From: Scott Morris (smorris@xxxxxxxx)
Date: Mon Jun 05 2000 - 08:33:43 GMT-3
>From that standpoint, you could do that on the PIX as well with
non-overlapping large static routes... but that doesn't truly load balance
unless you spend LOTS of time analyzing your traffic and developing the
correct route maps for it. *shrug*
If you're adding HSRP into the mix, all of your routes SHOULD point to the
shared address. Otherwise you aren't achieving much... If you route map
half your routes to the real IP of one router, and the other half to the
shared IP. One half of traffic will survive a failure. But what if the
other router died?
If you running ONLY HSRP, then you aren't load sharing, but you're covering
link failure.
I dunno.... Lots of different ways, but still ending up the same place.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Richard Mott
Sent: Monday, June 05, 2000 12:42 AM
To: jkconzone@home.com
Cc: ccielab@groupstudy.com
Subject: Re: load balance outof PIX
You could try using a route map on your primary router to specify that a
range of source address gets forwarded to the secondary router while all
other routes go through the primary. If the primary were to fail all traffic
would be forwarded to the secondary if you're running HSRP.
Rich Mott
CCIE #5234
Network Engineer
Jannon Solutions
>From: "John Conzone" <jkconzone@home.com>
>Reply-To: "John Conzone" <jkconzone@home.com>
>To: <smorris@ccci.com>
>CC: <ccielab@groupstudy.com>
>Subject: Re: load balance outof PIX
>Date: Sun, 4 Jun 2000 17:59:59 -0400
>
> Hi, Scott.
> The purpose of the second link is that the customer wants fault
>tolerance to the same ISP. The second link goes through a different
>backhaul so it is supposedly truly redundant, although they both pull off
>the same smart ring. They have also agreed to terminate on different dacs
>as well.
> Anyway, the customer wants to use the second link since they are
>paying for it anyway. They would like to load balance outbound over the
>different links, and of course have redundancy should one link fail.
> So I'm thinking of placing a router between the PIX and the ISP
>routers, running EIGRP between the three, and having the ISP routers source
>defaults to the PIX gateway router. That way the gateway router will load
>balance between the two ISP routers as long as both source a default, and
>if one ISP router fails the default from it will drop out.
> But now I'm thinking if there is a way to have the default drop out if
>the serial link on an ISP router goes away. Don't think so. Hmmmm. If I run
>HSRP on the ISP routers I can track the serials, but only have one route
>out.
> The plot thickens.
> ----- Original Message -----
> From: Scott Morris
> To: 'John Conzone'
> Cc: ccielab@groupstudy.com
> Sent: Sunday, June 04, 2000 4:34 PM
> Subject: RE: load balance outof PIX
>
>
> The first question would be, why do you need a second router connecting
>to the same ISP? Are you looking for failover the routers, or load
>balancing on the circuits?
>
> Secondly, the PIX will only allow ONE route statement per network. So
>if you have one "route outside 0 0 (ip)" statement, and try to add another
>with the same network, the PIX will generate an error as if you typed it
>wrong. The same holds true for any network. If there's a numerical
>overlap, that happens.
>
> Keep in mind that the PIX is not a router, and not designed to be one.
>It's a firewall.
>
> If possible for what you're trying to accomplish, I'd suggest the load
>balancing on the router (two static routes will get addressed in a round
>robin fashion for load balancing). otherwise, if you want router
>redundancy, look at doing HSRP on the routers. just a thought....
>
> Scott Morris, MCSE, CNE(3.x), CCDP (R&S), CCIE (R&S) #4713, Security
>Specialization, CCNA - WAN Switching
> CCSI #21903
> smorris@ccci.com
>
>---------------------------------------------------------------------------
-------------------------------
> Chesapeake Network Solutions http://www.ccci.com
> Cell Phone: 941-350-8590 e-mail:smorris@ccci.com
> Pager: 800-490-1326 Fax: 606-225-8403
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>John Conzone
> Sent: Sunday, June 04, 2000 3:17 PM
> To: ccielab
> Subject: load balance outof PIX
>
>
> Hi, all. I have a scenario where I have a lan whose deafult
>gateway is a PIX to get to the net. (Actually 2 running failover). The PIX
>outside then defaults to one internet router.
> I'm adding a second router to the same ISP and want to load
>balance out to the net from the PIX. I can't think of a way to do this
>directly from the PIX (my reading says PIX doesn't support dynamic routing
>or dual defaults, but hopefully I read wrong!) without putting a third
>router in between the pix and the 2 ISP routers and put 2 defaults in that
>router or run a routing protocol bewteen the 2 isp routers and the third
>router and advertise deafults from the 2 isp routers.
> First, does anyone from their experience know of a way to do this
>without the third router?
> If not, if I use dual static defaults, if one of the routers goes
>down, the route will still be in there so I'm thinking if I have to go with
>the third router having it receive dynamic defaults fron the ISP routers is
>best.
> Thanks!
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:40 GMT-3