Designing Fault-Tolerant TCP/IP WANs
Designing the Central-Site Connections
The central site houses databases and host applications for remote-user access. It usually has multiple leased-line connections to the WAN backbone. However, because of the way lines are supplied by carriers, this may not mean multiple physical paths for redundancy. In large metropolitan areas, carriers are delivering data service to large users via SONET, usually over optical fiber cabling that forms part of a ring.
By running an optical fiber cable into a building, the carrier can supply multiple T1-capacity links without multiple copper wires. The SONET ring topology is implemented with the idea that if one side of the optical fiber ring to your bui
lding experiences a problem, traffic can be routed through the other side of the ring. This works as long as there are two diverse cable routes and points of access for the optical fiber cables into the building. If the loop of the optical fiber ring that feeds your central site is physically routed through the same cable run at any stage, you have a single point of failure for the entire network.
If you are not lucky enough to get fiber direct to your building, you will need to build multiple, diverse copper links from the carrier to your building for backbone WAN connections.
WANs use dynamic routing protocols, such as the Interior Gateway Routing Protocol (IGRP) or Open Shortest Path First (OSPF) protocol, to ensure that if a link or router becomes unavailable, alternate routes are used. However, in practice, you still need to be concerned with how central-site hosts react to central-site router failures.
Typically, a host machine will be configured for one router address as the default router
(sometimes referred to as the default gateway). If the host has to send any traffic to a network address that is not on the directly connected segment (for example, a remote branch), it will send the traffic to the default router, which will route the traf
fic through the distribution and backbone networks to its ultimate destination. This becomes a problem for the host only when its default gateway fails.
There are two options available to eliminate the central router as a single point of failure. Cisco Systems has developed the Hot Standby Router Protocol (HSRP) for its routers. This proprietary mechanism provides router fault tolerance. The second option is the Internet Engineering Task Force's (IETF) Router Discovery Protocol (IRDP).
The functionality of these protocols can best be depicted by "Central Site WAN Connections,", which shows how WAN interconnections may be implemented with physical hardware for our Chicago head office.
If the hosts are configured using default gateways, each will send traffic destined for remote network numbers to its default gateway. If a default gateway fails, routing devices on the network (assuming that a routing protocol like IGRP is in use) will adjust their routing tables to reflect the change in network topology and will recalculate new paths to route around this failure. The hosts, however, do not run IGRP and cannot participate in this process. The hosts continue sending traffic destined for remote networks to the failed router, and remote access to the hosts will not be restored.
IRDP requires a host TCP/IP stack that is IRDP-aware. A host that uses IRDP to get around this problem listens for "hello" packets from the router it is using to connect to remote networks. If these packets stop arriving, the host uses another router to connect to the remote networks. Unfortunately, not all hosts support IRDP. Cisco developed HSRP to support these non-IRDP hosts.
To implement HSRP, you mu
st manually configure each host to use a default gateway IP address of a router that does not physically exist, in essence a "ghost" router, which is referred to by Cisco documentation as a phantom. In "Central Site WAN Connections," Router 1 and Router 2 are configured to provide HSRP funct
ionality to the hosts. To achieve this, you need to enable HSRP on each router and tell them the IP address of the phantom (in this case, 193.1.1.6). The active router--1 or 2, whichever was elected as the active router at bootup--will respond to ARP requests for the phantom's Media Access Control (MAC) address with a MAC address allocated from a pool of Cisco MAC addresses reserved for phantoms.
|
REPORTS
ANALYTICS
Follow 
