Hi syedraheel and

syedraheel · ‎07-21-2013

Hi ,

We are upgrading our Network Infrastructre and I need your comments and help about the following case:

Scenario:

Two Links on the Site A Router (Receiving all National routes on 1st link from ISP-A and default route on the second link from ISP B)(ISP A will advertise our subnets only nationally on first link and ISP2 will advertise our subnet only internationally on the second link)

Third link on Router B receiving default route from ISP B (on this link our subnet will be advertised both nationally and internationally)

For our subnet advertisement to ISPs and Incoming load balancing, we will split our subnet into two smaller subnets that will be advertised on the edge routers in parallel with the summarized network. (abcde.com will be mapped to 2 IPs say .1 and .129)

For Outgoing load balancing: We will run GLBP between the routers and the default route for the Active Firewall will be the GLBP VIP. So in this way we can have the Routers ACTIVE/ACTIVE.

All 3 links would be active

All traffic that reaches RouterA and matches the default route should go via ISPB. Traffic matching the national prefixes (in the routing table of Router A) should go through ISP A.

All traffic that reaches R2 and matches the default route should go via ISPB (on this link our subnet will be advertised both nationally and internationally)

Since all links will be active, failure to any link(national/international) will not affect Network availability nationally or internationally.

I am not sure about:

Will all sessions from the Active firewall be forwarded to same router even if we configure GLBP? or will it be load balanced between two routers?
Can we map two public IP addresses to same domain?
Splitting the Network into two halves is correct for incoming load sharing?

P.S IP addressing has been changed due to security reasons

syedraheel · ‎07-22-2013

anyone?

justinhulsman · ‎07-22-2013

From what I know about GLBP, the active virtual gateway of the GLBP group will answer ARP requests in a distributed fashion using it's and other router's MAC address. The firewall will ARP for the GLBP VIP and store the MAC address in the response until it is aged out of the ARP table. With the single entry for the VIP, the firewall will forward all traffic to the MAC address located in the ARP table instead of distributing it amoung the GLBP members.

I don't have much experience with Multi-Homed BGP setup's, so I too am interested in seeing what some of the BGP guru's out there have to say...

syedraheel · ‎07-23-2013

Thanks Justin,

I hope to hear from someone about my other queries

vivekmangla89 · ‎09-15-2014

Hi syedraheel and justinhulsman. I am also having a similar setup in which my two wan routers are connected to four WAN links, two from one ISP and remaining two from other ISP. I have configured by routers using glbp and a firewall and a few switches are sitting in between my clients and wan Routers. From firewall, all my traffic is going out via one router only and I don't think any load balancing is taking place. I have not tried trace from my clients. And I can't provide the glbp virtual ip as gateway in my client machines. So would the traffic from my clients to wan be load balanced by glbp ? From firewall, it's not being load balanced and using one router only.

Joseph W. Doherty · ‎09-15-2014

See https://supportforums.cisco.com/discussion/9794381/glbp-scenario-question

Jorge Espinoza · ‎01-24-2017

Hello Everyone,

I believe the issue is because GLBP load balancing is based on source MAC address. So in the scenario above all traffic going out the firewall will be NAT'd and will use the firewalls mac address to send out the ARP request. Since the AVG router will only see a single MAC address making the request it will only send it out a single router. You can test this by adding another device on the public space and pointing them out towards the VIP and it should then take a different AVF router out to the internet. At this point it should be load sharing through GLBP. Not sure if theres a way to change GLBP to look at the number of connections or destination IP but that would be great help. Thank you guys and hope this helps out.

GLBP with BGP design