Redundant 71001U router linked to seperate switches
-
Hi all,
First of thank you all that are able to shed some light on things. I've gone into the deep end on this. We just recently purchased two 71001Us with 4port SFP+ to act as HA router for our existing 71001U firewall which we've also purchased a second to act as spare or if possible a HA partner. We plan to link these via the built in GBICs. But that comes after my hurdle lol.
We also purchased 2 Ubiquiti Aggregate Pro Switches that we would like redundantly linked to this 71001U router pair. One Aggregate for our upstairs switches and one for our downstairs switches. I believe I am looking at creating a bridge with one link going to each aggregate, then could I CARP that bridge? I've read that this is frowned upon or may need special attention. But if that is the case what is the best setup for what I am trying to accomplish where if one router fails the other takes over the path to the firewall?
Any insights would be greatly appreciated.
-
-
We've simplified down to a single links and have the core 7100s sync'd and carp'd using the quad sfp+ addon card to link to our aggregates. The FWs have also been sync'd
However when connecting ix0 to ix0 from router to FW our secondary reports MASTER as well. I was under the impression that only IX2 and IX3 were part of the marvell switch and that IX0 and IX1 would be discrete interfaces and we could get a heartbeat from them. That doesn't appear to be the case though. It shows backup just on startup and immediately switches to MASTER claiming the MASTER has timed out.
-
What a facepalm moment. Figured out the MASTER MASTER I believe. We don't have any way for the IX0 IP to talk to the backup interface. For some reason I figured the heartbeat for the interface would be carried over the SYNC interface communication.
I really don't want to introduce a single point of failure switch inbetween these 4 XG-7100s. I'm not sure what the best course of action is here.
-
I really wish I could edit the old posts.
Just wanted to give an update. We have come up with our work around. Not sure it is the proper or most clean way to make this work. But we have gotten the desired outcome.
Rather than a direct link between the router and paired firewall we added a vlan to the existing ixl0 on the router for firewall communication and then plugged the firewall ix0 into an aggregate switch port on that vlan. Now if either router, firewall, or aggregate switch fail the backup(s) kick on depending the need.. Thank you to anyone who may have read this and was thinking of a solution yet had not posted. Did not want to leave anyone else hanging. I'll keep this up in case someone else shares our mistaken design ideas. :P!
