Sunday, February 25, 2018

CSR HA in MS Azure

I wanted to have CSR HA pair and I thought its as simple as HSRP or GLBP. Later found its more complicated than that.

I watched one of Cisco Videos and one slid summarized the problem which I didn't see it document else ware. I wanted to share it here.



This is a common HQ topology in CSR

  • For the Private subnet 10.0.1.0/24, ideally you point to HSRP VIP as gateway in order to achieve failover between CSRs
  • HSRP won't work in Azure as multicast isn't supported in Azure
  • You need to configure CSRs to initiate API call to Azure in order to change the default gateway in Azure-Net from CSR-1 to CSR-2 once failure is detected
  • BFD can be used between CSRs to detect failures and trigger API call
  • BFD keepalives are exchanged between CSRs over GRE
  • Azure doesn't support GRE packets and will drop them
  • GRE over IPSec encapsulation (or SVTI) should be used between CSRs to exchange BFDs


No comments:

Post a Comment

DNS Performance Troubleshooting

When you are troubleshooting internet performance, there are different parts of the connection should be verified:   ·         DNS Pe...