Outbound load-balancing recommendation

dgenzale2 · ‎01-19-2006

We would like to load-balance and have failover for our outbound Internet traffic across two different T1 connections to the same provider. Each of the T1's terminate at a separate 2651XM router with a single PIX 515 behind them. Would it be possible to use HSRP or GLBP to accomplish both failover and load-balancing? If not, what would you recommend?

Richard Burts · ‎01-19-2006

If you configure HSRP on both of the 2651 routers and employ the HSRP track feature to monitor the outbound T1 then you should have very good failover. The PIX will have an outbound static default route with the next hop address being the HSRP shared address. In this configuration the PIX will forward to the active router and if the active router fails or its T1 fails then the other router becomes active and the failover is transparent to the PIX.

This configuration does not give you much load balancing.

HTH

Rick

HTH

Rick

srue · ‎01-19-2006

GLBP gives you load balancing and failover. What kind of routing are you doing between you and your ISP, and between both of your own routers? That should be considered when making this decision also.

dgenzale2 · ‎01-19-2006

We will be doing BGP with our provider. Both routers are on the same subnet, and the PIX simply has a default route to the GLBP address. Would you recommend implementing a routing protocol on the PIX? It is a 515 running version 6.2(4).

olorunloba · ‎01-19-2006

I disagree that the GLBP in your situation will give you load-balancing. If there were multiple hosts on the LAN, GLBP allows the multiple hosts to use different gateways (same virtual IP address, but different virtual mac addresses), hence the traffic is shared amongst the routers participating in GLBP. But because the 2 routers are connected to just the PIX firewall, the PIX will acquire one virtual mac address for its gateway, and all traffic will be forwarded to this address.

If you are running BGP to your Service provider, you use this to achieve your load-balancing. Configure your iBGP session as well between the 2 routers. You can then configure BGP outbound policy to share the outbound traffic between the two routers.

To ensure failover, you will need to run a routing protocol between the PIX and the routers. Or, you could run either HSRP or GLBP, and have static default route on the PIX, pointing to the HSRP or GLBP address.

I hope this helps

srue · ‎01-19-2006

since you have two connections to the same ISP, i would probably use GLBP (instead of hsrp/vrrp). If they are both going to the same AS, there's probably not much of a need to run iBGP either. This is probably ideal for load balancing. Just put default routes into both routers pointing to whatever IP is on the other side of the connections. Point the PIX (whose code needs upgraded (: ) to the virutal GLBP IP. Dont run any routing protocols between your two routers.. I would say the only routing that needs to be done is advertising your network to AT&T(?) via BGP. Dont even receive routes from them, just use your default routes.

srue · ‎01-19-2006

olorunloba hasn't taken into account that your ISP connections go to the same ISP (AT&T, i think). you would *probably* be receiving the same routes via BGP over both connections, making iBGP pointless.

srue · ‎01-19-2006

...one last thing, if you decide to run BGP routing on your routers, better make sure the 2651XM can handle it. (i personally dont know).