|
Posted by Walter Roberson on May 2, 2006, 12:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
>I am trying to plan a VPN solution and need a little assistance. The
>plan is to have Site A and Site B as main hubs running active
>directory, exchange ,etc.
>We have multiple remote sites with cisco 831s and the main sites with
>3825s and one concentrator. The goal is to have a hardware VPN tunnel
>setup with Site A and in the event of an outage to the connection to
>Site A the connection to Site B would be utilized instead. Enabling no
>down time for the end user.
>What I don't want is traffic to Site B until Site A is offline. The
>switchover must be transparent to the end user.
Tricky. I suggest you switch to comp.dcom.sys.cisco
and that you read Vincent C. Jones' white papers
http://www.networkingunlimited.com/
Switching to a different site upon failure of one has some pitfalls
but those can be overcome without -too- much hair loss if you read
Vincent's works.
"No down time for the end user" is rather harder:
- if "stateful" firewalls are being used, then the firewalls
at the two sites must be kept in sync
- you have to decide whether it is acceptable to lose some
UDP (and other non-TCP) during the failover
- you have to be careful about "flapping" as site A comes back up
- you have someone re-synchronize the facilities at A and B as A
comes back up, such as replicating the new state of the Active Directory
tables -- and you have to either be *very* careful about that, or
else you have to pause all transactions so that a packet sent to B
can be replied to by A with exactly the same information it would
have received at B
- contrawise, as long as A is up, you have to have A be sending it
detailed synchronization updates so that B can take over with no
notice.
Does it really have to be done exactly the way you indicate?
Losing active TCP connections is often considered an acceptable
tradeoff for the costs and difficulties involved in the full
replication.
Would HSRP / VSRP be an acceptable alternative approach to
resource replication? (I don't know those well; I believe
they require that the alternative resources be on the same
segment -- but you might be able to fake that with Layer 2
Transparent VPNs.)
What are the potential sources of "outage" that you are
trying to protect against, and what are their probabilities?
For example, I notice you indicate "a concentrator", which implies
you have only one there instead of a failover pair. If maintenance
or hardware or power problems on the concentrator is a noticable
risk, then a failover pair of concentrators might improve the
situation... but if not done carefully will make the probability
of failure -higher-.
| 
XML site map