ASA Firewall to 2-WAN Internet Routers load balancing

tad.190804 · ‎02-10-2013

Gents,

The new ASA version supports multiple (Specifically max of 3) static routes

to same destination.

| Router ISP 1

FW --> Layer 2 Switch -->

| Router ISP 2

So if I have 2 Internet Routers doing BGP,to 2 service providers, I could have

2 static routes from the FW, one to each service provider Router LAN Interface.

Does this technically mean, that the ASA is doing load balancing, or is the second

route going to be used as a failover route.

If it does mean that dual static route to same destination is load balancing,

what kind of load balancing is it from FW perspective, per session, per packet ??

In my case, if I do not want to use EIGRP, how can I achieve load balancing

from my FW, to the two Internet facing routers running BGP to two service provders ?

Please give your valuable suggestions.

Regards,

Tauseef_

Reza Sharifi · ‎02-10-2013

Hi,

I think, the load balancing is per destination or session.

from the config guide:

You can define up to three equal cost routes to the same destination per interface. ECMP is not supported across multiple interfaces. With ECMP, the traffic is not necessarily divided evenly between the routes; traffic is distributed among the specified gateways based on an algorithm that hashes the source and destination IP addresses.

The following example shows static routes that are equal cost routes that direct traffic to three different gateways on the outside interface. The security appliance distributes the traffic among the specified gateways.

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.2

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.3

config guide:

http://www.cisco.com/en/US/partner/docs/security/asa/asa72/configuration/guide/ip.html#wp1047894

HTH