From: John Conzone (jkconzone@xxxxxxxx)
Date: Sun Jun 04 2000 - 18:59:59 GMT-3
Hi, Scott.
The purpose of the second link is that the customer wants fault
tolerance to the same ISP. The second link goes through a different
backhaul so it is supposedly truly redundant, although they both pull
off the same smart ring. They have also agreed to terminate on
different dacs as well.
Anyway, the customer wants to use the second link since they are
paying for it anyway. They would like to load balance outbound over
the different links, and of course have redundancy should one link
fail.
So I'm thinking of placing a router between the PIX and the ISP
routers, running EIGRP between the three, and having the ISP routers
source defaults to the PIX gateway router. That way the gateway router
will load balance between the two ISP routers as long as both source a
default, and if one ISP router fails the default from it will drop
out.
But now I'm thinking if there is a way to have the default drop
out if the serial link on an ISP router goes away. Don't think so.
Hmmmm. If I run HSRP on the ISP routers I can track the serials, but
only have one route out.
The plot thickens.
----- Original Message -----
From: Scott Morris
To: 'John Conzone'
Cc: ccielab@groupstudy.com
Sent: Sunday, June 04, 2000 4:34 PM
Subject: RE: load balance outof PIX
The first question would be, why do you need a second router
connecting to the same ISP? Are you looking for failover the routers,
or load balancing on the circuits?
Secondly, the PIX will only allow ONE route statement per network. So
if you have one "route outside 0 0 (ip)" statement, and try to add
another with the same network, the PIX will generate an error as if
you typed it wrong. The same holds true for any network. If there's
a numerical overlap, that happens.
Keep in mind that the PIX is not a router, and not designed to be
one. It's a firewall.
If possible for what you're trying to accomplish, I'd suggest the load
balancing on the router (two static routes will get addressed in a
round robin fashion for load balancing). otherwise, if you want
router redundancy, look at doing HSRP on the routers. just a
thought....
Scott Morris, MCSE, CNE(3.x), CCDP (R&S), CCIE (R&S) #4713, Security
Specialization, CCNA - WAN Switching
CCSI #21903
smorris@ccci.com
----------------------------------------------------------------------
------------------------------------
Chesapeake Network Solutions http://www.ccci.com
Cell Phone: 941-350-8590 e-mail:smorris@ccci.com
Pager: 800-490-1326 Fax: 606-225-8403
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
John Conzone
Sent: Sunday, June 04, 2000 3:17 PM
To: ccielab
Subject: load balance outof PIX
Hi, all. I have a scenario where I have a lan whose deafult
gateway is a PIX to get to the net. (Actually 2 running failover). The
PIX outside then defaults to one internet router.
I'm adding a second router to the same ISP and want to load
balance out to the net from the PIX. I can't think of a way to do this
directly from the PIX (my reading says PIX doesn't support dynamic
routing or dual defaults, but hopefully I read wrong!) without putting
a third router in between the pix and the 2 ISP routers and put 2
defaults in that router or run a routing protocol bewteen the 2 isp
routers and the third router and advertise deafults from the 2 isp
routers.
First, does anyone from their experience know of a way to do this
without the third router?
If not, if I use dual static defaults, if one of the routers goes
down, the route will still be in there so I'm thinking if I have to go
with the third router having it receive dynamic defaults fron the ISP
routers is best.
Thanks!
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:40 GMT-3