cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
423
Views
0
Helpful
11
Replies
Highlighted
Contributor

GLBP question

I have a client that has two edge routers, both with 100 meg connections.  If they want their FW to send internet traffic out both connections, what would be the best load balancing method to use in GLBP?

TIA,

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Are they running IBGP between them in addition to the EBGP to the service providers?

If so, they should already be running some type of interior routing protocol to handle the IBGP traffic. You can just configure the firewall to join up with that.

If not, you would just need to setup a simple single area OSPF network, see this guide for info on that.

Then you would just use the "default-information originate" command in each of the routers to give the firewall a pair of default routes, that it should equal cost load share between. Don't use the "always" modifier in this case as that will help with redundancy.  

View solution in original post

11 REPLIES 11
Highlighted
Enthusiast

GLBP only balances traffic on a per host basis. Since you only have one host (the firewall) you will not see any load sharing.

To give you an answer on what would be a good solution, I would need more information about your topology (maybe a diagram).

Highlighted

Here is a basic diagram of their network.  Their edge routers are connected to their provider with BGP.  The interfaces that connect into the edge switch have an IP address in their public IP block.  The FW's outside interface also has an IP address in this IP block as well.  Right now, their FW is only sending traffic to one of the edge routers and their 100 meg connection is saturated.  They want to be able to use both 100 megs circuits at the same time.  The routers are physically in different buildings. 

Let me know if you need anymore information.

TIA,

Dan

Highlighted

What kind of fire wall is that? If it supports routing protocols, you cloud just setup a small OSPF network and have both routers originate default information.

Highlighted

It's a Palo Alto (cringe).  I know it supports BGP and I would think OSPF, but I would have to contact the engineer that is configuring that part. 

I will check if the FW can support OSPF, but in the mean time how would the routers need to be configured?

TIA,

Dan

Highlighted

The FW does support OSPF, so that solution would work.

Highlighted

Are they running IBGP between them in addition to the EBGP to the service providers?

If so, they should already be running some type of interior routing protocol to handle the IBGP traffic. You can just configure the firewall to join up with that.

If not, you would just need to setup a simple single area OSPF network, see this guide for info on that.

Then you would just use the "default-information originate" command in each of the routers to give the firewall a pair of default routes, that it should equal cost load share between. Don't use the "always" modifier in this case as that will help with redundancy.  

View solution in original post

Highlighted

Yes, the routers are running IBGP between them.  Would I put the FW in the same AS number as the routers?  If so, what do I need to use for the neighbors and networks?

BGP isn't one of my strong points, so I appreciate the help.

Dan

Highlighted

You should not need to touch the BGP. You are just going to configure OSPF. As I think about this, with only two peers in the IBGP this could have been statically routed between the routers to allow the IBGP to talk and so you should not just assume there is an existing OSPF session, check it out.

Your end goal here is going to be a single area (area 0) OSPF network running between the three devices. If you are not familiar with OSPF configuration, please consult the guide I posted above as it explains it better then I can. Once you have OSPF up and running you are just going to go under the OSPF process on both routers and enter the "default-information originate" command. That should be it.

Highlighted

Thanks for the information.  I am going to try to set this up in GNS3 before I present it to the client as a possible solution.  I will let you know if I have other questions.

Dan

Highlighted

I used GNS3 to simulate this.  However, the only way that I could get the default routes from the two edge routers to the other router was to use the 'always' option.  I thought that had to do with GNS3 only being able to emulate older routers.  I tried the same thing on three 2811 routers I have laying around with the same result.  The 2811's are running advanced ip services. 

Any ideas as to why I have to use the 'always' option to get the default routes out to the other router?

TIA,

Dan

Highlighted

Ok, I figured out why the 'default-information originate' command would only work with the 'always' option.  It was because I didn't have a default route on the routers with that command. 

I think I should be good to go.  I appreciate your help on this.

Dan

Content for Community-Ad