I was recently tasked with improving a design for a branch office setup. The setup involves virtuals servers, virtual firewalls and virtual WAN accelerators. The problem that was being seen was two fold;
- A layer 2 connection from the WAN Router to the Firewall. This meant that if the firewall failed, we had no access to the mgmt network
- If the WAN accelerator failed, all traffic to or from the site was black-holed
Proposed Solution
I decided that we needed to solve the two aforemention issues. First, let's use layer 3, and second, let's use some way of detecting if the WAN accelerator fails.
I immediately thought we could simply use a route-map, policy-routing, ip sla and track availability. Much to my dismay however, I discovered the 12.4 IP Services on a Cisco 3560 doesn't support track availability in the set command in route-maps. I banged my head a few times and thought, well, let's give Cisco's EEM (Embedded Event Manager) a go.
Network Diagram
Network Design Proposal
In the above diagram, the Cisco 3560 is the site's router. With this layer 3 solution, if the firewall dies, we can still access the management network which includes other network devices and critically, the VSX Servers.
