cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1838
Views
5
Helpful
5
Replies

Route internet traffic via both the ISP's with static routing

deepak george
Level 1
Level 1

Hello All,

 

I need your help here.

 

We are migrating to two new internet links with static routing peering with two ISP's. We decided not to use BGP for the same.

 

How would i load share the traffic between both the links

Please find the diagram attached.

 

The firewalls are in Active/Standby state and both the firewalls are connected to an L3 switch

 

 

5 Replies 5

cihanyilmazer
Level 1
Level 1
Hello,

If you have different Public IP subnets on ISP Routers that are managed by ISP and you would like to access from inside to outside, you can implement 2 default route with same metric for both of ISPs, it can load balance the traffic. However, the problem is that this topology can trigger asymmetric routing and out of sequence for TCP sessions.

Thank you.

GLBP would be a solution.

 

Martin

Hi,

 

You could make load balance with static routing using the same AD but it can generates troubles for TCP packets if asymetric traffic is generated, other way is specifying some destinations through the second ISP (manually way), other way is implement PBR in order to dispatch some networks through one ISP and other networks through the ISP2. Other way is using a load balance appliance.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

rmfalconer
Level 1
Level 1

Why did you decide not to use BGP? iBGP between your routers and eBGP to each provider, you could accept provider routes plus the default from both ISPs, which would give you some amount of load sharing based on the destination. Full tables would provide even better load sharing but that takes more resources on the router. Then configure HSRP or VRRP on your edge routers and point the firewall at that address for it's next hop.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Your best load balancing might be accomplished by, from firewall, ECMP static routing to your two routers, and then having those two routers run PfR.  The static routing should logically split traffic 50/50, but normally, in practice, will not physically split 50/50, especially during "short term".  PfR, though, can dynamically load balance (it can also route based on better performance, to a destination, one ISP vs. the other).

BTW, two of the other posters mentioned asymmetric routing and it, perhaps, causing TCP (e.g. TCP sequencing) issues.  Asymmetric routing, alone, generally doesn't cause TCP issues except on stateful devices (like your mentioned FWs) that need to "see" the return flow's packets.

Having worked on very large Internet and Enterprise networks, asymmetric routing, especially within the Internet network, was very common.

What can be an issue is splitting a single flow's packets across multiple paths.  (NB: in theory, this shouldn't be an issue either, but many network applications are "sensitive" to that happening, so best to avoid.)  I recall (?) multiple path static routes, when (Cisco) process switching would split a flow's packets, but I believe CEF multiple path static routes (by default) do not.  Don't know how your FWs will behave.

Oh, if your FWs do split a flow's packet, with PfR, you can direct all your traffic to one router, and it will redirect traffic to the other, i.e. it can still dynamically load balance.

Review Cisco Networking for a $25 gift card