Load Balance and High Availability.
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by rcp on July 19, 2005, 9:16 pm
Please log in for more thread options Hi, I am going to setup VPN in two 2821 with IOS 12.3(14)T1. I want to setup two 2821 routers and do both Load Balance and High Availability with one ISP and configure the same VPN setup in both routers. Is IPSec Load Balance and High Availability possible? If so how to do it? Is any othere special hardware/module need? | ||||||||||||||||
|
Posted by Vincent C Jones on July 20, 2005, 9:33 am
Please log in for more thread options Insufficient explanation - two 2821's at one site (in which case what is at the other end of the VPN) or one at each end of the VPN? >I want to setup two 2821 routers and do both Load Balance and High
>Availability with one ISP and configure the same VPN setup in both >routers. Is your goal HA to your ISP? HA to the Internet? or HA to the other end of the VPN? All of the preceeding? Something else? >Is IPSec Load Balance and High Availability possible?
Yes. >If so how to do it?
Very carefully, with a solid set of requirements (and budget) for what service must be HA and where the bandwidth must be shared (and how well). However, as a general guideline... Load Balancing -- High Availability -- Cost/Complexity You only get to pick two out of three. >Is any othere special hardware/module need?
Unable to determine based on the vagueness of the specifications. Good luck and have fun! -- Vincent C Jones, Consultant Expert advice and a helping hand Networking Unlimited, Inc. for those who want to manage and Tenafly, NJ Phone: 201 568-7810 control their networking destiny http://www.networkingunlimited.com | ||||||||||||||||
|
Posted by rcp on July 21, 2005, 12:07 am
Please log in for more thread options
Hi, Thankyou very much for the reply. The two 2821 is in H.O and other end B.O is 1800 and 2800 series routers. My goal is Load Balance and High Availability between two 2821 is in H.O for IPSec. I pick Load Balancing -- High Availability from the three options. The two ISR 2821 is also having AIM-VPN/EPII-PLUS module. My IPSec setup dosent have any dynamic routing protocol configured and also not using DMVPN. Can you please give some details on how to configure. | ||||||||||||||||
|
Posted by Vincent C Jones on July 21, 2005, 4:19 pm
Please log in for more thread options
>Hi,
>Thankyou very much for the reply. >The two 2821 is in H.O and other end B.O is 1800 and 2800 series >routers. >My goal is Load Balance and High Availability between two 2821 is in >H.O for IPSec. >I pick Load Balancing -- High Availability from the three options. This answer implies an unlimited budget, so why not just hire a competent consultant to do the job for you rather than looking for a freebie off of Usenet? (Hint: If the "consultant" comes in and says here's your solution--before spending time finding out what your problem really is--grab your wallet and run. You hired a salesman rather than a consultant.) >The two ISR 2821 is also having AIM-VPN/EPII-PLUS module.
> >My IPSec setup dosent have any dynamic routing protocol configured and >also not using DMVPN. This is typically not an appropriate approach to HA. You can't select an alternate route unless you have a mechanism to detect the need for an alternate route. Of course, simply turning on a routing protocol is rarely sufficient to meet significant HA goals, although it is usually part of the solution. >Can you please give some details on how to configure.
If I were you, I would start by hiring a consultant who understands HA and can walk you through the definition of your REAL requirements. HA per se is NOT a meaningful design goal. You need to define not only what average availability is necessary (aka, how many nines), but also what duration of downtime is acceptable, what time is available for testing and maintenance, what network management facilities are available, what skills are accessible with what delay, how the applications which are paying for the high availability react to various failure modes, and so on and so forth. Once the requirements are known, the design can start, which could range from a simple load sharing of two VPNs with automated failover to a full soup to nuts redesign of the entire network to ensure no single point of failure anywhere in the network (which includes switches, servers, locations, as well as VPN set up). Frequently, changes to the critical applications to allow them to be more fault tolerant are a crucial part of the solution. If you grab a copy of my book and spend some time reading it, you'll see why I'm saying that providing "some details on how to configure" is premature at this point. If you were my client, I would spend some time with you (up to several days, if your HA needs turn out to be serious) to define the real requirements so that the appropriate trade offs can be made in the design. Once the requirements (which include budget constraints) are known, the design and implementation (and testing thereof) can begin. A solid HA with load sharing design takes considerable (typically days) of effort to ensure that the design actually improves the network availability. Adding redundancy only improves availability if the design and implementation and management are all done correctly. Getting four or more nines of availability, even without load sharing, requires a significant commitment beyond the design to include the process of running the network on a day-to-day basis. You're not going to get that kind of effort out of Usenet as a freebie. Good luck and have fun! -- Vincent C Jones, Consultant Expert advice and a helping hand Networking Unlimited, Inc. for those who want to manage and Tenafly, NJ Phone: 201 568-7810 control their networking destiny http://www.networkingunlimited.com | ||||||||||||||||
|
Posted by rcp on July 21, 2005, 11:25 pm
Please log in for more thread options
Hi, Thank you very much for the explanation. I was reading some of your White Papers. Was able to get some more design details from it. I am studying Load Balance and High Availability and created a scenario for my test lab. My test lab devices are Cisco and one device is not Cisco, it support VPN, but no support for dynamic routing protocol. So I was thinking how to design the Load Balance and High Availability between Cisco and other non-Cisco device. I think between Cisco device, with HSRP and RRI, the HA can be achieved, but for load-balancing between two routers for vpn traffic.......??? Please correct if it is wrong. | ||||||||||||||||
| Similar Threads | Posted |
| Load Balance and High Availability. | July 19, 2005, 9:16 pm |
| Load Balance and High Availability. | July 19, 2005, 9:16 pm |
| STP and high availability | November 19, 2005, 11:29 am |
| NAT and high availability | November 21, 2006, 12:40 pm |
| ASA/PIX High Availability | February 10, 2007, 11:39 pm |
| GRE high availability with HSRP routers | February 27, 2006, 6:54 am |
| High Availability for TCP socket using device | September 16, 2007, 6:49 pm |
| high availability Internet connection | April 15, 2008, 1:20 pm |
| port-channel load-balance | May 29, 2006, 12:10 pm |
| Load balance between two parallel paths | June 21, 2006, 6:26 am |
| Load Balance with Cisco ISR 1801 | December 5, 2007, 5:45 pm |
| Load Balance 2 FRAME RELAY CIRCUITS | July 5, 2005, 10:02 am |
| [Cisco ISR 1800] Load Balance over two xDSL | November 20, 2007, 6:11 pm |
| 1812w Load Balance two internet connections | October 27, 2008, 9:53 am |
| Max Clients, Load Balance on Aironet 1231? I have 200 PDA's! | August 23, 2007, 1:18 pm |
>I am going to setup VPN in two 2821 with IOS 12.3(14)T1.