Sunday, February 25, 2018

CSR HA in MS Azure

I wanted to have CSR HA pair and I thought its as simple as HSRP or GLBP. Later found its more complicated than that.

I watched one of Cisco Videos and one slid summarized the problem which I didn't see it document else ware. I wanted to share it here.



This is a common HQ topology in CSR

  • For the Private subnet 10.0.1.0/24, ideally you point to HSRP VIP as gateway in order to achieve failover between CSRs
  • HSRP won't work in Azure as multicast isn't supported in Azure
  • You need to configure CSRs to initiate API call to Azure in order to change the default gateway in Azure-Net from CSR-1 to CSR-2 once failure is detected
  • BFD can be used between CSRs to detect failures and trigger API call
  • BFD keepalives are exchanged between CSRs over GRE
  • Azure doesn't support GRE packets and will drop them
  • GRE over IPSec encapsulation (or SVTI) should be used between CSRs to exchange BFDs


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

DNS Performance Troubleshooting

When you are troubleshooting internet performance, there are different parts of the connection should be verified:   ·         DNS Pe...

  • PxGrid Part # 3 - Troubleshooting FMC-ISE Identity Sync
    From FMC CLI, verify ISE integration status using the command   root@vFPMC:/etc/rc.d# cat /var/sf/run/adi-health $status = {      'ADI&#...
  • Enable ISE SSH Access
    If you missed enabling SSH access during the initial setup of ISE, you can enable it using console by pasting the command   service sshd enable
  • CUCM SIP Early Offer
    By default CUCM uses SIP Delayed Offer. In order to enable Early Offer, use one of the following methods: MTP is required ...