Hello,
I am thinking over some scenarios and wanted just some high level advice. I have a main hub site with a single ISP connection. Company purchased a new location that will basically house all the administration staff while the operations staff will stay at hub site. Wanted to purchase a totally independent ISP connection separate from the HUB site, and use them as fail-over between each other. So, if Hub site's connection was lost, traffic would route to the spoke location ISP and visa versa.
Company is a Cisco and Palo Alto shop. I am familiar with BGP multi-homing and multi-path with dual ISP connections to a single site, but something I haven't done is using BGP multi-homing configuration over two geographically separate sites with a single connection at each site. The intent is to have Hub site clients use it's ISP connection unless it failed. The spoke site would also use it's single ISP connections unless it failed. Should a connection fail, then traffic would pass over to the other site and use its ISP connection. So, not an active active load-sharing scenario. More, of an Active-Passive scenario from a single site's point of view.
In my mind I'm thinking:
HUB Site A Inet --> WAN Edge Router --> Pair of DMZ switches --> Pair of Collapsed Core Switches --> Palo Alto Firewalls and Access Switches will connect off of the Collapsed Core Switches.
Spoke Site B Inet --> WAN Edge Router --> A pair of Layer 2 switches --> Pair of Collapsed Core Switches --> Palo Alto Firewalls and Access Switches will connect off of the Collapsed Core switches.
**The part i'm fuzzy about.. For the failover to be possible, wouldn't there need to be a layer 3 connection between each WAN edge router at the site?
What technology would be best to use for the fail-over scenario? HSRP? BGP multi-homing? Policy-based Routing? IP SLA for interface fail-over?
No comments:
Post a Comment