Solved: GLBP Design Questions

cisnetadmin · ‎01-31-2020

Hello,

I had some questions regarding GLBP and load-balancing.

According to Cisco documentation, if State-full NAT is being used, you need to enable Host-Dependent balancing.

"HOST DEPENDENT

The MAC address of a host is used to determine which VF MAC address the host is directed towards. This ensures that a host will be guaranteed to use the same virtual MAC address as long as the number of VFs in the GLBP group is constant.

Host dependent load balancing will need to be used when using statefull Network Address Translation (NAT) because it requires each host to be returned the same virtual MAC address each time it sends an ARP request for the virtual IP address.

Host dependent load balancing is not recommended for situations where there are a small number of end hosts, for example less than 20, unless there is also a requirement that individual hosts must always use the same forwarder. The larger the number of host, the less likely it is to have an imbalance in distribution across forwarders.

This method uses an algorithm designed to equally distribute hosts among forwarders, this distribution changes only when the number for forwarders permanently changes."

Does this apply if my NAT is prior to hitting our Routers?

Here is a a diagram of our network: https://i.imgur.com/gJrRry7.jpg

We have two bgp routers dual homed to separate ISP. They are currently running HSRP across the links connected to the switch.

All host traffic passes through a firewall and is NAT'd from there. Most traffic is sent as one IP.

In this scenario does Host Dependent LB need to be on to allow it to return traffic properly?

My other question is how disruptive this change will be (going from HSRP to GLBP)

and how to minimize the disruption.

I know it can be configured very quickly, wiithin one copy/paste.

But I assume as the mac address will change from an HSRP to GLBP address, every host will lose connectivity while the switch in between relearns the routes?

The hosts use the firewall as a default gateway.

Thank you for any help!!

Francesco Molino · ‎01-31-2020

Hi

You don't need to use host dependent because your firewall will be considered as a single client (everything is natted over the outside ip).
To migrate, you have different options:
- configure glbp in parallel of hsrp with a different ip and when you ready, just change the default route on your firewall.
- remove your hsrp configs, paste the glbp configs and do a clear arp on your firewall. It's going to take few seconds while removing and pasting new config.

Hope this answers your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎01-31-2020

Hi

You don't need to use host dependent because your firewall will be considered as a single client (everything is natted over the outside ip).
To migrate, you have different options:
- configure glbp in parallel of hsrp with a different ip and when you ready, just change the default route on your firewall.
- remove your hsrp configs, paste the glbp configs and do a clear arp on your firewall. It's going to take few seconds while removing and pasting new config.

Hope this answers your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question