From: Solanki, Deepen (dee.solanki@hp.com)
Date: Mon Mar 14 2005 - 11:20:03 GMT-3
All,
There is a relatively new protocol called Gateway Load Balancing
Protocol (GLBP) that permits you to load balance over multiple links.
It is similar to HSRP, however with HSRP you can only have one primary
and multiple secondarys.
http://cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guid
e09186a00801541c8.html
Gateway Load Balancing Protocol (GLBP) protects data traffic from a
failed router or circuit, like Hot Standby Router Protocol (HSRP) and
Virtual Router Redundancy Protocol (VRRP), while allowing packet load
sharing between a group of redundant routers.
Regards,
Dee Solanki
Direct - 404.648.2115
Cisco Certified - CCSP, CCDP, CCNP
Checkpoint Certified - CCSA
Network Engineer
Americas Service Delivery Organization
Managed Services
Hewlett Packard
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Murtaza Bhaiji
Sent: Sunday, March 13, 2005 3:15 AM
To: cciex4; ccielab@groupstudy.com; security@groupstudy.com
Subject: Re: Load balancing between frame-relay and DSL/VPN
Hi There,
Instead of doing all the follows you can add another
router to your DSL link. Configure HSRP on the
Ethernet interfaces. Use the Virtual IP on the PCs on
the LAN as the DG.
Configure your IPSEC Tunnel over the HSRP. This is
known as High Availability IPSEC VPN.
Read the following links to get config ideas:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_
guide09186a00800ed370.html
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a
00800942f7.shtml
regards,
MB
--- cciex4 <cciex4@yahoo.com> wrote:
> Hi all,
>
> I have one network scenario that needs your expert
> inputs. It is a hub-and-spoke setup. The spoke side
> has one WAN/Internet router that has one frame-relay
> and one Ethernet interface (connected to a DSL
> router), which connect to two different routers on
> the hub side (one for frame relay and the other for
> DSL).
>
> Also, VPN is to be configured on the DSL connection
> between the spoke and hub routers. The IGP is EIGRP.
>
> Topology below:
>
> SpokeRouter-FR-------WAN-------FR-HubFRRouter-----|
> |
> LAN
> ETH--DSL--------Internet-----DSL--ETH-HubVPNRouter-|
>
> The requirement for spoke side are (1) to do load
> balancing between the frame and VPN/DSL, (2) suport
> dynamic failover between frame & DSL, and (3) direct
> part of the traffic to DSL and others to frame, and
> (4) all internet bound traffic need to be back
> hauled to the hub.
>
> For req #1, I'm thinking of create a GRE/IPSEC
> tunnel on the DSL, then use EIGRP for dynamic load
> balancing. For req #2 & #3, NBAR (ie MOD CLI) and
> PBR traffic on the incoming LAN interface. In order
> to allow dynamic failover, use "set ip next-hop verify-availability"
> on the PBR route-map. For req #4, set a default route to a loopback
> interface on the hub router.
>
> What are the issues that you see? One of the issues
> that I can see is that packets sent from spoke to HubVPNRouter need to
> return to the same router (ie not from the HubFRRouter) otherwise the
> IPSec session will break? am I right?
>
> Thank you very much!
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
>
>
Send instant messages to your online friends
http://uk.messenger.yahoo.com
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:45 GMT-3