You can configure
pairs of routers to act as hot standbys for each other. This redundancy is
configured on an interface basis. Pairs of redundant interfaces are known as
redundancy groups. The figure below depicts the active-standby device scenario.
It shows how the redundancy group is configured for a pair of routers that has
one outgoing interface. The Redundancy Group Configuration—Two Outgoing
Interfaces figure depicts the active-active device scenario shows how two
redundancy groups are configured for a pair of routers that have two outgoing
interfaces.
Note that in both
cases, the redundant routers are joined by a configurable control link and a
data synchronization link. The control link is used to communicate the status
of the routers. The data synchronization link is used to transfer stateful
information from Network Address Translation (NAT) and the firewall and to
synchronize the stateful database for these applications.
Also, in both cases,
the pairs of redundant interfaces are configured with the same unique ID number
known as the RII.
Figure 1. Redundancy
Group Configuration—Two Outgoing Interfaces
Figure 2. Redundancy
Group Configuration
The following
scenarios are examples of Box-to-Box High Availability deployment for Cisco
CSR1000v routers:
Figure 3. CSR1000v
Box-to-Box High Availability on Two Independent Servers
In this deployment,
two redundant Cisco CSR 1000v routers are in two independent UCS servers. The
two Cisco Unified Computing System (UCS) servers can be in the same data center
or two different data centers in different regions. We recommended that you
configure two individual physical connections for box-to-box high availability
data and control links. However, if the two dedicated physical links are not
available, the box-to-box high availability data and control traffic can go
through different LAN extension connections. Box-to-Box high availability
parameters, such as heart beat period need to be adjusted to take into account
the extended delay.
LAN interfaces of
each Cisco CSR 1000v router are connected with UCS physical network interface
card (NIC) interfaces through switches (for example, ESXi L2 SW). The two
physical NICs on each UCS are connected to outside switch to form a box-to-box
pair. Gratuitous Address Resolution Protocols (ARP) is sent from CSR LAN
interfaces to reach physical switch and its Built-in Address (BIA).
Figure 4. CSR1000v
Box-to-Box High Availability on Cluster Server
In the above
deployment, NAT and Zone-Based Firewall (ZBFW) box-to-box high availability
also works on UCS cluster setup. In this case, box-to-box control and data
links go through virtual connections within the cluster. Switches (For example,
ESXi L2 SW) are used to connect the 2 redundant Cisco CSR 1000v routers to form
a box-to-box high availability pair; LAN interfaces on two Cisco CSR 1000v
routers are connected directly to the SW switches, and two physical NICs of the
cluster UCS are connected with the SW switches to communicate outside the
network.
Refer to the
Configuring Firewall Stateful Interchassis Redundancy
module for additional information on configurations and examples.