link between NY and Paris is MPLS.

What do you propose as a trigger for your IP SLA? The routes normally don't disappear when the interfaces don't go down and that's mostly the case with internet or MPLS.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
That's why I'm asking how it is 'actually' going to be linked.  It's not blindingly obvious at the moment though!

If there's a standard internet link at each site, and a MPLS between the two sites, IP SLA can be used for internet failover simply to monitor a host on the internet, such as Google's public DNS servers.  That way, if the internet circuit doesn't physically fail, but routing upstream (for example) does, you can switch to the MPLS using the SLA trigger.  Simple enough!  That will also work for a physical link failure.

If the MPLS fails, IP SLA will trigger the connectivity between the sites to go via IPSec VPN.  Again, simple enough.

I just want to know what physical connectivity each site has before suggesting a solution.
0
 
LVL 9

Author Comment

by:Sandeep Gupta
Comment Utility
thanks guys for your valuable inputs I am closing this question here and come back to you soon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now