Load Balance and High Availability.

Discussion in 'Cisco' started by rcp, Jul 20, 2005.

  1. rcp

    rcp Guest

    Hi,
    I am going to setup VPN in two 2821 with IOS 12.3(14)T1.
    I want to setup two 2821 routers and do both Load Balance and High
    Availability with one ISP and configure the same VPN setup in both
    routers.
    Is IPSec Load Balance and High Availability possible?
    If so how to do it?
    Is any othere special hardware/module need?
     
    rcp, Jul 20, 2005
    #1
    1. Advertising

  2. In article <>,
    rcp <> wrote:
    >Hi,
    >I am going to setup VPN in two 2821 with IOS 12.3(14)T1.


    Insufficient explanation - two 2821's at one site (in which case
    what is at the other end of the VPN) or one at each end of the VPN?

    >I want to setup two 2821 routers and do both Load Balance and High
    >Availability with one ISP and configure the same VPN setup in both
    >routers.


    Is your goal HA to your ISP? HA to the Internet? or HA to the other end
    of the VPN? All of the preceeding? Something else?

    >Is IPSec Load Balance and High Availability possible?


    Yes.

    >If so how to do it?


    Very carefully, with a solid set of requirements (and budget)
    for what service must be HA and where the bandwidth must be shared
    (and how well). However, as a general guideline...

    Load Balancing -- High Availability -- Cost/Complexity
    You only get to pick two out of three.

    >Is any othere special hardware/module need?


    Unable to determine based on the vagueness of the specifications.

    Good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Jul 20, 2005
    #2
    1. Advertising

  3. rcp

    rcp Guest

    Hi,
    Thankyou very much for the reply.
    The two 2821 is in H.O and other end B.O is 1800 and 2800 series
    routers.
    My goal is Load Balance and High Availability between two 2821 is in
    H.O for IPSec.
    I pick Load Balancing -- High Availability from the three options.
    The two ISR 2821 is also having AIM-VPN/EPII-PLUS module.

    My IPSec setup dosent have any dynamic routing protocol configured and
    also not using DMVPN.

    Can you please give some details on how to configure.
     
    rcp, Jul 21, 2005
    #3
  4. In article <>,
    rcp <> wrote:
    >Hi,
    >Thankyou very much for the reply.
    >The two 2821 is in H.O and other end B.O is 1800 and 2800 series
    >routers.
    >My goal is Load Balance and High Availability between two 2821 is in
    >H.O for IPSec.
    >I pick Load Balancing -- High Availability from the three options.


    This answer implies an unlimited budget, so why not just hire a
    competent consultant to do the job for you rather than looking
    for a freebie off of Usenet? (Hint: If the "consultant" comes in
    and says here's your solution--before spending time finding out
    what your problem really is--grab your wallet and run. You hired
    a salesman rather than a consultant.)

    >The two ISR 2821 is also having AIM-VPN/EPII-PLUS module.
    >
    >My IPSec setup dosent have any dynamic routing protocol configured and
    >also not using DMVPN.


    This is typically not an appropriate approach to HA. You can't
    select an alternate route unless you have a mechanism to detect
    the need for an alternate route. Of course, simply turning on a
    routing protocol is rarely sufficient to meet significant HA goals,
    although it is usually part of the solution.

    >Can you please give some details on how to configure.


    If I were you, I would start by hiring a consultant who
    understands HA and can walk you through the definition of your REAL
    requirements. HA per se is NOT a meaningful design goal. You need
    to define not only what average availability is necessary (aka,
    how many nines), but also what duration of downtime is acceptable,
    what time is available for testing and maintenance, what network
    management facilities are available, what skills are accessible
    with what delay, how the applications which are paying for the high
    availability react to various failure modes, and so on and so forth.

    Once the requirements are known, the design can start, which could
    range from a simple load sharing of two VPNs with automated failover
    to a full soup to nuts redesign of the entire network to ensure
    no single point of failure anywhere in the network (which includes
    switches, servers, locations, as well as VPN set up). Frequently,
    changes to the critical applications to allow them to be more fault
    tolerant are a crucial part of the solution.

    If you grab a copy of my book and spend some time reading it, you'll
    see why I'm saying that providing "some details on how to configure"
    is premature at this point. If you were my client, I would spend some
    time with you (up to several days, if your HA needs turn out to be
    serious) to define the real requirements so that the appropriate trade
    offs can be made in the design. Once the requirements (which include
    budget constraints) are known, the design and implementation (and
    testing thereof) can begin.

    A solid HA with load sharing design takes considerable (typically
    days) of effort to ensure that the design actually improves the
    network availability. Adding redundancy only improves availability
    if the design and implementation and management are all done
    correctly. Getting four or more nines of availability, even without
    load sharing, requires a significant commitment beyond the design to
    include the process of running the network on a day-to-day basis.
    You're not going to get that kind of effort out of Usenet as
    a freebie.

    Good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Jul 21, 2005
    #4
  5. rcp

    rcp Guest

    Hi,
    Thank you very much for the explanation.
    I was reading some of your White Papers. Was able to get some more
    design details from it.
    I am studying Load Balance and High Availability and created a scenario
    for my test lab.
    My test lab devices are Cisco and one device is not Cisco, it support
    VPN, but no support for dynamic routing protocol.
    So I was thinking how to design the Load Balance and High Availability
    between Cisco and other non-Cisco device.

    I think between Cisco device, with HSRP and RRI, the HA can be
    achieved, but for load-balancing between two routers for vpn
    traffic.......???
    Please correct if it is wrong.
     
    rcp, Jul 22, 2005
    #5
  6. In article <>,
    rcp <> wrote:
    >Hi,
    >Thank you very much for the explanation.
    >I was reading some of your White Papers. Was able to get some more
    >design details from it.
    >I am studying Load Balance and High Availability and created a scenario
    >for my test lab.
    >My test lab devices are Cisco and one device is not Cisco, it support
    >VPN, but no support for dynamic routing protocol.
    >So I was thinking how to design the Load Balance and High Availability
    >between Cisco and other non-Cisco device.
    >
    >I think between Cisco device, with HSRP and RRI, the HA can be
    >achieved, but for load-balancing between two routers for vpn
    >traffic.......???
    >Please correct if it is wrong.


    I won't say that you are "wrong" but I will say that you are going
    to learn a lot playing with what you have and simulating various
    failure modes in the lab. HSRP and RRI can both contribute to
    detecting and responding to various failure modes, but each has
    significant limitations.

    Remember as you experiment that when a failure occurs, you need to
    adjust the paths used for both directions and what counts is the
    two end systems being able to continue to communicate. Also keep in
    mind that between the time a failure occurs and the time when that
    failure is detected by all concerned, the network is down. Also
    keep in mind that you not only need a mechanism to switch from
    primary path to backup path, but also a mechanism to switch back
    from the backup path to the primary path when said primary path is
    restored. Also note that all of these comments ignore the issue of
    providing useful load balancing or working around Cisco bugs in how
    the IOS does its thing on various platforms in various feature sets
    and release trains.

    For a better learning experience, start by experimenting with
    load balancing and redundant link failover independently. Once
    you master both in isolation, you can try combining them in the
    same configuration.

    God luck and have fun!

    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Jul 25, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PJML
    Replies:
    4
    Views:
    7,463
  2. rcp
    Replies:
    0
    Views:
    450
  3. Replies:
    14
    Views:
    5,068
    zephyrus
    Dec 26, 2011
  4. jeff liss
    Replies:
    1
    Views:
    522
    Andrew
    Sep 5, 2003
  5. 88059355

    Life Balance Coaching: Balance Work And Life Like A Pro

    88059355, Jan 6, 2008, in forum: Digital Photography
    Replies:
    1
    Views:
    633
Loading...

Share This Page