Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
Enterprise Customer XX purchased Huawei IP solution to replace existing Cisco network and following fully redundant design was finalized.
1- Gateway Router : ADSL and Leased line uplinks were terminated on Mushroom Gateway Router.
2- DMZ Switches : Due to lesser number of ports on Mushroom router we used two stacked switches between firewall and mushroom router for full redundancy.
3- Firewalls: Two firewalls were used to provide complete redundancy using VRRP.
4- Core Switches : Two core switches were used in CSS to provide fully redundant core.
5- Access Switches : Access Switches with 10 G uplinks were used.
We proposed VRRP and HA between firewall to provide active/backup firewall. But at the time of implementation, we were provided only one public IP for firewalls though we required three public IPs to run VRRP. As per Hedex and Universal standard, virtual ip and physical ip should be in same subnet for VRRP.
Thus it was a challenge how to run VRRP when only one Public IP is provided for interconnection between Gateway router and Firewalls through DMZ switches
We did some experimentation and it worked perfectly fine. We used different subnet for physical ips and public ip for virtual ip as mentioned below,
HA is also implemented between firewalls.
ip address 10.10.10.1 255.255.255.0
vrrp vrid 99 virtual-ip 220.127.116.11 255.255.255.240 active
ip address 10.10.10.2 255.255.255.0
vrrp vrid 99 virtual-ip 18.104.22.168 255.255.255.240 standby
We can use virtual IP of different subnet in VRRP especially in such cases where there is a limitation of IP Addresses.