Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1546
Views
0
Helpful
4
Replies

Load balancing between two routers and two links

habeeb_talal
Level 1
Level 1

‎04-18-2008 04:06 AM - edited ‎03-05-2019 10:27 PM

Hello,

we have a Web Server connected to the DMZ zone in Cisco ASA 5520, this ASA is connected to Two Cisco 3845 Routers each router is connected to a differnet ISP and there is BGP peering configured between the ISPs,

also there is HSRP configuration between these two routers so if one link is down the other router become active.

one router is the primary and active router and the other is secondary and standby router.

what we want to do is to make both routers active active routers and load balance between the two links with per packet load balancing.

this is the configuration of ASA and Routers:

Cisco ASA:

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 86.65.23.4 255.255.255.192 standby 86.65.23.5

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.100.234 255.255.255.224 standby 192.168.100.235

!

interface GigabitEthernet0/2.212

vlan 212

nameif HTTP

security-level 30

ip address 10.1.201.108 255.255.255.192 standby 10.1.201.107

!

static (HTTP,outside) tcp 86.65.23.6 https 10.1.201.100 https netmask 255.255.255.255

static (HTTP,outside) tcp 86.65.23.6 www 10.1.201.100 www netmask 255.255.255.255

!

route outside 0.0.0.0 0.0.0.0 86.65.23.2 1

Primary Active Router:

interface GigabitEthernet0/1

ip address 86.65.23.1 255.255.255.192

ip nbar protocol-discovery

ip route-cache flow

duplex auto

speed auto

media-type rj45

standby 1 ip 86.65.23.2

standby 1 preempt

standby 1 track ATM1/0.811

!

interface ATM1/0

no ip address

no ip route-cache cef

no ip route-cache

no atm ilmi-keepalive

!

!

interface ATM1/0.811 point-to-point

ip address 66.34.20.212 255.255.255.252

no ip route-cache

no ip mroute-cache

no snmp trap link-status

pvc 0/811

vbr-nrt 10240 10239 32

oam-pvc manage

encapsulation aal5snap

!

!

router bgp 47684

no synchronization

bgp log-neighbor-changes

network 86.65.23.0 mask 255.255.255.0

neighbor 86.65.23.3 remote-as 47684

neighbor 86.65.23.3 next-hop-self

neighbor 66.34.20.213 remote-as 23236

neighbor 66.34.20.213 distribute-list 155 out

no auto-summary

!

ip route 86.65.23.0 255.255.255.0 Null0

!

route-map set-as-path permit 10

match as-path 1

set as-path prepend 47684 47684 47684 47684

Secondary Standby Router:

interface GigabitEthernet0/0

ip address 86.65.23.3 255.255.255.192

ip nbar protocol-discovery

ip route-cache flow

duplex auto

speed auto

media-type rj45

standby 1 ip 86.65.23.2

standby 1 priority 95

standby 1 preempt

standby 1 track ATM1/0.1

!

interface ATM1/0.1 point-to-point

ip address 172.20.45.6 255.255.255.252

ip nbar protocol-discovery

no ip mroute-cache

no snmp trap link-status

pvc 0/541

vbr-nrt 10240 10239 32

oam-pvc manage

encapsulation aal5snap

!

!

router bgp 47684

no synchronization

bgp log-neighbor-changes

network 86.65.23.0 mask 255.255.255.0

neighbor 86.65.23.1 remote-as 47684

neighbor 86.65.23.1 next-hop-self

neighbor 172.20.45.5 remote-as 28784

neighbor 172.20.45.5 prefix-list TTNET-OUT out

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 172.30.36.5 201

ip route 86.65.23.0 255.255.255.0 Null0

!

route-map set-as-path permit 10

match ip address 10

set as-path prepend 47684 47684 47684 47684

Thanks,

Labels:
0 Helpful
4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-18-2008 05:19 AM

I'm assuming only outbound load balancing is an issue. (I would advise against intentionally trying to obtain per-packet outbound, especially dealing with the Internet.)

I'm unfamilar with the features of the ASA, but it it supports equal cost static routes, you could use MHSRP on your 3845s.

If your 3845s are running 12.3T or later, OER/PfR could also be used for outbound dynamic load balancing. Recommend, at least initially, just dynamic load balancing based on outbound link load.

0 Helpful

mheusing
Cisco Employee
Cisco Employee

‎04-18-2008 05:32 AM

Hi,

May I ask what problem you would like to address?

You might encounter several challenges, when trying to use per packet load balancing with two ISPs. Basically you will have different delays on the two different pathes through the internet. This can lead to packet reordering and problems with TCP sessions and applications in general. The net effect might be worse peformance than without load balancing.

Return traffic from the internet will only use one link, as BGP always selects a best path and ONLY announces the best. Thus in the internet the second return path will mostly be unknown. As such this could create some asymmetric packet flow, which in turn could lead to discarded packets due to uRPF implemented by some providers.

What are your requirements to choose a solution with these challenges and drawbacks?

Regards, Martin

0 Helpful

carl_j_meza
Level 1
Level 1

‎04-19-2008 02:43 AM

Habeeb,

You'll probably never achieve a perfect load balance multihomed across two separate routers and two different providers.

If you're simply trying to distribute the load, you should probably start with having your standby provider send you a partial BGP table that only includes their ASs and direct peers and use the primary provider as a default for everything else. HSRP will send everything to your primary router but BGP will redirect traffic destined to one of your standby provider's ASs down the alternate path via your secondary router.

Here's an idea that I have not put much thought into and may not even be possible: Request full internet routing tables from both providers, filter out 1/2 of the ASs on the primary and filter out the other 1/2 on the secondary. Achieve this using a route-map, a regular expression that blocks ASs ending with an odd or even number and applying the route-map, in bound in a neighbor statement.

Example list of what router would route to what AS.

Primary Router/Block Odd Secondary Router/Block Even

101 100

103 102

505 506

1027 1028

You could also extend BGP to your ASA and let it distribute to the edge routers instead of HSRP sending everything to the primary and bouncing the secondary provider destined traffic back to the other router.

0 Helpful

habeeb_talal
Level 1
Level 1
In response to carl_j_meza

‎04-21-2008 08:04 AM

Hello,

Thank you all for these useful informations.

As you mentioned, it is difficult to have Load deistribution in two routers with two differnet ISPs beside the problems

that will be faced if we use this technology.

we configured the ASA to distribute the load as Joseph said and we are now testing to see if it will be 50 50 load or not

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card