HPE Community
Aruba & ProVision-based
1753280 Members
5721 Online
108792 Solutions
New Discussion юеВ

Configuring a HA/redundant environment with HP 2920 (Aruba - provision) switches

 
zackbmiller
Occasional Visitor

тАО07-17-2017 07:37 AM

тАО07-17-2017 07:37 AM

Configuring a HA/redundant environment with HP 2920 (Aruba - provision) switches

Hello everyone,

I'm having a hard time landing on the best solution, to configure redundancy in my data center.

Here's some information on our configuration, top down:

  1. Redundant Routers for ISP connectivity & WAN management
  2. Redundant firewalls for security
  3. Redundant data switches
  4. Redundant VMWare hosts
  5. Redundant iSCSI switches
  6. Redundant storage

I am using two SonicWALL NSA 2600's for my firewalls. Unfortunately, these models do not support LACP or their proprietary technology, port shielding. So, I need to make sure that both firewalls are aware of both switches, in the event either switch or firewall fails. Currently, the two data switches are uplinked. If the primary data switch goes down, we'll lose connectivity to the environment and will have to manually uplink the primary SonicWALL to the secondary switch during the fail period.

I've done a bit of reading about this and it sounds like VRRP may be the right direction to go, but I'm:

  1. Not sure how to properly configure this in this environment, since the HP's aren't directly working with the routers, but firewalls.
  2. Not sure if there's an easier or better way to achieve this goal.

Any help is greatly appreciated and I'm happy to provide additional information as needed.

Thanks!

0 Kudos
2 REPLIES 2
parnassus
Honored Contributor

тАО07-17-2017 03:15 PM

тАО07-17-2017 03:15 PM

Re: Configuring a HA/redundant environment with HP 2920 (Aruba - provision) switches

I don't exactly know if SonicWALL NSA 2600 firewall supports (at least) Active/Passive HA configuration...for sure, if support to Port Trunking/LAG with LACP is still not supported, Port Trunking with non protocol (AKA Static Port Trunking/LAG) should be available.

The point is that up to four Aruba 2920 switches can be backplane stacked (doing so means virtualizing switching and routing capabilities in favour of the physical stack the 2920 members will form): at that point any "dual homed" (or "multi homed") device who have its physical links distributed to stack's members will benefit of stack resiliency and redudancy (if one stack member goes down...)...clearly all depends about what devices (and how they are connected to) we're speaking of...and who does routing for your downstream devices.

I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
zackbmiller
Occasional Visitor

тАО07-18-2017 07:54 AM

тАО07-18-2017 07:54 AM

Re: Configuring a HA/redundant environment with HP 2920 (Aruba - provision) switches

I know the SonicWALL NSA 2600's do not support LACP, but their model up does.

We do not have stacking modules or stacking cables with these switches, but I'm concerned if one switch went down, we still run into the same issue.

I did a lot of reading around VRRP, but it sounds like the northboard devices would have to be routers, not firewalls. Is there any truth in that statement? 

Is stacking the only option we have?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.