Re: ECMP from Core to ASA at Internet Edge

iskoy.istem · ‎05-04-2011

Hi All,

I need your confirmation on this set-up that i'll be attaching. I am planning to implement this set-up, ECMP from the Core to the Internet Edge with ASA. From the edge default route will be injected pointing to the Internet and route redistribution will be employed. The diagram is attached and please do browse over it. Application is VOIP (SIP). This is done to do load balancing on the ISP.

iskoy.istem · ‎05-04-2011

disregard ecmp via eigrp, ecmp via OSPF i mean.

Giuseppe Larosa · ‎05-04-2011

Hello Joseph,

an ASA can have two different next-hops out the SAME interface, because it is primarily a firewall and not a router.

So it can have two next-hops out the same interface but you need to deploy L2 switches in the middle to achieve this or you need to use SVIs on the L3 switches and to have a single broadcast domain spanning on the two ASA of the HA pair and on the two multilayer switches.

see

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1118237

>> Load sharing on the security appliance is possible only for multiple next-hops available using single egress interface. Load sharing cannot share multiple egress interfaces.

after that you can have two OSPF neighbors out an interface

so you need to review the proposed design accordingly

Hope to help

Giuseppe

iskoy.istem · ‎07-18-2011

thanks giuseppi, would the set-up introduce jitter or asymetric routing problem>?? can you please give me idea or suggested design to do this....