1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

high avalability netwrk solution

Discussion in 'Networking' started by horladoqun, Jan 26, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello there,
    I wish to implement a high available network in my organization.
    I have designed the layout of the solution. At the moment, I use mikrotik devices but because we are scaling i seek counsel from Techguy on very good devices to use Cisco, juniper, or high end mikrotik.
    Also of concern to me are security/security devices, easy of restoration in case of down time i.e. manageability, throughput and the likes.
    Please peruse this layout and advice.
    Thanks in anticipation for a quick response.
     

    Attached Files:

  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    Are you the partner cloud service? Is this network being hosted by an outside company?

    For the internet service, that's pretty easy. Many routers/firewalls support a backup failover connection. Cisco calls this IP SLA. You set up the device to do a network connectivity check to something out on the Internet...ie ping. If the device can't ping that IP on the Internet, it'll rollover to the secondary/backup circuit.

    For high availability of the router/firewall, there are different methods of doing this. For the firewalls, you can set up a active/standby setup. Many enterprises have this type of configuration. There is also active/active but that gets real messy in a hurry and I wouldn't recommend doing it unless you really need that type of network throughput....99.9% of organizations don't. For routers, there are is a standard protocol which allows the router to be paired up with another router to form an active/standby pair as the gateway for a particular subnet. This protocol is called VRRP. There are also other implementations like proxy ARP and Cisco's proprietary GLBP which goes to try to optimize network path usage by allowing both routers to process traffic but using a single IP for the gateway.

    You need to clarify the APN links and why they're there.
     
  3. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,

    I am not the cloud service. A partner organization has the cloud service already in place, thus what my firm really wants to do is provide the channel for users to be able to carry out transactions and obtain feedback from the cloud service.

    My firm is the one responsible for hosting the network as all traffic coming from users pass through us to the cloud and back.

    The reason for the Telco APN links is that we have devices with SIM Card slots (these devices will be scattered all over a given region to avail end user a platform to do transactions), now due to wide spread of telco connectivity and availability, their SIM will be slotted in to the devices for the users at different regions.

    The traffic coming from the users is to be carried within the APN to make it unique to my firm, once it gets to my end, the routers/firewalls and ISP based on config do their job of sending the traffic to our partner cloud service and within minutes (if not seconds) reverts.

    From your response though, I have been able to deduce some info as to implementing the solution.
     
  4. horladoqun

    horladoqun Thread Starter

    Joined:
    Feb 23, 2009
    Messages:
    43
    Hello zx10guy,

    Please I will like you to help with some information on the above. I have contacted 2 firms that I think would be able to deploy the solution for me.

    I noted both of them kept talking about using Cyberoam as the device to be used. It got me thinking, hence I want your candid advice on the device that will best work in the said environment.

    Cisco Device or Cyberoam?
     
  5. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,272
    I've never heard of Cyberoam until you mentioned them. I did find a mention of them in the NSS Labs report. They did a test of various firewalls to gauge effectiveness and over all cost of ownership. The Cyberoam didn't fare too well in the test. This test was done on mid sized enterprise firewalls. There was another one done for the top of the line firewalls which Cyberoam wasn't even mentioned.

    Here is the chart:

    [​IMG]

    Here is a link to part of the report:

    http://www.fortinet.com/sites/default/files/whitepapers/NSS-Labs-2013-Firewall-SVM.pdf

    As far as Cisco, at the time many of these test were done by NSS Labs, Cisco didn't have a next gen firewall. They do now. I'm not sure how they currently stack up against all the other competitors. I have worked with Cisco PIX and ASA firewalls. I also own two ASA 5505s but also own a pair of SonicWall TZ215s. My experience with the ASAs have been overall good. The management GUI (ASDM) is very good but I'm not a fan of what Cisco did in changing how NAT rules are defined with the new software versions. Keep in mind, there is what the industry calls the Cisco tax in SmartNet; Cisco's support contract which can be pretty expensive.

    I don't know if you're open for other options. In addition to SonicWall and Cisco, I've worked with Juniper and WatchGuard. And also on the SMB side Netgear ProSafe firewalls. I can give you opinions on any of these vendors.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141885

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice