high avalability netwrk solution

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

horladoqun

Thread Starter
Joined
Feb 23, 2009
Messages
43
Hello there,
I wish to implement a high available network in my organization.
I have designed the layout of the solution. At the moment, I use mikrotik devices but because we are scaling i seek counsel from Techguy on very good devices to use Cisco, juniper, or high end mikrotik.
Also of concern to me are security/security devices, easy of restoration in case of down time i.e. manageability, throughput and the likes.
Please peruse this layout and advice.
Thanks in anticipation for a quick response.
 

Attachments

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,651
Are you the partner cloud service? Is this network being hosted by an outside company?

For the internet service, that's pretty easy. Many routers/firewalls support a backup failover connection. Cisco calls this IP SLA. You set up the device to do a network connectivity check to something out on the Internet...ie ping. If the device can't ping that IP on the Internet, it'll rollover to the secondary/backup circuit.

For high availability of the router/firewall, there are different methods of doing this. For the firewalls, you can set up a active/standby setup. Many enterprises have this type of configuration. There is also active/active but that gets real messy in a hurry and I wouldn't recommend doing it unless you really need that type of network throughput....99.9% of organizations don't. For routers, there are is a standard protocol which allows the router to be paired up with another router to form an active/standby pair as the gateway for a particular subnet. This protocol is called VRRP. There are also other implementations like proxy ARP and Cisco's proprietary GLBP which goes to try to optimize network path usage by allowing both routers to process traffic but using a single IP for the gateway.

You need to clarify the APN links and why they're there.
 

horladoqun

Thread Starter
Joined
Feb 23, 2009
Messages
43
Hello zx10guy,

I am not the cloud service. A partner organization has the cloud service already in place, thus what my firm really wants to do is provide the channel for users to be able to carry out transactions and obtain feedback from the cloud service.

My firm is the one responsible for hosting the network as all traffic coming from users pass through us to the cloud and back.

The reason for the Telco APN links is that we have devices with SIM Card slots (these devices will be scattered all over a given region to avail end user a platform to do transactions), now due to wide spread of telco connectivity and availability, their SIM will be slotted in to the devices for the users at different regions.

The traffic coming from the users is to be carried within the APN to make it unique to my firm, once it gets to my end, the routers/firewalls and ISP based on config do their job of sending the traffic to our partner cloud service and within minutes (if not seconds) reverts.

From your response though, I have been able to deduce some info as to implementing the solution.
 

horladoqun

Thread Starter
Joined
Feb 23, 2009
Messages
43
Hello zx10guy,

Please I will like you to help with some information on the above. I have contacted 2 firms that I think would be able to deploy the solution for me.

I noted both of them kept talking about using Cyberoam as the device to be used. It got me thinking, hence I want your candid advice on the device that will best work in the said environment.

Cisco Device or Cyberoam?
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,651
I've never heard of Cyberoam until you mentioned them. I did find a mention of them in the NSS Labs report. They did a test of various firewalls to gauge effectiveness and over all cost of ownership. The Cyberoam didn't fare too well in the test. This test was done on mid sized enterprise firewalls. There was another one done for the top of the line firewalls which Cyberoam wasn't even mentioned.

Here is the chart:



Here is a link to part of the report:

http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2013-Firewall-SVM.pdf

As far as Cisco, at the time many of these test were done by NSS Labs, Cisco didn't have a next gen firewall. They do now. I'm not sure how they currently stack up against all the other competitors. I have worked with Cisco PIX and ASA firewalls. I also own two ASA 5505s but also own a pair of SonicWall TZ215s. My experience with the ASAs have been overall good. The management GUI (ASDM) is very good but I'm not a fan of what Cisco did in changing how NAT rules are defined with the new software versions. Keep in mind, there is what the industry calls the Cisco tax in SmartNet; Cisco's support contract which can be pretty expensive.

I don't know if you're open for other options. In addition to SonicWall and Cisco, I've worked with Juniper and WatchGuard. And also on the SMB side Netgear ProSafe firewalls. I can give you opinions on any of these vendors.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top