CASE STUDIES
from the files of
Networking Unlimited, Inc.

WebQuery@NetworkingUnlimited.com
14 Dogwood Lane, Tenafly, NJ 07670
Phone: +1 201 568-7810

Protecting an Extended LAN from Service Disruption Due to LAN Segmentation

Copyright © 1999, Networking Unlimited, Inc. All Rights Reserved.

A remote location consisting of multiple LAN segments connected by fiber links required communications with NO single points of failure. Networking Unlimited, Inc. designed a configuration that allowed users on the LAN to continue full operations (except some IPX) if any router, WAN link, switch, or inter-LAN link failed, while loss of a hub, controller, or user system would only affect the users on that piece of the network.

Background

Using two routers at each location is a popular approach to networking redundancy, eliminating the problem of surviving loss of a router or connecting link. However, as typically implemented, this configuration still leaves the site vulnerable if the LAN shared by the two routers is split into two segments, as can occur if the LAN spans multiple hubs or switches, or in the case of this client, multiple switches with long fiber links between the switches.

Typical dual router configuration

Consider the simple configuration in the above diagram and how it recovers from various failures. If a WAN link to a router fails, the routers cooperate to shift all traffic to the other link. The result is the same if one or the other routers fail. If the link between a router and its hub fails (or the interface on the router or hub, same difference), that router will stop advertising reachability of the LAN and again, the other router will carry all the traffic. If a hub fails, its router will stop advertising (so packets do not get delivered from the outside only to go into a black hole) and its users will be dead.

However, if the link between the two hubs is lost, we have a real problem. Both routers continue to advertise the network as reachable, even though each can only reach half the users. Depending upon the routing weights on the WAN links, even though both routers deliver packets from the LAN to the rest of the network, incoming packets may or may not be delivered to the router on the same piece of the LAN as the destination. The result is an unacceptable, albeit all too common, single point of failure.

Technical Approach

Simply moving the routers to ports on the same hub does not solve the problem, as it replaces the single point of failure in the link with a single point of failure in the hub. Nor does it work to split the LAN into two independent subnetworks, each served by a single router, as then the routers become single points of failure. The "trick" devised by Networking Unlimited, Inc. to get around this dilemma was to split the LAN into adjacent subnetworks and force both local routers to not only support their local subnetwork, but also to support the entire summarized range, as in the figure below. That way, even though the individual systems have IP addresses assigned from the correct local subnetwork, they are configured with the larger subnetwork mask and appropriate default router.

Dual Routers with Segmentation Immunity

Using Cisco routers, static routes were assigned to the Ethernet interfaces covering the full subnetwork range and redistributed into the routing protocol with a higher metric than the real subnetwork ranges. Hot Standby Router Protocol was then used in yet another segment of the overall subnetwork address space (such as 10.0.0.1 in this example), not in either router's primary coverage address space, again to provide immunity from router failure.

Configured in this manner, either router can send packets into the cloud from any source on the LAN and can deliver packets arriving from the cloud to any address on the LAN. Systems on the LAN deliver directly to each other even if technically in different subnetworks because the local systems believe in the larger address space and only the routers are aware of the way it is subdivided.

Bottom Line Results

Initial testing of this configuration approach uncovered a number of inconsistencies in the Cisco documentation and a few EIGRP bugs in the implementation. However, all could be worked around and the client does not have to worry about IP or SNA communications failures due to a cut in one of the long interarea fiber runs. The delivered design can be extended to split the LAN in multiple areas, not just two, and will work correctly even if some of the areas do not have their own link to the cloud.

Even though the LAN looks like it is multiple independent segments, the routers are not running as "one-armed" routers and all packets are delivered by the shortest available path. That is, there is no need for packets to go from one LAN router to another other than to support the routing protocol. The only significant weaknesses known are the lack of IPX support for Novell users, who will continue to fail the same way IP does in the typical single subnet configuration discussed in the introduction, and the sensitivity of the final configuration to IOS variations, which makes off-line testing mandatory before making any changes.

It should also be noted that although it was not a consideration for this client, the approach described here does not provide guaranteed communications between local systems if they cannot communicate directly over the LAN. While there may be ways to add that capability, it was not an objective in this design.

Home Page | Company Profile | Capabilities | Coming Events | Case Studies | White Papers | Book

Copyright 1999-2000 © Networking Unlimited Inc. All rights reserved.