It's been a while since we talked about Layer 2 Security, I thought that today we might talk about how this applies to Disaster Recovery Sites and processes. a/ if you declare a disaster, you need to take the primary datacenter offline, and give the DR site that subnet address
Let's run through an example configuration, then discuss how it's built - - first, the network diagram:
You can see that the primary and DR Datacenters have the same ip subnet (10.17.10.0/24), but are separated by some arbitrary WAN network The config snips that build the tunnel that bridges the two datacenters are:
As you'll see, the L2Tpv3 tunnel is usually tied to a loopback address. Because loopbacks are logical interfaces, they are not subject to media failures, they remain up no matter what (unless you shut them down manually) This allows you a simple way of handling backup and load balanced paths - as long as the respective loopback ip's are routed through both a primary and backup path, the config is tremendously simplified.
=============== Rob VandenBrink, Metafore ================ |
Rob VandenBrink 563 Posts ISC Handler Apr 28th 2010 |
||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Apr 28th 2010 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||
While the article is excellent (!) there is a problem that is very common in the IT world, know the difference between Business Continuity and Disaster Recovery.
It's easy to understand when you ask yourself the question: "What can we learn about Business Continuity and Disaster Recovery from the Titanic?" The first, and key, lesson to learn is that there are some disaster you do not recover from, period. They are never going to raise the Titanic! Business Continuity, on the other hand, is the White Star Line continuing operate even though a major asset lay on the bottom of the ocean. Confusing BC and DR would be like misusing UDP and TCP in an article. Sure they are both IP protocols, but two very different ways of communicating. It may seem picky, but using the right terms correctly is fundamental to connecting with and understanding what the other person is talking about. Warmest Regards, Allen Schaaf - CISSP, CEH, CHFI, CEI, CSCA Information Security Analyst - Business Process Analyst Training & Instructional Designer - Sr. Writer & Documentation Developer - Certified Network Security Analyst & Intrusion Forensics Investigator - Certified EC-Council Instructor http://www.linkedin.com/in/allenschaaf Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly. |
Anonymous |
||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 28th 2010 1 decade ago |
||||||||||||||||||||||||||||||||||||||||||||||||||
Quick note to readers that this technology is in no way proprietary to Cisco. For those interested in pursuing an open source implementation indelible.org has info available <a href="http://www.indelible.org/ink/tunneling/" target=_blank>here</a> detailing virtual Ethernet tunnels using OpenBSD.
|
Boba Fett 1 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Apr 29th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!