Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1301
Views
5
Helpful
2
Replies

multi wan question

mgutierr
Level 1
Level 1

‎06-20-2019 04:44 PM

Hello guys, 

 

I need to setup 3 WAN ISP connections on my network, after getting service interruption issues on my main ISP, finally got approved to add 2 secondary ISPs, to complete a failover-redundant schema.

My question is if two routers under GLBP will be the best suitable solution to achieve this. Pretty sure that you guys can point me on the right direction or being in the same situation.

 

Here's my scenario:

Around 12000 devices and growing since i'm adding access points all over the place

Main centralized internet access (managed by Paloalto firewall)

ISP1 -> 20Gbps symmetric 

ISP2 -> 5 Gbps asymmetric

ISP3 -> 5Gbps asymmetric

My goal is to have 100% reliability (0 internet interruptions) and prioritize traffic for bandwidth consumption.

Right now my only ISP connection is straight connected to a Paloalto FW, but i would say that i'm gonna have to 

set two routers and GLBP before it.

 

Was thinking to use 2 ASR series routers is that enough for my scenario?

 

thanks in advance.

 

 

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-21-2019 01:38 AM - edited ‎06-21-2019 01:48 AM

Hello mgutieer,

GLBP is a FHRP first hop redundancy protocol and works well only on L3 interfaces facing end users, because its load balancing capability is based on different ARP replies over time for ARP requests for the default gateway.

 

In other words if you use GLBP in a VLAN where there are only routers you will not get load balancing but just redundancy like with HSRP or VRRP.

if the downstream router performs the ARP request it will use a single GLBP forwarder for all the time the ARP entry is valid (4 hours)  for all traffic it needs to send to the internet upstream.

 

If the internal Vlans of the two new routers contain only routers or multilayer switches you can use a routing protocol like OSPF and to have the two routers inject two default routes in OSPF of same type and same seed metric.

Cisco OSPF uses the default-information originate command in router ospf mode to achieve this. A default route is injected in OSPF (LSA type 5 for net 0.0.0.0/0) only if route 0.0.0.0/0 is present in the local IP routing table by other means like BGP or a static route. The LSA will be removed if the local default route is not valid anymore.

 

The internal devices will be able to install both routes and will perform flow based load balancing in upstream.

Note:

All this under the hyphotesis you have your own public address block.

If you only have an address block provided by ISP1 different considerations are needed.

 

Hope to help

Giuseppe

 

mgutierr
Level 1
Level 1
In response to Giuseppe Larosa

‎06-21-2019 06:50 AM

Hello Giuseppe,

So GLBP it's not going to fit. If my paloalto FW will be facing those 2 routers it will be just a matter of adding more gateways to it.
Its just that i have too many settings and vpns on that FW.

Thanks for your reply.
0 Helpful
Customers Also Viewed These Support Documents