From: Mohammed Naviwala (monavy@gmail.com)
Date: Wed Oct 22 2008 - 14:41:19 ARST
how about changing the topolgy to below
______
ASA(Active) ----------- | | ------------ Router
-------------------------Provider Edge
|Switch|
ASA(Standby)-------- |______|------------ Router
-------------------------Provider Edge
you may configure the routers for the HSRP so u have the redundancy
on the CE-PE link, you use 2 sets of /30 global ip subnets to connect to the
PE (and NAT ur outgoing internet traffic)
run BGP and advertise your global IP Subnet (For the servies in DMZ) to the
PE
Have the provider load balance it on both the links.
you can also use 2 hsrp groups to have redundancy and load balancing.
On 10/22/08, sakthi vadivel <sakthivadivel.ccie@gmail.com> wrote:
>
> Hi Experts,
>
>
>
> I have Small Scenario. You guys can provide your view on this to come to a
> conclusion.
>
> I have a multi-tier scenario, which has got two routers in the WAN Edge and
> the customer has got 1 set of public IP segment to host their public
> servers
> behind the firewall. The physical layout will look like ;
>
>
>
>
> (public server)Dmz---- Firewall active (ASA)---2950
> switch IGW1-------internet
>
>
> |FO-LINK
> |Trunk
>
> Firewall standby (ASA)---2950
> Switch ___IGW2------internet
>
> Each of the IGW (Internet Gateway) has got two inbuilt giga interfaces; one
> is connected directly to the internet (MPLS) and another one connected to
> the switch. No direct connection between the IGW's.
>
> Running OSPF between these ASA's and IGW's (Broadcast Network
> Type).Injecting default route on IGW's.
>
> *My OBJECTIVE here is to achieve high availability and box level redundancy
> and want to make use my both internet routers and connections.*
>
>
>
> 1. What if I am getting internet connection from same provider? Is it
> possible to achieve high availability without doing any changes on the MPLS
> (PE) end? My internet traffic from inside to outside and our external
> traffic from outside to inside public servers
>
> 2. If my service provider is ready to configure two different gateways to
> my
> public IP address on the PE? (One pointing to my IGW1 with Normal AD and
> Another one pointing to my second IGW2 with more AD).In that case, only one
> link will be used most of the time..
>
> 3. What if my ISP is ready to run any dynamic protocols between PE and CE
> (IGW's)? Which one is preferred OSPF or BGP?
>
> Is there any other options are recommendation to follow on?
>
>
>
> Regards,
>
> Sak
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best RegardsMohammed Abdul Razzaq
If you are not small enough to loose, you are not big enough to win..
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST