06-20-2019 04:44 PM
Hello guys,
I need to setup 3 WAN ISP connections on my network, after getting service interruption issues on my main ISP, finally got approved to add 2 secondary ISPs, to complete a failover-redundant schema.
My question is if two routers under GLBP will be the best suitable solution to achieve this. Pretty sure that you guys can point me on the right direction or being in the same situation.
Here's my scenario:
Around 12000 devices and growing since i'm adding access points all over the place
Main centralized internet access (managed by Paloalto firewall)
ISP1 -> 20Gbps symmetric
ISP2 -> 5 Gbps asymmetric
ISP3 -> 5Gbps asymmetric
My goal is to have 100% reliability (0 internet interruptions) and prioritize traffic for bandwidth consumption.
Right now my only ISP connection is straight connected to a Paloalto FW, but i would say that i'm gonna have to
set two routers and GLBP before it.
Was thinking to use 2 ASR series routers is that enough for my scenario?
thanks in advance.
06-21-2019 01:38 AM - edited 06-21-2019 01:48 AM
Hello mgutieer,
GLBP is a FHRP first hop redundancy protocol and works well only on L3 interfaces facing end users, because its load balancing capability is based on different ARP replies over time for ARP requests for the default gateway.
In other words if you use GLBP in a VLAN where there are only routers you will not get load balancing but just redundancy like with HSRP or VRRP.
if the downstream router performs the ARP request it will use a single GLBP forwarder for all the time the ARP entry is valid (4 hours) for all traffic it needs to send to the internet upstream.
If the internal Vlans of the two new routers contain only routers or multilayer switches you can use a routing protocol like OSPF and to have the two routers inject two default routes in OSPF of same type and same seed metric.
Cisco OSPF uses the default-information originate command in router ospf mode to achieve this. A default route is injected in OSPF (LSA type 5 for net 0.0.0.0/0) only if route 0.0.0.0/0 is present in the local IP routing table by other means like BGP or a static route. The LSA will be removed if the local default route is not valid anymore.
The internal devices will be able to install both routes and will perform flow based load balancing in upstream.
Note:
All this under the hyphotesis you have your own public address block.
If you only have an address block provided by ISP1 different considerations are needed.
Hope to help
Giuseppe
06-21-2019 06:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide