there is no attachment.
Either way, I would connect the new edge router to one of the other edge routers via iBGP. To leverage what you have, which is three Internet connectins, VRRP might be a better option than HSRP, is that an option ?
I just attached the diag.
VRRP is an option if it will accomplish what we need. Its been a while since I used VRRP. Will VRRP allow us to use 3 IP address instead of 2 as is the case with hsrp?
my bad, I actually meant GLBP, which does load-balancing. You can put all three routers in the same GLBP group, and use one single virtual address.
The attachement is missed here.
The question here is "The firewall has a default route to the edge routers’ hsrp IP address (10.10.10.101/24)"
When you running HSRP, its going to be Active / Standby mode right ? are you able to utilize exiting 2 ISP equally?
How is your E and I BGP config to load-balance between ISP ?
what is the Goal or expectation of adding 3rd ISP ? to best utilize the load equally with all 3 ISP and Failover if any of the ISP fails to other 2 ISP, what is your existing arrangement?
*** Rate All Helpful Responses ***
Attachment was re-attached.
"When you running HSRP, its going to be Active / Standby mode right ? are you able to utilize exiting 2 ISP equally?"
A- We are able to utilize both existing ISPs; however, I am not sure if we are using them equally. What would be the best way to find out?
"How is your E and I BGP config to load-balance between ISP ?"
A- We are not using any type of BGP load-balancing solutions or techniques. I open to any suggestions.
"what is the Goal or expectation of adding 3rd ISP ? to best utilize the load equally with all 3 ISP and Failover if any of the ISP fails to other 2 ISP, what is your existing arrangement?
A- We experienced an extended outage with one of our ISPs (week and 1/2) and we were running a single connection to the Internet. The goal is to add a 3rd so if one of the 3 connections to the Internet were to fail, we would still have 2 connections for performance and load-balancing purposes.
i would like to see some of the configuration of yours how you have set up to suggest better.
My prefer method is to use all 3 ISP equally when they available - so you have good performance and value for money.
If one of the ISP Gone down the same load will be shifted to the other 2 ISP so on.
Will you consider changing the design to best practice with minimal downtime and test, or you like to just add 3 ISP Router and go on with the existing arrangement, (may have some implication and limitation).
*** Rate All Helpful Responses ***
George Pauwen provided a great solution the above thread.
So, my proposed design would be to interconnect edge router 3 (new router connected to ISP3 to edge rtr 1 or edge rtr 2 and use iBGP between them; connect edge rtr 3 to the edge switch 1 via L2 (the same as as edge rtr 1 and edge rtr2); change hsrp to GLBP and create a group of three routers (edge_rtr_01: 10.10.10.102; edge_rtr_02: 10.10.10.103; edge_rtr_03: 10.10.10.103; and VIP: 10.10.10.101).
Yes, we will consider changing the design. I am interested in learning more about your suggested ideas of creating load-balancing between the 3 bgp on the edge routers.
Hello @zekebashi ,
I am sorry to give you bad news but GLBP protocol load balancing is based on ARP activity.
This means that if the underlying active firewall ARPs for the GLBP VIP address 10.10.10.101 to be used as next-hop for a single static default route it will get a single answer per time. So for each time interval equal to the max time an ARP entry can stay on the firewall a single edge router / GLBP forwarder will be used.
This is not load balancing in outgoing direction.
GLBP works on user facing VLANs where different users are redirected to different AVG forwarders achieving load balancing.
Here what you can do on the firewall it to use three default static pointing directly to the three edge routers
ip route 0.0.0.0 0.0.0.0 10.10.10.102
ip route 0.0.0.0 0.0.0.0 10.10.10.103
ip route 0.0.0.0 0.0.0.0 10.10.10.104
This can be used in combination with iBGP full mesh between the three edge routers.
because there are L2 LAN switches between the firewalls and the edge switches you have two options to detect a single edge router failure either you deploy an IGP like OSPF with each router generating a default route in OSPF or you need IP SLA on the firewall to track availability of the edge router next-hops 10.10.10.102, 10.10.10.103, 10.10.10.104.
Hope to help
@zekebashi wrote:We currently have two Internet connections with two different service providers.We are considering adding another Internet service,
We experienced an extended outage with one of our ISPs (week and 1/2) and we were running a single connection to the Internet. The goal is to add a 3rd so if one of the 3 connections to the Internet were to fail, we would still have 2 connections for performance and load-balancing purposes.