High Availability Network Services – Advanced Enterprise Campus Design

This section covers designs for high availability network services in the access layer.

Redundancy Models

When designing a network topology for a customer who has critical systems, services, or network paths, you should determine the likelihood that these components will fail and design redundancy where necessary. Consider incorporating one of the following types of redundancy into your design:

• Workstation-to-router redundancy in the building access layer
• Server redundancy in the data center
• Route redundancy within and between network components
• Link media redundancy in the access layer

The following sections discuss these types of redundancy models.

First-Hop Redundancy for LAN High Availability

Several protocols increase the ability of a workstation to reach its default gateway router on its network segment, including the following:

• Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP)
• Virtual Switching System (VSS)
• StackWise Virtual

The following sections cover these methods.

HSRP

Cisco Hot Standby Routing Protocol (HSRP) provides a way for an IP workstation that supports only one default router to keep communicating on the internetwork even if its default router becomes unavailable. HSRP works by creating a virtual router that has its own IP and MAC addresses. The workstations use this virtual IP address as their default router.

HSRP routers on a LAN communicate among themselves to designate two routers as active and standby. The active router sends periodic hello messages. The other HSRP routers listen for the hello messages. If the active router fails and the other HSRP routers stop receiving hello messages, the standby router takes over and becomes the active router. Because the new active router assumes both the phantom’s IP and MAC addresses, end nodes see no change. They continue to send packets to the phantom router’s MAC address, and the new active router delivers those packets.

The default HSRP timers are 3 seconds for the hello timer and 10 seconds for the dead timer. You can achieve subsecond failover with HSRP by setting the hello timer to 200 milliseconds and the dead timer to 750 milliseconds. It is recommended to configure HSRP with preemption. With preemption, the primary HSRP router reassumes the primary role when it comes back online. HSRP preemption should be explicitly configured because by default it is disabled. HSRP does not support load sharing as part of the protocol specification. To use both uplink paths to the distribution switches, different HSRP groups are configured for different VLANs, with the primary router configured for Switch A for some VLANs and the primary router configured for Switch B for other VLANs. HSRP has a native interface tracking mechanism that is used to track an uplink. If the uplink fails, the HSRP priority is reduced.

HSRP also works for proxy ARP. When an active HSRP router receives an ARP request for a node that is not on the local LAN, the router replies with the phantom router’s MAC address instead of its own. If the router that originally sent the ARP reply later loses its connection, the new active router can still deliver the traffic.

Figure 7-7 shows a sample implementation of HSRP.

Figure 7-7 HSRP: The Phantom Router Represents the Real Routers

In Figure 7-7, the following sequence occurs:

Step 1. The workstation is configured to use the phantom router (192.168.1.1) as its default router.

Step 2. Upon booting, the routers elect Router A as the HSRP active router. The active router does the work for the HSRP phantom. Router B is the HSRP standby router.

Step 3. When the workstation sends an ARP frame to find its default router, Router A responds with the phantom router’s MAC address.

Step 4. If Router A goes offline, Router B takes over as the active router and continues the delivery of the workstation’s packets. The change is transparent to the workstation.