From: Price, Jamie (jprice@xxxxxxxxxxx)
Date: Wed Jun 14 2000 - 23:06:43 GMT-3
Title: Load balance out of Pix revisited
I actually sent this response 2 times already over the last 2 days but
have yet to see it on the group. Others I posted after got there ok
so I sent this again as an original post even though it is a response
(if this actually comes through 3 times in the next day or so then I
apologize - but hey at least its not me bitching!!!).
George was referring to running multiple HSRP groups on 2 routers -
one active IP on each and clients split between the 2 50/50 as to
which is their default gateway.
You can run multiple groups in HSRP exactly as described by George.
see:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm#xtocid2
77595
(there is a 5 at the end of this link in case it wraps)
This does work in theory and in a sterile lab environment but you need
to be really careful and keep it in the forefront of your mind that
that kind of setup exists when troubleshooting issues in real world
scenarios.
The problem comes from the return packets and the layer 2 and 3
addresses associated to them. For example node A has a default
gateway of Router B. Node A sends a packet to Node C through router
B. However the routing setup (his/her gateway if this is duplicated
at the other end or the ISP routing tables if this is on the Internet)
dictates that node B's return packet goes through router D (the other
router in the local HSRP setup).
You will run across some applications - VPNs and SNMP are two
occurences that I have experienced - that throw a fit and simply
refuse to work if the return packets do not come from the IP/MAC
combination that they were sent to.
Jamie
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:42 GMT-3