4.4 Redundancy

Even the best networking equipment can fail. This is an unfortunate fact of life, and something of which most network administrators are probably painfully aware. Having a router at the edge of the network fail can create endless headaches for administrators, and employees within your organization.

Recall from Chapter 2 one of the key tenets of a good security policy is availability. It is important that the core and the edge of the network be available as close to 100 percent of the time as possible. One way to help ensure a high level of network availability is by having redundant connections to the Internet. Of course it is not enough to have redundant connections; the connections should be to different providers, and terminate in different locations.

Termination is a factor often overlooked when setting up redundant connections. A traditional access line, such as a T1, T3, or OCX connection, runs over either fiber or a twisted pair connection ”called a local loop ”that is run by a telephone company to your location and terminated at a central office. From the central office, the connection is routed to your provider's point of presence (POP) and out to the WAN. If there are connections from two separate providers, there is a good chance they will both terminate at the same central office. If the phone company has a problem with the central office, then both connections fail. To avoid this, make sure that each connection is terminated at a different central office.

This same type of termination problem does not exist with other types of connections, such as wireless or satellite (of course they have their own problems). This type of problem also does not exist with the newer metro area service providers. These providers use optical Ethernet connectivity to bypass the traditional local loop, and do not require the involvement of a local telephone company. The downside is that these services are still new, and have not been used extensively by enterprise clients , so there may be reliability and security issues that have not surfaced.

If an organization has two connections to the Internet, running to two central offices, then they should also have two routers. After all, an organization does not want the single point of failure to be the only edge router.

Each connection to the Internet should be terminated to a different router. The routers should be configured with a BGP connection to the two different ISPs. This will provide multiple connections to the Internet. The BGP paths from the ISPs should be used to propagate an OSPF area that is shared between the private interfaces on the routers and either the switches, another set of core routers, or firewalls (if the firewalls support OSPF).

The primary function of the edge routers is to provide the greatest level of availability to the Internet. This means that there always has to be multiple paths from the core of the network to the edge. Because of this specialized need, the redundancy protocols, discussed in Chapter 5 (VRRP, HSRP, etc.) should not be used here. If you do not use multilayer switches, then the core of the network should include another pair of routers that have a public interface that is part of the same OSPF area as the edge routers. The private interfaces should be configured with a redundancy protocol.