gci_ee
asked on
Cisco HSRP - Do i need more than one WAN IP ?
Hi all,
I'm currently on a CCNA course (and NO this isn't a lab/test/learning question) and we've recently purchased 2 ISR 4331 routers that we wanted to set up in high availability HSRP and we had a Cisco "specialist" come in and say that we needed to have 3 routable WAN IP's......one for the main traffic and another one on each router for the "failover" side of things.
I've gone to look through some guides on how HSRP is setup as i'm obviously curious but none of them state we need WAN ip's to do this and we can simply give them internal (LAN) ip's for the failover to work ?
Can anyone calrify this as we've only got a single IP on our leased line and it'll then mean we need a new bank of IP's on it ?
Thanks
I'm currently on a CCNA course (and NO this isn't a lab/test/learning question) and we've recently purchased 2 ISR 4331 routers that we wanted to set up in high availability HSRP and we had a Cisco "specialist" come in and say that we needed to have 3 routable WAN IP's......one for the main traffic and another one on each router for the "failover" side of things.
I've gone to look through some guides on how HSRP is setup as i'm obviously curious but none of them state we need WAN ip's to do this and we can simply give them internal (LAN) ip's for the failover to work ?
Can anyone calrify this as we've only got a single IP on our leased line and it'll then mean we need a new bank of IP's on it ?
Thanks
ASKER
Right, but on all the "scenarios" i've looked at they portray only a single WAN ip address and then 3 LAN ip addresses so for example:
Primary router will have LAN ip of 192.168.1.2 and virtual LAN ip of 192.168.1.1
Secondary router will have LAN ip of 192.168.1.3 and virtual LAN ip of 192.168.1.1
This then makes sense as the LAN users will use 192.168.1.1 as their gateway and if one router fails then the other will take over so we're fine with this but we're querying from the WAN point of view ?
Is it the case then that the same scenario needs to be adopted on the WAN side and so if our leased line is say 88.88.88.88 we willl setup the same thing but on the serial interfaces and have:
Primary router will have WAN ip of 88.88.88.87 and virtual WAN ip of 88.88.88.88
Secondary router will have WAN ip of 88.88.88.89 and virtual WAN ip of 88.88.88.88
Hope this makes sense
Thanks
Primary router will have LAN ip of 192.168.1.2 and virtual LAN ip of 192.168.1.1
Secondary router will have LAN ip of 192.168.1.3 and virtual LAN ip of 192.168.1.1
This then makes sense as the LAN users will use 192.168.1.1 as their gateway and if one router fails then the other will take over so we're fine with this but we're querying from the WAN point of view ?
Is it the case then that the same scenario needs to be adopted on the WAN side and so if our leased line is say 88.88.88.88 we willl setup the same thing but on the serial interfaces and have:
Primary router will have WAN ip of 88.88.88.87 and virtual WAN ip of 88.88.88.88
Secondary router will have WAN ip of 88.88.88.89 and virtual WAN ip of 88.88.88.88
Hope this makes sense
Thanks
3 routable WAN IP addresses are:
1. Interface on router 1 - 88.88.88.87
2. Interface on router 2 - 88.88.88.89
3. Virtual IP address on both routers - 88.88.88.88
Provider is using your virtual IP address 88.88.88.88 as next hop.
1. Interface on router 1 - 88.88.88.87
2. Interface on router 2 - 88.88.88.89
3. Virtual IP address on both routers - 88.88.88.88
Provider is using your virtual IP address 88.88.88.88 as next hop.
HSRP is a tightly focused approach which is intended to deal with failure of the router itself. At least that's how I understand it.
I recall a company that built triply-redundant servers.
So, the answer depends on which failures you're trying to avoid and how you're going about it.
When mentioning internet connectivity it's not only a separate IP address but a separate ISP!
My experience is that the ISPs and their internet feeds are less reliable than our internal systems.
This, in turn, will dictate a separate IP address range which, in most cases, is immaterial to you.
And, Cisco sells licenses to provide this kind of failover capability in a single device such as an ASA-5506.
But all this may be beyond your concerns with HSRP.
I recall a company that built triply-redundant servers.
So, the answer depends on which failures you're trying to avoid and how you're going about it.
When mentioning internet connectivity it's not only a separate IP address but a separate ISP!
My experience is that the ISPs and their internet feeds are less reliable than our internal systems.
This, in turn, will dictate a separate IP address range which, in most cases, is immaterial to you.
And, Cisco sells licenses to provide this kind of failover capability in a single device such as an ASA-5506.
But all this may be beyond your concerns with HSRP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That makes sense now....thanks
You're welcome.
So, you need 3 IP addresses from the same IP address range for HSRP scenario.