Load balancing - two ISPs on 2 routers

kpradeep_venkata · ‎02-08-2014

Hi,

We have two ISP links terminated on 2 different routers and two ASAs active/standby. If one link goes down automatically the second link takes the load.

Now we want to acheive the scenario like - have both the links utilized parallely and at same time with above link failover.

Can someone guide me..

Regards

Pradeep

paul driver · ‎02-08-2014

Hello
Do you mean the current setup is in an active/standby state on the fws.

This question would be best suited for the security/firewall forum -although with the exceptional experience on CSC am sure some else will be able to answer your question on here also much better than I can.

However my basic understanding to you query is that there are some necessary requirements prior to applying active/active fw mode

1) same hardware /iOS version / fw mode and correct licence ( I think unrestricted) on each fw
2) only works with multiple fw contexts
3) static routing only plus ISP addressing needs to be static also (basically no dynamic routing)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

JohnTylerPearce · ‎02-08-2014

Kpradeep,

My first question is, are these "ISP Links" form the same ISP or different ISPs? Also, do you have network address space that is assigned to you, and if so, is this Provider Independent or Provider Assigned address space (IE Public Network).

Now that those question are over, Do both your two ISP Routers connected to your Core on the internal network? If so, you can also do load balancin gto pick ISP1 and or ISP2 at the same time, but with two different firewalls, you can run into asymetric routing issues, which can cause lots of firewall issues, due to the fact, that is you establish a TCP connection to Web Server 5.5.5.5 and then the traffic comes back to the other firewall, it's not going to have this stateful information saved (so to speak), and will drop the connection.

kpradeep_venkata · ‎02-08-2014

John,

Below are the answers..

1. Both are from different providers

2. Network address space assigned by provider

3. Right now i don't have any servers hosted in network which people access from outside. My only intention is to make both the internet links are utilized at same time(for browsing, and also if one link goes down the traffic should continue to go on the other link).

kpradeep_venkata · ‎02-08-2014

Now FWs are in active/standby mode.

Vasilii Mikhailovskii · ‎02-08-2014

Hello.

Could you please provide inter-connectivity diagram and current configuration on your FWs and routers?

Thanks.

PS: per my understanding (of your case), load-sharing could be done only by routers.

JohnTylerPearce · ‎02-09-2014

They're are a variety of ways to do this.

Depending on how many vlans you have, you might just want to configure Policy Based Routing(PBR), and have half of your vlans go to one ISP and the other half go to the other, from that you can configuire ip sla tracking, and if connection to your upstream next hop on either ISP goes down, it takes that route down, and everything else is routed out the one up ISP.

This would provide redundancy incase of an ISP failure, and load balancing as well.

When you configure 'ip sla' I would incorporate the 'icmp-echo' feature, and set the ip to 8.8.8.8, and the source IP, as the IP configured on that link to the ISP from your router(s). The reason why I say 8.8.8.8, if your directly connected link to your ISP fails, then that will fail as well, also, there could be an issue upstream in you rISPs bcakbone, and then traffic could go out another link in your ISPs core.

I would configure this on you core, if you have both of your routers connected to your core that is.