Options
Dual wan failover with hsrp/vrrp
liven_v2.0
Registered Users Posts: 5 ■□□□□□□□□□
in Off-Topic
So I have two pretty nice WAN side connections.
lets call them router A and router B
Router A will be the main internet drain for one of my offices and router B will handle all internal traffic.
I will have a default route on router A as well as routes to all other internal subnets (with less desirable metrics, weights, preferences etc). Router B will be the opposite of route A as far as routes. BGP will work on route A and B as well as the rest of my network.
Router A and B will be connected to each other.
Now this should give me redundancy but I don't have anyway to create a redundant gateway.
The routers are juniper SSG5 which have interface tracking.
I am trying to think of a switching configuration to allow for failover. I don't have layer three switches behind the firewalls but the switches I have do have spanning tree.
I realize spanning tree will not work for failover of this nature or at least I have never tried it in this configuration.
I also realize that the switch will become my single point of failure. I can get new switches to put behind the firewalls.
So I am looking for a configuration suggestion. Failover doesn't have to be as fast as hsrp or vrrp. But somewhat automatic.
Suggestions?
lets call them router A and router B
Router A will be the main internet drain for one of my offices and router B will handle all internal traffic.
I will have a default route on router A as well as routes to all other internal subnets (with less desirable metrics, weights, preferences etc). Router B will be the opposite of route A as far as routes. BGP will work on route A and B as well as the rest of my network.
Router A and B will be connected to each other.
Now this should give me redundancy but I don't have anyway to create a redundant gateway.
The routers are juniper SSG5 which have interface tracking.
I am trying to think of a switching configuration to allow for failover. I don't have layer three switches behind the firewalls but the switches I have do have spanning tree.
I realize spanning tree will not work for failover of this nature or at least I have never tried it in this configuration.
I also realize that the switch will become my single point of failure. I can get new switches to put behind the firewalls.
So I am looking for a configuration suggestion. Failover doesn't have to be as fast as hsrp or vrrp. But somewhat automatic.
Suggestions?
Comments
-
Optionsaordal
Member Posts: 372
Are you familiar with Cisco's IP SLA? I think junos has something similar to track interfaces and modify weights on routes. I think it's called RPM?
-
Optionsliven_v2.0
Registered Users Posts: 5 ■□□□□□□□□□
yes they have a track interface command...
I am more looking for how to control the linkage from the firewalls to the switches behind them.
I will have two different firewalls connecting to one switch.