10-07-2009 11:12 PM - edited 03-11-2019 09:24 AM
Hi All,
we have the following scenario. 2 Firewall Active/Standby are facing 2 routers configured with HSRP.
is it possible in order to achieve LOAD Balancing for certain destination traffic to have 2 static routes having same AD but different next hop ? ( each route pointing to different physical IP address of the router and not to the virtual IP address ).
thanks in advance.
10-07-2009 11:57 PM
In your case Firewall is in active/standby so at any point of time only one box is forwarding traffic.
10-08-2009 12:07 AM
yes this is true but my goal is to achieve the Load Balacing via 2 ISP connected each one to the external border router ? can I achieve this by using the above approach ? what's the recommendation ?
10-08-2009 01:18 AM
You can achieve link level redundancy not load balance in your current setup.
Run BGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.
For acheiving load balancing between your links, you may run GLBP instead of HSRP on your gateway routers. EBGP between your routers and the PE routers. And also an IGP protocol running between your gateway routers.
May be other Gurus here, will give you better suggesstions :)
10-08-2009 02:10 AM
just to make sure that i got ur point. i need to use GLBP with the combination of eBGP and the IGP on the border routers?
10-08-2009 12:16 PM
yes, you got it.
Few more additions to this I can think of -
- tell your ISP to advertise a default route on both your links via EBGP.
- you will need to configure BGP MED on your gateway routers while advertising your IP subnets to the PE.
Good Luck.
Also you can refer to this link.
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#diag3
10-08-2009 03:46 PM
Hi,
Though ASA?PIX do not support load balancing or packet shaping but lets say you have 2 ISP's, the traffic can be divided based on the routes you apply on the firewall
a simple example would be
route outside 0.0.0.0 128.0.0.0 x.x.x.x
route outside 128.0.0.0 128.0.0.0 y.y.y.y
here x.x.x.x will be your ISP1 and y.y.y.y will be the ISP2
this way the traffic can be divided between the 2 ISP's however this is just a workaround and is not a complete load balancing solution.
Though Load balancing can be configured on Cisco routers but it is not a supported feature on ASA/PIX firewall.
Let me know if you have any other questions
10-12-2009 11:26 PM
If you decide to do this, I would suggest to combine it with route tracking.
In the example given by the previous poster, you can make one router primary for 0.0.0.0/1 and backup for 128.0.0.0/1, and vice versa.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide