'Re: Highly available Internet connection'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Highly available Internet connection
From:       Chris Lonvick <clonvick () cisco ! com>
Date:       1997-01-31 23:10:05
[Download RAW message or body]

Hi folks,

The details of HSRP (Hot Standby Router Protocol) can be found at:
  http://www.cisco.com/warp/public/417/27.html

I wouldn't say that there is any "load sharing" between the two (or more)
routers participating in HSRP.  In essence, a Virtual MAC (VMAC) address is
passed back in response to an ARP from the Priamry HSRP router.  The Primary
HSRP router will accept packets destined to that VMAC.  If it dies, then the
Secondary will accept packets destined to the VMAC after the funeral (...
uhh, I mean to say, after the Secondary doesn't see any HSRP-Hello's within
a timeout period - usually 10 seconds, but it's configurable.)  

While these devices maintain a VMAC between them, each does have their own
unique MAC, and IP addresses and each maintains its' own routing tables.
So, if the primary fails, it should either have a real route to all known
destinations, or should have a default route.  If both are on the same
internal LAN segment as well as external LAN segment (DMZ) then they will
both have the same routing table.

As far as load sharing or balancing goes, if the routers have different
routing paths (one router has a connection to ISP-A and another has a
connection to ISP-B rather than being on the same DMZ LAN), they will
maintain different routing tables.  So, if you configure a workstation with
a default gateway (the Primary HSRP router), and it sends packets towards
it, then the Primary HSRP router may respond with an ICMP-redirect which
points to one of the backup HSRP routers.  In this way, some sessions may go
across the HSRP backup router.

Getting back to the original question, I'd opt for diversity throughout your
enterprise if it's _that_ important to you.   Most of the systems I've seen
have dealt with:
o  what if my firewall dies?
o  what if my link to my ISP dies?
o  what if my ISP dies?
Which have the same single point of failure: your central site.

Living in Houston, as elsewhere along the Gulf Coast, we worry about: what
if all communications to the city becomes unavailable?  (Not to press our
luck, but I think that we're statistically overdue for a really big
hurricane.)  So, to line this out with an example, if your Transaction
Processing machines (redundant, of course) are in Wichita and Des Moines,
then you should have ISP links in each of those cities which both of your TP
machines could access if 
o  the primary link were to fail
o  the other TP machine were to fail
o  that really big hurricane was to get to one city or the other.

+++ Some commercialism follows +++  stop reading here if this offends you.
(hey, I gotta' make a living!)

The Cisco PIX does have a failover feature.  
  http://www.cisco.com/warp/public/146/Intrafirewall.html
which does address the issue of "what if my firewall dies?"

It is usually deployed on the same internal LAN and same DMZ-LAN.  However,
just thinking about it, it should be possible to deploy them both on an
internal LAN, but on different external LANs with routers going to different
ISPs.  Since the PIX is session stateful (the routers are, by default, not
stateful), sessions would be broken if the primary fails but general
connectivity would be maintained.  

Hope this helps,

Chris Lonvick
Cisco Systems
Consulting Engineering
Houston, TX, USA
+1-713-778-5663




At 10:38 AM 1/31/97 -0500, CCCRE.CCULL@capital.ge.com wrote:
>     >>Are they one on the same box or is it two different router that
>     >>automatically drop to a redundancy ? Thanks.
>
>     >>-- Joel
>
>     i didn't get your e-mail address joel,  so i'm having to repond
>     here...
>
>     they are 2 physically seperate boxes (referring to cisco's hot standby
>     protocol).  i'm not sure if they do anything like load balancing,  or
>     if the split between the 2 is more static.  however,  i do know that
>     when one fails,  the other one picks up it's load.  i'm working from 4
>     month old memory here,  so this stuff is a little foggy....  but it
>     seems like the 2 routers are seen (ip-wise) as 1 virtual router.  i
>     guess each router knows the other's routing table,  but just ignores
>     that portion as long as the other router is functional. if they DIDN'T
>     know each others table,  and 1 of the routers failed,  there'd be a
>     lag while it updated,  and i remember no perceptible lag when we
>     tested these....
>
>     chris cull
>     cccre.ccull@capital.ge.com
>
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic