cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3790
Views
36
Helpful
27
Replies

Load balancing/sharing on WAN

Islam Nadim
Level 1
Level 1

Hello All,

     I have this topology where I want to load balance between WAN1 and WAN2 ..

topol.jpg

     The switch Sw1 is a layer 2 switch not a layer 3 .. Is it possible to enable load balancing on the 2 WAN Connections from the routers directly or should I upgrade the switch to a layer 3 and activate EIGRP on it and then load balance?

Best Regards,

Islam M. Nadim

27 Replies 27

Akash Agrawal
Cisco Employee
Cisco Employee

Hi Nadim,

If traffic is coming from LAN (below switch), and all PCs are directly connected to switch then better to convert switch as Layer3 switch and set Default gateway on PCs to switch ip. Run any IGP between switch and routers(CE1,CE2) to load balance traffic.

If switch is acting as layer2 switch, default gateway on PCs would be one of the CE routers and load-balancing would not be possible.

Hi,

Most users will be connected via wireless. Also, there will be a server, so mainly the switch will be just for the server, APs and the communication between the routers for HSRP if the load balancing is not possible. So is it possible in that case?

ravikantt
Level 1
Level 1

Hi Nadim,

You need not to change your L2 switch to L3 switch, you can use GLBP, which will give to load balance your trafic & will give device level redundancy as well. Below is the link to cisco site which will describe configuration of GLBP.

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-glbp.html

In case you're not familer with GLBP, you can accomplish similar effect with multiple HSRP groups, & making Active CE-1 for one HSRP group & Active CE-2 for another HSRP group. Below is link for HSRP load balancing.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

Hi,

The reason I'm using a Layer 2 switch is the cost. The customer didn't want to buy a switch at first, but I convinced them to. So I'm aiming for a layer 2 switch. So, now I have to load balance using the HSRP then?

Best Regards,

Islam M. Nadim

Use GLBP or MHSRP to accomplish load balancing on your pair of routers.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Dear Nadim,

I hope you went through the links I've mentioned in my previous post; see, HSRP or GLBP, for both configuration will be done on CE-1 & CE-2, & these two must be connected (even you can use just an Ethernet cable to connect them directly, in case of budget cuts), so doesn't really matter how they're connected, they just require a Layer 2 connectivity to exchange HSRP/GLBP control messages.

Coming to what you asked; i suggest to use multiple HSRP groups (use the link I've shared), because it's little simpler, easy to troubleshoot if something goes wroung. GLBP being little complex in design & how it process the things relatively.

In my approach, if things are simpler, they're easier to manage & troubleshoot. 

Cheers

Ashok

GLBP and/or HSRP won't load balance the WAN traffic or provide redundancy though incase of one ISP failover that will provide the router redundancy he'll really need a L3 device and configure tracking

Hello Muhammed, I disagree, FHRPs will/can provide resilience on the LAN as well as WAN (depending on setup) outbound and inbound traffic load balancing. Of course there will need to be some tracking in place to prevent black hole.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

If tracking is setup which in his case would be the device behind those two routers, why even bother with GLBP or HSRP on those routers then?

Hello Mohammad, Please read the original post, Islam states that his switch is layer 2, not layer 3. Then he asks if he can load-balance using his routers or upgrading to layer 3 switch, so my posts are directly related to the question at hand. The answer to this is yes, he can use his routers to achieve this.

My personal opinion on this matter is a flawed design in terms of resilience - you have a single point of failure no matter what.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Thanks for the clarifcation Bilal yes I realize that it he mentioned that the switch is layer 2 but wouldn't he have an issue not being able to setup tracking because there is no layer 3 device behind those routers?  I'm just trying to understand this myself and thank you in advance .

So my thinking is that if he does GLBP or HSRP on those routers, he will need that switch as a layer 3 switch and setup tracking on that for the ISP failover because if he doesn't and the ISP 1 goes down there is no way for that traffic to know to start using ISP2 right....?  And there will be no change in the AVG/AVF or Active/Standby router because both routers are still up.  Hope it make sense what I'm trying to ask lol.

It makes perfect sense - To answer your question, tracking can be done on both routers.... However, I think HSRP will work, but GLBP will not work... Here's why I think so.

GLBP will have AVF's that hosts on the network learn about, they almost become a 'sticky' gateway - what if that AVF loses its internet connection. The host wont ARP anymore because it already has the default gateways MAC address in its ARP table, until it expires of course. So it will try to send to the AVF that is failed! Hence does not get anywhere.

So GLBP is a no show! (that makes sense right?)

I think HSRP will work with tracking, we can track an IP on the internet with IP SLA, and then decrement the priorities in such a way, the router becomes inactive. Preempt should be enabled on both respective of gateways. With regards to load-balancing we do MHSRP, for multiple subnets. If there is not many subnets then there is not much load-balancing we can do.

In which case, I agree with your suggestion, why not have a layer 3 switch behind the routers (a stacked pair of L3 switches which would be resilient - if its feasible) OSPF or EIGRP can load-balance for you and also provide the resilience here (even simple static default routes). This is for outbound, traffic coming in will be fine, as long as both paths are in different address spaces. Traffic will return the same route.

I'll try to lab this up this evening and show you guys, if I get time

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Thank you for explaining, but I think you can get it working via GLBP too by setting up tracking and under the interface config setup the tracking for the tracked object.  That should reduce the priority thoughts....?

In the end like you mentioned earlier I think it is more of a design issue.

Okay, lets take a step back and see what GLBP does.

With GLBP, a master controller known as the active virtual gateway (AVG) handles assignment of virtual MAC addresses and responds to ARP requests on behalf of the GLBP redundancy group.

Once a particular gateway responds to an ARP request from an endpoint with its own unique MAC address or an AVF's MAC, that endpoint caches the response and will continue to use the discovered gateway for all transmissions destined external to the local subnet. Therefore, if all the redundant Layer 3 gateways in a redundancy group selectively respond to ARP queries in a shared and ordered fashion, workstation traffic exiting the local network will be divided across all possible gateways. [[ This is all good and well! ]]

GLBP is an implementation of this general capability.

[[ The problem is here I think ]]

In the event of failure, GLBP (AVG) will realise this and stop responding with the AVF's MAC address that is down. However, my host (Laptop) doesn't ARP for something that is already in its ARP table (2 hour ARP timeout !!!!) - it already has a record for its gateway. So it will continue to send traffic to the default gateway (being blackholed) Only until I do a clear arp-cache, it will pick up the new ARP response from another AVF that is working....

So it depends how quickly the ARP tables timeout on hosts. The priority or weighting could have been taken down by GLBP, but it doesn't clear the ARP table on my laptop.... I'll be out of connection for 2 whole hours! LOL

But with HSRP its a common MAC address that both can share.

Hope I illustrated this better

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: