network architecture (high availability)

[abdel5]

Good evening everyone,

Currently I work on the establishment of a network architecture for high availability (minimum required). I base this on redundant links.

I am trying to define the prerequisites:
2 Internet access, two routers (ISP Box), 2 firewalls, 2 switches.

Here is the schema of the architecture:


Uploaded with ImageShack.us

My question is:
- Do I need switches that have the technology stack for a failover server on the links or just the NIC teaming.
- OSPF between routers and firewall is the best solution ?

Any comments is welcome, to help me in my choices.
THANK YOU

 

[Fwenk]

Hi,

Why not just keep it a little simpler, like this:

ISP1 --> Router1 (DHCP for subnet1) --> switch1 --> all servers with 2 NICs
ISP2 --> Router2 (DHCP for subnet2) --> switch2 --> all servers with 2 NICs

You then configure some of the servers to go primarily over sub1 and some others to go over sub2. If anything fails (let's say switch1) then all traffic will be redirected to sub2 and one of you server that has been redirected would alert you of the change so you know something is wrong and you can fix it before something else fails. I know it does not look as redundant as what you described, but anyway, you scenario can not survive the failure of any 2 same item (2 switches, firewalls, etc.)

Also, remember to chose 2 different ISPs, on 2 separate networks (like one cable and one DSL) so you have redundancy there as well. Having, for example, 2 DSL (even from different providers) could mean relying on the same physical network, which will do you no good if that single network fails...

 

[stevech]

My TimeWarner cable modem, residential service (they offer business class too), has as good up-time as my old AT&T POTS phone service. Very good. For backup, I use a Cradlepoint router which has a USB port and firmware to automatically fail-over to cellular, Verizon EV-DO in my case. I've used it only once in two years. I take the USB modem for verizon that I carry on travel and stick it into the router.

I think that since they now carry their digital phone on the same infrustruture, they are much more attentive to service assurance.

But for a business, maybe you really do want two DSL lines?

I just shopped for T1 for a project at work, it's down to $260/mo. Not super fast, but it does have an SLA and 24/7 response.

 

[Fwenk]

I've also used that scenario (with failover on a USB cellular modem). It's a good and inexpensive way to have failover. But, in my case, some ports (i.e. HTTP80 and SMTP25) were blocked by my provider, so it could not provide failover for my e-mail server. There are always ways to patch for that too, but just keep that in mind.