Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
5
Replies

What's The Best Way To Accomplish This?

Go to solution
nelson.garcia
Level 1
Level 1

‎05-10-2011 07:31 AM - edited ‎03-06-2019 04:59 PM

I have the responsibility of possibly setting up load balancing for a couple of our branch offices.

Basically it would be some sort of router that could route between the private network and two external WAN connections and load balancing across each using some sort of routing protocol.

My first thought was getting a router with three Fast Ethernet ports and connecting each to the Private network and 2 WAN connections.

My second thought was getting a 3550 switch and using routed ports to connect to the two WAN connections.

Let me also point out that one WAN connection is a T1 that connects to our main office, and the other WAN is a VPN connection that connects back to the same office.

I've attached a Visio diagram if I've lost anyone.

Anyone have any experience in load balancing?

Labels:
Preview file
55 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thiland
Level 3
Level 3
In response to nelson.garcia

‎05-10-2011 11:55 AM

Ok that makes sense.  Really you could go either way then.

The switch option gives simplicity by collapsing the routing and switch into a single device as you described.

The router option gives you additional features such as EEM 3.2, IP SLA VoIP testing, NBAR, etc.

If there are no router-only features you need, stick with the switch.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
thiland
Level 3
Level 3

‎05-10-2011 11:33 AM

Platform limitations narrow down the answer in this case.  The Cisco workgroup switches (3550/3560/3750) don't support IPsec VPN functionality so your only option would be a router.

Ideally, I would connect the T1 directly into a T1 WIC/HWIC on the router instead of going through an external CSU/DSU.  You'll have an easier time troubleshooting circuit issues.

Also, if the HQ VPN device is a router, use Virtual Tunnel Interfaces (VTI) if possible.  This gives you an IPsec interface on the router "interface Tunnel0" that can be treated like a normal routed interface to support features like ACL's, routing protocols, etc.

So if you had a VTI for your VPN interface, and a Serial interface for the T1, you can do equal cost load balancing using EIGRP/OSPF.

VTI

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl_ps6441_TSD_Products_Configuration_Guide_Chapter.html


If looking at new routers, check out the Cisco 1921, 1941, or 2901.

0 Helpful

Go to solution
nelson.garcia
Level 1
Level 1
In response to thiland

‎05-10-2011 11:44 AM

Thanks for the response.

Allow me to clarify a bit,

1. The Firewall (PFSense Firewall) connecting to the internet takes care of NAT and VPN and hands off to us using Ethernet.

2. The T1 is handed off to us using Ethernet as well.

So, I've got 2 Ethernet handoffs from both WAN connections that I could terminate on a Layer 3 switch or a Router with enough Fast Ethernet interfaces.

My qustion is, which device would be best to use to load balance and provide failover using a routing protocol like EIGRP.

The layer 3 switch would be a 3550 POE switch that'll be used for our VoIP phones. It's a small office so I think this would be ideal. This 3550, besides using regular switch ports to connect the phones, would have 2 routed ports (no switchport command) to connect to the firewall and the T1 (Ethernet hand-off).

0 Helpful

Go to solution
thiland
Level 3
Level 3
In response to nelson.garcia

‎05-10-2011 11:55 AM

Ok that makes sense.  Really you could go either way then.

The switch option gives simplicity by collapsing the routing and switch into a single device as you described.

The router option gives you additional features such as EEM 3.2, IP SLA VoIP testing, NBAR, etc.

If there are no router-only features you need, stick with the switch.

0 Helpful

Go to solution
nelson.garcia
Level 1
Level 1
In response to thiland

‎05-10-2011 12:00 PM

The only router-only features we would really need are QoS, but really, we would only need to Classify, Mark, and Police traffic. I'm sure the switch offers these basic QoS functions, yes?

Anyhow I appreciate the reassurance. I'm going to go the switch route.

0 Helpful

Go to solution
thiland
Level 3
Level 3
In response to nelson.garcia

‎05-10-2011 03:03 PM

It's been a while since I've been in a 3550, but you may need the Enhanced Image to run your routing protocols. Something to look at before cutting over.

The QoS features you want to implement shouldn't be a problem for it.

The older QoS SRND has examples for 3550 QoS:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSDesign.html#wp998784

Here is the latest "Medianet Campus QoS Design 4.0", but doesn't include the EoS 3550:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card