Hello,
I'm working on a design to provide redundancy for both DMVPN and BGP in a co-location where we will receive two circuits from our ISP - MPLS & Internet. The Internet circuit is used for DMVPN and the MPLS is what we will BGP peer with our ISP over.
This will support around 100 sites at 300Mbps throughput. We are a Cisco shop.
The problem I'm having is figuring out how to provide physical redundancy for all services. The hand-off is layer 2 so I'll have a stack of Cisco switches using Flex-stack that I run the hand-off to and the VLAN out the MPLS and Internet services. The firewalls will be in an HA pair where the Internet will terminate.However, I'm not sure how to do this with routers (physical redundancy). I've looked at using HSRP and BGP peering with the VIP (that seems to work fine in GNS3 but I'll need a /29 instead of a /30 from the ISP). I've looked at using HSRP and using the VIP for DMVPN (public IP NAT'd to the VIP from the firewalls) but I don't know what is best practice here. Lastly, I've also looked at something like SSO but to get a router that supports two route processors seems overkill for this (ASR-1004).
How have you guys achieved redundancy with routers at the edge of your network?
No comments:
Post a Comment