cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
546
Views
12
Helpful
8
Replies

Pix and two default routes?

jjoseph01
Level 3
Level 3

Ive tried to look through the documentation on this, but can you do two default routes on a pix also, for load balancing?

8 Replies 8

jjoseph01
Level 3
Level 3

Or an ASA?

Hi friend,

I dont think you can have 2 default routes on the PIX or the ASA.

But if you want this for redundancy they can surely run OSPF with which you can achieve what you want

HTH

Narayan

h.parsons
Level 3
Level 3

I dont think you can load balance but there are some options for redundancy. If you have Proxy-Arp turned on you can set your default route to the interface on the Pix or with version 7.2 you can track a router using the SLA monitor feature and switch to a backup route if its not available.

This is actually incorrect. I worked with the TAC on this issue today as the documentation is unclear.

In PIXOS 6.3 you can do Equal Cost Multipath (ECMP) load balancing using OSPF.

In PIXOS 7.x you can do Equal Cost Multipath load balancing with static routes.

The dynamic routing solution with OSPF is better as it will remove the bad route if a router should go down or you loose connectivity.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/ip.htm#wp1047900

yes, but it will load-balance on a per-destination basis. OSPF and RIP both support equal cost load balancing. The switching path for the pix and asa i believe is process-switched meaning that it is destination load balanced. i don't know if you can change this or if you would want too.

Right, here is what TAC said about that issue:

"The limitation is that the PIX will do per-destination Load Balancing instead of per packet load balancing. The algorithm will look at the source and destination addresses. It does not do 1:1 load balancing. Given enough different source and destination addresses, the packets will more or less reach a 50/50 spit between the two next-hops. However, in real world testing with the same source and destination addresses, it may not reach an even load balancing."

i'm assuming the reason for this is because in the setup i have here i have some asa 5520 that have the content inspection module from trend micro in it. i don't think the asa would react too kindly to recieving packets way out of order or if it was in a active/active cluster that half the ZIP file was routed through one asa and half the ZIP file through the other. how would it then inspect the file in accordance to policy? just a thought. i don't know the real reason for this though. cisco probably figures if you need to do crazy routing stuff - get a router. :)

I'm very curious about the traffic distribution algorithm. It is important to me that clients remain with the same servers most of the time.

That link states:

"With ECMP, the traffic is not necessarily divided evenly between the routes; traffic is distributed among the specified gateways based on an algorithm that hashes the source and destination IP addresses."

Has anybody used this? Do clients stick to servers unless routing changes are made?

Review Cisco Networking for a $25 gift card