From: Bob Samuels (bobsamuels@xxxxxxxxxxxxx)
Date: Fri Sep 14 2001 - 10:52:19 GMT-3
I don't have any advice on the HSRP that any one else hasn't already given,
but I did find an interesting Cisco white paper that covers a lot of issues
surrounding BGP and multiple providers. Watch the wrap.
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/tech/emios_wp.htm
Hope this helps,
Bob Samuels
Senior TSS
Verizon ESG
----- Original Message -----
From: "Tim Adams" <tadams@officetech.com>
To: <tolzak@comwavz.com>; <anthony.mchie@corp.bellsouth.net>;
<ccielab@groupstudy.com>; <Justin.Braunagel@vlsystems.com>;
<jaywilphil@yahoo.com>
Sent: Thursday, September 13, 2001 3:39 PM
Subject: Re: RE: HSRP load sharing with redundant circuits
> Just some input. I have ran into the same request several times from
customers. We have come up with a couple of options.
>
> 1st I haven't come across any firewall that will support Multiple
Gateways. Even the OS based Firewall's. The will accept multiples ,but
will only use one.
>
> Generally the way we have solved this issue is by using a third router or
a low end layer 3 switch in the DMZ. If you give the Third router/Layer 3
switch both the address for each HSRP group as a default path. The device
will attempt to do equal cost pathing. The problem with this is usually
getting your provider to also balance your Inbound traffic. You can also
make a 3RD HSRP group (depending on hardware) and use that one with the
third router, just incase your routing engine (3RD router) dies everything
fails over to one of the others instead of stopping completely.
>
> The other option is to balance your traffic manually. We generally have 1
pipe for all WWW, SMTP, FTP, etc. and another for Internet Browsing (sort of
inbound and outbound). One problem with this is when you want to use a
third Nic on your Pix as a Secure DMZ, you run into a problem with only
having a single gateway address(this isn't just a pix problem, I have ran
into this on Checkpoint's, Raptors, Sidwinders, Proxy server, BorderManager,
Nokia Boxes, Linux using IPChains, Solaris firewalls, and others). Then you
have to use Routemaps to make your routing decesions usually based on source
IP. The route maps can be set up on your Perimeter routers or on a third
router.
>
> >>> "Tony Olzak" <tolzak@comwavz.com> 09/13/01 14:7 PM >>>
> Since a PIX will only accept one default route, your options are
> limited:
>
> 1) Manually balance by placing one route to half the internet pointing
> one active VIP, and the other half pointed to the other active VIP using
> MHSRP.
>
> 2) Use HSRP, and a crossover between the two routers. Route all traffic
> to the active VIP and have it load balance between it's own serial and
> the crossover conneciton to the standby router by adjusting the metrics
> to make them even.
>
> 3) Get a firewall that can support multiple default routes.
>
> I've also tried to use ICMP redirects but they don't work with HSRP.
>
> Tony Olzak, CCIE #6689
> ComWavz
> 419-859-2194 x1565
> tolzak@comwavz.com
>
>
>
> -----Original Message-----
> From: Justin Braunagel [mailto:Justin.Braunagel@vlsystems.com]
> Sent: Thursday, September 13, 2001 1:39 PM
> To: Philippon; McHie, Anthony; ccielab@groupstudy.com
> Subject: RE: HSRP load sharing with redundant circuits
>
>
> That is the exact example I have seen in Cisco books. I want to do the
> same thing on an Internet connection, but since it goes thru a firewall,
> all clients use the firewall as the default gateway. Any suggestions on
> how to do this with an ISP circuit thru the firewall?
>
> -----Original Message-----
> From: Philippon
> Sent: Thu 9/13/2001 10:14 AM
> To: McHie, Anthony; ccielab@groupstudy.com
> Cc:
> Subject: Re: HSRP load sharing with redundant circuits
>
>
>
> I am not sure if this will fully complete your
> objective but, make two standby groups on the routers
> and make one the master on each. You would have to
> make the P.C.'s gateway on the LAN's to match with
> router you want to use. This should work and I believe
> there is an example in the LAN Switching Book.
>
> Hope it helped.
>
> --- "McHie, Anthony"
> <anthony.mchie@corp.bellsouth.net> wrote:
> > Hey gang,
> >
> > Here is my question:
> > How do you get an HSRP master to make use of the
> > circuit on the HSRP standby
> > router? The circuits are low bandwidth full-duplex.
> > The desired stae is
> > to have both circuits utilized for both TX and RX.
> > I'm open to route-maps,
> > routing protocols, or any other means. Thanks
> >
> > Current State
> > ------------------
> > HSRP 10.3.0.3
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:17 GMT-3