Looking for help filling in how redundancy in the following model might work:
alt text http://www.kbrandt.com/files/NetworkSample.jpg
I believe my Datacenter will give me redundant gateways with two hand offs (going to have to talk to the more about this). Router A would be a 3825, and Router B would a 2811. The switches are Power Connect 5424s. The Web Server would have one public IP address (12.12.12.12) so no round robin DNS or anything like that. The routers would handle the NAT mapping of 12.12.12.12 10.10.0.5.
I am trying to understand how both the Layer 2 and Layer 3 setup might work:
- Would both links coming from the ISP be able to provide the same block range (If I had webservers 12.12.12.12 12.12.12.13 12.12.12.14 etc)?
- Would I have to set up NIC teaming on the webserver, plug each NIC into each switch, and then each switch to the router, without or without the switches connected to each other?
- If the datacenter gives me two HSRP handoffs, my routers see a virtual address so no special configuration on that side of the router? But, the LAN side of the router would I set up HSRP?
- If the switches are independent like in the diagram, and NIC were to fail in web server, and it was the one connected to the currently active router, that server would go down?
I am getting bits of pieces from googling, but am have trouble seeing the big picture of how a setup like this all fits together. If it isn't clear, this sort of network redundancy new to me :-)
Updated information: (Will use this section to add information requested or stuff I think of)
The gateway of each client (webserver) would would be the local IP of the router. There will actually be a few different internal networks attached to my routers. Each of these internal networks will get its own hand off from each router, and its own pair of switches. So I guess HSRP would be set up on the LAN side for each network. My routers also act as the firewalls. The routers are also endpoints for a separate MPLS network and VPN tunnels.
You would really need HSRP running on the inside interfaces of the routers so that you have a single gateway to the outside world.
As long as you have a solid layer 2 config on the inside, this should be fine otherwise. You would not want teaming on the webserver, however you might consider bridging to a single L3 address as long as you make sure that your spanning-tree setup is solid (else, there is the strong possibility of a bridge loop).
edit: if the comment above is correct in that the co-lo is handing you an HSRP address as your gateway, then disregard my comment about adding HSRP to the inside interface of those routers. At that point, the routers are actually sort of redundant, and you would be better served by putting a fault-tolerant firewall setup (some cheap PIXs or such) there.
I would set teaming in the web server to start with. Then both routers have to be connected to each switch. The problem is the gateway. Server will see the public ip of client, and it can only have one default gateway.
You can:
The HSRP ip 1 and 2 are not so clear on their usage