GLBP configuration help

sachin_mon · ‎06-15-2009

Hi,

We are planning to deploy GLBP on two of our internet routers (Cisco 3845),Both the routers connect to same ISP & bandwidth of both of them is 5MB.Both the routers are terminating on the inside firewall (non-Cisco Fortigate) using an L2 switch.

We are planning to configure default route on the firewall pointing to GLBP VIP (2.2.2.1).I have attached the configuration template(IP addressing has been changed to maintain authenticity).

We are also planning to track the ISP gateway using ICMP on both routers.We would like to know whether there is any ambiguity in the configuration template which we have made.Any suggestions highly appreciated.

Rgds./Sack.

Giuseppe Larosa · ‎06-15-2009

Hello Sachin,

I don't see any configuration template however if the only host served by the GLBP pair of routers is the firewall you don't get any load balancing because GLBP works well when multiple clients are present in the vlan: the GLBP AVG answers to ARP requests to the VIP using some algorithm for example in round robin and providing the virtual MAC addresses of AVF (Forwarders only one router is the AVF for a MAC address)

If there is a single host once the FW has done the ARP request for the VIP address it uses this info until the ARP entry expires.

You get redundancy but this can be achieved with HSRP or VRRP.

Hope to help

Giuseppe

sachin_mon · ‎06-15-2009

I am sorry.Just missed.

I have attached the config.

Rgds./Sack

sachin_mon · ‎06-15-2009

Hi Giuseppe,

Thats true.

But there are mutiple nat translations in the firewall.So, based on the translated ips router will do the load balancing.I have atached the template.Request you to have a look.

Thanks.

Rgs./Sack

Giuseppe Larosa · ‎06-15-2009

Hello Sachin,

>> But there are mutiple nat translations in the firewall

this is true but from the routing point of view the FW is still a single host so no load balancing can occur unless you use the ASA as a transparent firewall.

About your config template:

glbp priority 110 makes R1 the AVG for the GLBP group and this is fine.

You can improve your configuration by using the glbp weigthing commands that accepts tracking and object tracking.

You can see GLBP priority as made of two components the priority that elects the AVG and the weighting that decides who is the AVF.

Another difference with HSRP is that there are two thresholds in weighting that decide the single router behaviour.

see

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_glbp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055276

Hope to help

Giuseppe

sachin_mon · ‎06-15-2009

Thanks Giuseppe for your prompt reply.

1.Regarding the tracking, since we are already using IP SLA tracking (ICMP to ISP ip address) do we really need to using weighting & object tracking ?

2.Is there any differenec between the tracking which is used in the template & the weighted tracking ?

Rgds./

Sack

Giuseppe Larosa · ‎06-15-2009

Hello Sachin,

you can reference your current object tracking in glbp weigthing.

These commands are needed otherwise when one of the routers has the wan link down it doesn't give up the role of AVF.

the glbp weight - penalty has to be < lower threshold.

As it happens with HSRP when one internet link is down all traffic should be handled by the other router.

Hope to help

Giuseppe

sachin_mon · ‎06-16-2009

Thanks Giuseppe.

As suggested I have modified the template with weighted commands added.I would appreciate if you could have a look at the modified template & suggest if any further modifications required.

Rgds./Sack

Giuseppe Larosa · ‎06-16-2009

Hello Sachin,

I think you need some tuning:

I understand there are some examples in configuration guides that can be misleading:

default weighting is 100

default decrement is 10

if you use

glbp 10 weighting 110 lower 95 upper 105

glbp 10 weighting track 11 decrement 10

it will never gives up the role of AVF

you should use for example:

glbp 10 weighting 110 lower 95 upper 105

glbp 10 weighting track 11 decrement 20

so when link fails weigthing becomes 110-20 = 90 < 95

Hope to help

Giuseppe