|
My company is currently opening a second co-locatation for our servers; right now we have 9 racks in a data center in Florida, and are getting 7 racks at a data center in Chicago. At the current DC, we get two copper ethernet hand-offs, delivered from redundant switches. These handoffs go to the 'outside' interface on my firewalls; they can ping each other, life is good.
At the new DC, same setup, two copper handoffs, going to the Outside interface on my firewalls. Kinda odd, I notice that the firewalls aren't forming a failover pair, complaining about the Outside interface. Turns out, they *can't* ping each other's external IP, even though they are in the same subnet. They can't even ARP for each other. They can both ping the default gateway, which is a VRRP address. They can both reach the Internet.
So I call up the provider, and they say this is normal; while they give us two connections, and redundancy via VRRP, the two VRRP routers don't talk to each other unless they talk "though" our equipment (split-brain, each router thinks it is VRRP Master). Meaning, I have to either put another switch on the 'outside' of my firewalls, and have both firewalls and both uplinks in that new switch (or do it with a VLAN). This seems rather odd to me, but this is a much larger colo than in Florida.
Is this normal? The guy on the phone said they do it this way to eliminate spanning tree.
_________________
"A problem well stated is a problem half solved". (Charles Kettering)
|
Register
Search 
Login
