From: Reinhold Fischer (rfischer@flexnetworks.de)
Date: Mon Sep 16 2002 - 05:04:44 GMT-3
Nitin,
load balancing means to spread the traffic over the lines. The
alternative to load balancing is to use one preferred link in the
normal case and the second one only if the primary one fails.
The default gateway for the inside hosts is the PIX. The default
gateway for the PIX is in the example setup i have explained the
virtual IP-Address of the HSRP configuration that is serviced
by one of the two routers. In a primary/backup (non loadbalancing)
setup the router that carries the primary ISP is also configured to
be be the active router for the HSRP setup. When either the WAN link
to the primary ISP fails or your primary router dies the second
router takes over the default-gateway functionality for your PIX.
regards
Reinhold
On Mon, 16 Sep 2002, nitin wrote:
> Hi,
> What if i dont require load balancing, and half network traffic should go
> through router A and half through router B. Default gateway will be Pix.
> But if any one of the router goes down, other router should take the
> traffic.
>
> Regards
> Nitin
>
> ----- Original Message -----
> From: "Reinhold Fischer" <rfischer@flexnetworks.de>
> To: "nitin" <ni36ne@hotmail.com>
> Cc: <ccielab@groupstudy.com>; <security@groupstudy.com>
> Sent: Monday, September 16, 2002 12:31 PM
> Subject: Re: Pix with Two ISP
>
>
> > Hello Nitin,
> >
> > there is probably more than one way to solve this problem.
> >
> > For the load balancing part you usually need to have BGP with full
> > internet routing tables on your routers with your own AS and own
> > ip address space.
> >
> > To achive the redundancy i would use HSRP between the two routers to
> > provide a redundant default gateway for the PIX. There may be a bit
> > suboptimal routing in some cases when traffic gets sent to the
> > active HSRP router which decides then due to its better topology
> > knowledge through bgp that the traffic should better go over the
> > other router. As long as you have the requirement to do loadbalancing
> > between the ISP's there is no way to get around this because you
> > don't want try to give the pix a full routing table with RIP ;-)
> >
> > The PIX itself and the switch between the PIX and the routers would
> > still be a single point of failure except you go for a cluster of
> > two there.
> >
> > ISP-A ISP-B
> > | |
> > | WAN | WAN
> > | eBGP | eBGP
> > | iBGP |
> > Router1-----------------Router2
> > | back2back FE |
> > | |
> > | |
> > | <------HSRP------> |
> > +---------+ +---------+
> > | |
> > Switch
> > |
> > Pix
> >
> > The direct back2back ethernet between the routers may not be necessary
> > in all cases but it helps to provide the redundancy and avoids sending
> > the traffic two times over the same wire as it would happen in the
> > case of subobtimal routing as described above.
> >
> >
> > cheers !
> >
> > Reinhold
> >
> > On Mon, 16 Sep 2002, nitin wrote:
> >
> > > Hi,
> > > I want to setup a Pix firewall on the network where i have two
> different ISP
> > > connections with two routers, I want users on the network should access
> > > internet from the two ISP's in load balancing and redundant fashion. Can
> any
> > > one suggest how do i configure firewall for this setup.
> > > Any one has done this kind of setup?? sample configuration would be
> > > appreciated..
> > >
> > > Thanks in advance
> > >
> > > Nitin Sahane
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:53 GMT-3