Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

replacing CARP with Cisco possible ?

 

 

Cisco nsp RSS feed   Index | Next | Previous | View Threaded


nsp at rhanssen

Mar 1, 2012, 7:30 AM

Post #1 of 4 (878 views)
Permalink
replacing CARP with Cisco possible ?

Hello,

we have a few setups that do gateway failover with Linux + CARP and are
thinking if we can replace them with HRSP (or VRRP).

The CARP setups are configured that way now:
-a small non-public network (something like 192.168.0.0/30) is configured
on the interfaces and used to run CARP to avoid waste of public IPs.
-public IPs and static routes are enabled/disabled with the
up/down-Scripts (ip addr add/del x.x.x.x/y dev ethX, ip route add/del ...)

Looking into the config syntax im wondering if this setup can be done at
all with VRRP/HSRP.
Is there a way to configure virtual IPs that do not belong to the
"hard-coded" network (ip address x.x.x.x y.y.y.y) of the interface ?
I see that it is possible to configure other IPs, but this results in a
warning and there is no possibility to set the netmask at all.

Is there a possibility to have static routes that are only active if the
node has enabled the virtual IP ?

Is there anything else to take care of ?
Any limitations except the 4096 HSRP-IDs ?
We will be using SUP720-3B with 6548, 6748 and 6704 LCs, no DFCs.
All Layer 3 stuff is configured winside vlan-interfaces, all physical
interfaces are configured as switchports.

kind regards
Rolf

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


peter at rathlev

Mar 1, 2012, 9:00 AM

Post #2 of 4 (824 views)
Permalink
Re: replacing CARP with Cisco possible ? [In reply to]

On Thu, 2012-03-01 at 16:30 +0100, "Rolf Hanßen" wrote:
> Is there a way to configure virtual IPs that do not belong to the
> "hard-coded" network (ip address x.x.x.x y.y.y.y) of the interface ?
> I see that it is possible to configure other IPs, but this results in a
> warning and there is no possibility to set the netmask at all.

I was wondering the same some years ago. Take a look at this thread:

http://puck.nether.net/pipermail/cisco-nsp/2007-November/045409.html

We never got it to work. ARP requests are sourced from the real address,
and you cannot add a "connected static" route for a VRF enabled
interface, i.e. "ip route vrf A 192.168.1.0 255.255.255.0 Vlan50" fails.

Also keep in mind that TTL exceeded replies (traceroute) would source
from the "real" interface address.

> Is there a possibility to have static routes that are only active if the
> node has enabled the virtual IP ?

This in itself would be possible with an EEM script that follows the
HSRP log messages and adjusts the configuration. It would trigger a
configuration change, so Rancid or whatever you might use would log a
change every time the HSRP state changes.

> Is there anything else to take care of ?
> Any limitations except the 4096 HSRP-IDs ?

That's 256 for HSRPv1 by the way.

--
Peter


_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


nsp at rhanssen

Mar 2, 2012, 1:34 AM

Post #3 of 4 (819 views)
Permalink
Re: replacing CARP with Cisco possible ? [In reply to]

Hi,

any idea how other providers offer such redundancy to end customers (if
they do at all) ?
We have a mass of customers with /29 or /28 networks and losing IPs isn't
an option in such cases imo.
Using bigger networks would require giving up vlan separation each
customer, no option either.

regards
Rolf

> On Thu, 2012-03-01 at 16:30 +0100, "Rolf Hanßen" wrote:
>> Is there a way to configure virtual IPs that do not belong to the
>> "hard-coded" network (ip address x.x.x.x y.y.y.y) of the interface ?
>> I see that it is possible to configure other IPs, but this results in a
>> warning and there is no possibility to set the netmask at all.
>
> I was wondering the same some years ago. Take a look at this thread:
>
> http://puck.nether.net/pipermail/cisco-nsp/2007-November/045409.html
>
> We never got it to work. ARP requests are sourced from the real address,
> and you cannot add a "connected static" route for a VRF enabled
> interface, i.e. "ip route vrf A 192.168.1.0 255.255.255.0 Vlan50" fails.
>
> Also keep in mind that TTL exceeded replies (traceroute) would source
> from the "real" interface address.
>
>> Is there a possibility to have static routes that are only active if the
>> node has enabled the virtual IP ?
>
> This in itself would be possible with an EEM script that follows the
> HSRP log messages and adjusts the configuration. It would trigger a
> configuration change, so Rancid or whatever you might use would log a
> change every time the HSRP state changes.
>
>> Is there anything else to take care of ?
>> Any limitations except the 4096 HSRP-IDs ?
>
> That's 256 for HSRPv1 by the way.
>
> --
> Peter
>
>
>


_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


peter at rathlev

Mar 4, 2012, 9:18 AM

Post #4 of 4 (790 views)
Permalink
Re: replacing CARP with Cisco possible ? [In reply to]

On Fri, 2012-03-02 at 10:34 +0100, "Rolf Hanßen" wrote:
> any idea how other providers offer such redundancy to end customers
> (if they do at all) ? We have a mass of customers with /29 or /28
> networks and losing IPs isn't an option in such cases imo.

I don't think there's a way around using the extra IP addresses if you
want FHRP. Otherwise customers would typically get two /30 networks and
two BGP sessions, providing bette redundancy.

> Using bigger networks would require giving up vlan separation each
> customer, no option either.

You could use private VLANs (or protected ports of the access layer is
not too large) and still have customers layer 2 separated within that
same VLAN.

--
Peter

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.