Cisco 3800 Router (fail over)

Question

I have 2 Cisco 3800 routers, but only one is working. The other is kept for spare, in case the first one dies.

How can I setup both for them and configure an automated fail-over? In the case of the first one dies, the second is activated.

Answer 1

This is actually pretty difficult tp achieve if you goal is to have perfect redundancy. I wrote a blog post about about how to do this using HSRP (Hot Standby Router Protocol) on your LAN side and a private BGP peering with your provider (WAN) at Router Redundancy with BGP and HSRP. It is slightly flawed though in that if you are running stateful NAT/Firewall (Ip Inspection) on the routers asymmetric routing patterns will end up not working (in one router, out other). Cisco does have NAT failover but you need an Active Active NAT setup for assymetric patterns to work.

Another option is to run HRSP on both the LAN and WAN. In my opion this is not ideal and needs an extra switching layer of two switches (could be a logical layer with VLANs) -- more on this in my post HSRP is not for WANs. It should work for an entire router failure though with the extra switching layer (router redundancy gets tricky when you start to think about particular interfaces failing).

Currently I think the best solution would be to have the BGP peering on the WAN side and and the LAN side be HSRP -- with the NAT and Firewall on different devices a layer below the routers.

You are going to have to talk to your provider to see what they provide as far as dynamic routing protocols like BGP and virtual ip failover like HSRP. I think you will find dynagen and dynamips (Cisco emulators) useful for testing this in a lab.

Answer 2

As Kyle says, you're probably going to be wanting to use HSRP on the LAN side. It's designed for exactly the scenario you're wanting (one default gateway IP, on one device or another). As for routing protocol used to your service provider, I'd recommend either BGP or OSPF, depending on what your SP is happy for you to run.

While it (as Kyle says) is possible to run HSRP on that side as well, you'll have to introduce a switch and that will become a single point of failure. Or you can have two switches, with a link between them, but that gives you a possible failure-mode where you have a working switch and a working router, but still no traffic (if the working switch is the one in front of the broken router and the working router has a dead switch). Plus, it leaves you with a single point-of-failure on the service provider's side.

If you go for a dual-router solution, with routing exchange between you and the ISP, remember that you'll probably want to have routing set up between your two routers, as you can end up with some interesting issues otherwise. You may also want to use interface tracking for your HSRP (essentially, making sure that a router whose WAN port is down does not become the active node), but that's of limited use if you're using ethernet for your WAN links, as there's no real guarantee you'll actually see a break on the link as an "interface down" on the WAN port. If your provider is OK for you to use BFD, this would be able to detect a break mid-way.