High Availability / Self Healing Network Design

GaryShainberg
Building a reputation

High Availability / Self Healing Network Design

All,

 

Because of the current climate, I have been asked to build a temporary network that once its up and running, can self-heel as much as possible as once its up and running site access will be very restricted and access will only be allowed should there be no other options.

 

I therefore decided to build a lab over the last couple of days, using the Meraki documentation for High Availability as the basis of the design, even though there is some debate as to the best way to wire a HA pair of MX's (Meraki does only support one way, but there is some debate about this) so I decided to build and test.

Here is the network design


Self Healing Network.jpg

 

So as you can see its based on the Meraki HA design with one notable exception, I have used two Netgear switches between each MX and the internet connection, I am sure you can do without these but I felt whilst it does bring in some additional points of failure, it allowed me to do some tests.

I still have the big issue that in the UK unless you purchase a fixed, symmetrical service it is very hard to get an ISP to offer you multihomed internet connections with multiple IP's , especially if you have a DSL connection.

That said, I tried this solution other than the core distribution switch, if any single bit of hardware fails the network lost between 3 and 10 packets but stayed up and running or if either of the Internet connections failed the same happened.

What I would love, but have no idea exists is a micro POE switch that supports 2 in and one and fulll STP then you could use two distribution switches, connect them to this gizmo and then your end point connects to the one out (I hope this makes sense) and then if one distribution switch fails, the device will still remain working, this would give total network redundancy.

 

Here is a picture of my lab BTW

 

IMG_2352.jpeg

 

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
4 Replies 4
cmr
Kind of a big deal
Kind of a big deal

Hi @GaryShainberg the setup you have created is almost exactly what we have at all of our sites other than the datacentres.  We use dumb L2 5 port switches for the carrier split just like you have and they work very well.

 

The only differences are; we have is that where you have the two LAN switches before the core at the bottom, those two are stacked and are also the core for us and we have a fixed backup rather than 4G but that shouldn't make any difference.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

>What I would love, but have no idea exists is a micro POE switch that supports 2 in and one and fulll STP then you could use two distribution switches, connect them to this gizmo and then your end point connects to the one out

 

This gains you nothing except lots of extra points of failure.

 

You would be better off using a dual port NIC card in the end devices, or Ethernet+WiFi failover, or adding in an additional USB Ethernet card so machines can be dual connected if you wanted redundancy to the end point.

NolanHerring
Kind of a big deal

Why use those two smaller switches in between the MXs and CORE? Why not just use stacked CORES? I would feel that those just introduce more opportunities for failure to occur no?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
GaryShainberg
Building a reputation

I guess you could, but in my case I have lots of 220-8's and no stackable switches so it made sense to do it this way

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels