This is my first attempt at a VRRP config, so be gentle! And I know this isn't an ideal redundant environment, but it's what I need to work with. In this environment the redundant connectivity is more important AT THIS TIME than ensuring redundancy on the local infrastructure. I'm leaning toward needing to set this all up on the Aruba switch, since I can't find any meaningful information on doing this across two interfaces on a Sonicwall NSA 2650 device.
Environment is a single ARUBA 2930M switch and Sonicwall Firewall NSA 2650 at a colo site (SWITCH campus). ISP is supplying us with 2x redundant drops from a pair of HSRP configured routers. Plan is to use the 2930M as the gateway between the ISP HSRP routers and our firewall. Our ISP is saying we would need to configure separate VLANs for each of the redundant circuits to the virtual router, and as long as the heartbeat traffic flows between the two VLANs we would be good.
I'm thinking at this point that they're assuming Cisco hardware on our side, even though they're aware we have HP/ARuba (VRRP config) equipment. My concern is that just being able to establish heartbeat traffic won't be enough. I'm hoping folks here will be able to shed a little light on the needed configuration for the Aruba switch.
Alternatively, if we can arrange to get this working on the single Sonicwall NSA 2650 using a 2x WAN interface configuration with it's built-in HA support, that might be easier. But given that I haven't been able to find anything solid on this configuration, I'm not sure where to go from here.
Any guidance from those with experience would be appreciated! Thanks!
SteveInReno
Best Answer
Your idea about how FHRPs (First Hop Redundancy Protocols) like HSRP or VRRP work is flawed. Based on your description and comments, something like this is what you want:
The FHRP is to simply fool the LAN hosts to use a virtual gateway address. In this case, your gateway is the LAN host that gets fooled. You need no special configuration for that, just use the provided VIP as that next hop.
To combine the two ISP connections, you need to use something like a switch that has three connections on the same VLAN: ISP-1, ISP-2, and your gateway device. You could use your switch as a simple layer-2 switch, and connect the SonicWALL as the gateway device.
When you want to introduce redundancy in your own network, that is when you would configure an FHRP between your two LAN gateway devices to fool your own LAN hosts.