Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
5
Helpful
11
Replies

Two Different ISP Load Balancing - Active/Active

seongmin
Level 1
Level 1

‎07-02-2024 04:51 AM - edited ‎07-02-2024 04:55 AM

seongmin_0-1719920398711.png

Hi.
We want to build a network like an example.

I have 2 different ISPs, 2 C9300-24T-A L3 switches and 2 firewalls at the bottom.

By the way, the customer wants to connect two L3 switches to the ISP and have an active/active configuration.

But I don't want the way I use BGP because I have to pay for the AS number and get it allocated.

I want to do load balancing in an active way, is there any way?

Please give me a good idea.

And I'd appreciate it if you could give me an example config.

I'm searching for several protocols such as GLBP and IP SLAs, but it's too hard to know how to configure them.

0 Helpful
11 Replies 11

M02@rt37
VIP
VIP

‎07-02-2024 06:09 AM - edited ‎07-02-2024 06:10 AM

Hello @seongmin 

You can leverage GLBP and IP SLA on your C9300 L3 switches.

By configuring GLBP on both switches, you ensure that internal traffic is distributed evenly, and in case one link fails, the other can take over seamlessly. Additionally, IP SLA can be used to monitor the status of each ISP link. This setup allows the network to dynamically adjust the routing based on the availability and reachability of the links, ensuring continuous service without the need for a dedicated AS number and BGP configuration.

The configuration involves setting up GLBP on both switches to manage the gateway IP address and distribute the traffic. You also configure IP SLA to perform periodic checks (such as ICMP echo requests...) to external IP addresses, ensuring that each ISP link is operational. Tracking objects linked to these IP SLA operations allow you to adjust the GLBP weighting dynamically, ensuring that traffic is routed through the optimal path.

This approach provides a cost-effective and efficient way to achieve load balancing and redundancy, meeting the customer's requirement for an active/active configuration without the complexity and expense of BGP. 

Example:

Switch 1:
interface Vlan10
ip address 192.168.1.2 255.255.255.0
glbp 1 ip 192.168.1.1
glbp 1 priority 110
glbp 1 preempt
glbp 1 load-balancing weighted
glbp 1 weighting 100
glbp 1 weighting track 1 decrement 20
track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Vlan10
frequency 10
!
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.3 5

Switch 2:
interface Vlan10
ip address 192.168.1.3 255.255.255.0
glbp 1 ip 192.168.1.1
glbp 1 priority 100
glbp 1 preempt
glbp 1 load-balancing weighted
glbp 1 weighting 100
glbp 1 weighting track 1 decrement 20
track 1 ip sla 2 reachability
!
ip sla 2
icmp-echo 8.8.4.4 source-interface Vlan10
frequency 10
!
ip sla schedule 2 life forever start-time now
track 1 ip sla 2 reachability
ip route 0.0.0.0 0.0.0.0 192.168.1.3 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 5

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

seongmin
Level 1
Level 1
In response to M02@rt37

‎07-02-2024 06:23 AM

Thanks your help.

I try it.

0 Helpful

seongmin
Level 1
Level 1
In response to M02@rt37

‎07-02-2024 06:39 AM

Do I need a nat setting when I set it to this configuration?

0 Helpful

M02@rt37
VIP
VIP
In response to seongmin

‎07-02-2024 07:02 AM

@seongmin 

Since you go through ISP, yes you need NAT. Check with ISP the prerequisites.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

seongmin
Level 1
Level 1
In response to M02@rt37

‎07-02-2024 07:18 AM

Thank you.
Let me set up Nat on isp interface and internal interface.

0 Helpful

MHM Cisco World
VIP
VIP

‎07-02-2024 06:16 AM

we start from GW of Host in build the network 
are FW run HA or it standalone ?

MHM

0 Helpful

seongmin
Level 1
Level 1
In response to MHM Cisco World

‎07-02-2024 06:21 AM

HA

fw engineer said 

ACTIVE ACTIVE MODE

0 Helpful

MHM Cisco World
VIP
VIP
In response to seongmin

‎07-02-2024 06:23 AM - edited ‎07-02-2024 06:38 AM

active active mode in ASA it called multi context i.e. you can have multi default route run in same FW HA
this for traffic from FW to ISP the return traffic need also two static route toward FW one static route with high AD 
I prefer hrsp to eliminate the asymmetric routing 

seongmin_0-1719920398711.png

seongmin
Level 1
Level 1
In response to MHM Cisco World

‎07-02-2024 07:17 AM

Oh, thank you for the detailed explanation

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-02-2024 08:42 AM

Hello @seongmin ,

if your switches are the internet edge devices that connect to the two ISPs , GLBP is not helpful as the only "clients " are the two firewalls.

GLBP is effective on internal switches on user facing VLANs because GLBP load balancing is simply answering to ARP requests for the default gateway with a different virtual MAC address and this means it works only where there are many clients.

The configuration provided by M02@rt37  can be used on internal switches that are downstream the Firewalls.

 

Between the L3 switches and the FWs you can use HSRP groups as  suggested by @MHM Cisco World 

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card