Hi,
I'm setting up a new colocation cabinet, and am trying to implement a redundant network architecture. If you wouldn't mind taking a look to see if I'm on the right track:
(1) 2 fast ethernet connections from ISP, each connected to a separate router, with HSRP failover configured between them. (This is a multihomed mix of several upstream providers.) (2) An unmanaged fast ethernet switch for the two ISP connections, and one connection to each of the firewalls. (3) Two Cisco ASA 5510 firewalls, with a direct failover link (crossover cable) between them, connected to the front-end switch on the outside interfaces, and to internal switches on the internal interfaces. Each inside interface is connected to one of the internal switches. (4) Two HP Procurve 2824 switches. Each one is connected to exactly one of the firewalls. They also have an 802.1Q trunk connection between them. I'll configure several VLANs to connect to these switches. The switches run STP to eliminate loops. (5) About 12 servers, each with redundant NICs. Each NIC is connected to one of the Procurve switches.
Failure modes:
-- Server NIC or single port on the Procurve fails: STP on the Procurves recalculates the tree and the other connection takes over.
-- One of the Procurves fails: The connected firewall will detect a failure and failover to the backup unit. The other Procurve will use STP to recalculate the tree and the servers will remain connected via their secondary NICs.
-- One of the firewalls fails: Failover will be initiated and the backup firewall will take over. STP will recalculate the tree and traffic can still flow through the backup firewall.
-- The front-end switch fails: I'm hosed. This is the piece I need help with. Is it possible to introduce redundancy here? What is the proper way to aggregate these two connections given that only one of them is active at any given time?
-- One of the ISPs routers fails: HSRP will kick in and I'll retain connectivity through the second drop.
Networking is not my specialty, so I'd appreciate your guidance / feedback.
Thanks, Matt