You guys have helped me a lot in the past, but I'm on a difficult task now that I could really use some help on. This is a fun one.
To start this off, I'll provide a brief history with what my company is trying to do for link and device failover.
A long time ago we had two Cisco 1921 routers. We deprecated those and got a single Cisco Meraki MX100. We later bought a second MX100 that we were hoping to configure in a warm spare configuration. This is somewhat easy with one line and enough private IP addresses in a subnet (one IP for each router and one IP for the virtual link). And if the main MX100 fails, we could just plug in the line from our ISP into the second MX100. (I think)
But we now have two completely separate lines from our ISP that go to two different places in the state. Effectively, it's like having two different ISPs.
For maximum load balancing, this is the path we'll most likely go on:
First, configuring our two Cisco 1921 routers each with it's own line from the different locations. Our ISP wants us to use BGP on each router so if one link goes down, it'll automatically switch to the other link.
From there, we'll configure the two 1921 routers to connect to each other via iBGP. Then we'll use three IP addresses for the two routers. Two for the routers, and one for the virtual link.
We go on to naturally connect those 1921 routers to our two Cisco Merakis in a warm spare configuration. In theory, if one 1921 router goes down, we have an extra. If a Meraki goes down we have spare. If a link goes down, we have another. This is all for making sure we have little down time if a device or link goes down.
So here's what I think we need: 6 IP addresses from our ISP (3 on 2 different subnets. 3 for the 2 Cisco 1921 routers and 3 for 2 Cisco Meraki firewalls), and AS numbers for each BGP connection (including the iBGP connection).
This is all theory-crafting at the time, but does all this make sense? This is my first time configuring anything quite like this or working with BGP (or really any dynamic routing protocol for that matter) so it sometimes it's difficult to wrap my head around.
Does anyone have suggestions on what we could do? Would this even work? Do I theoretically have everything I need? Could just use some help theory-crafting and getting ideas from people who are much more experience than myself. Any help is appreciated.
tl;dr I have two Cisco routers, two Cisco Meraki firewalls, and two separate lines from our ISP. The two lines each need to have BGP configured. I need to configure all of this into a failover setup so if one single thing fails, it will all still work with minimal down time.
No comments:
Post a Comment