From: Huan Pham (huan.pham@valuenet.com.au)
Date: Wed Feb 06 2008 - 06:11:15 ARST
Shiran,
I go with Aamir. GLBP load-balancing is based on the assumption that you
have many LAN hosts. Each host arp request for the default gateway IP will
get a different virtual default gateway MAC address, in a round robin
fashion. On virtual default gateway MAC corresponds to one active router.
Since you have only one Firewall on that LAN segment, only one active
virtual router is serving that host. No load-balancing is achieved.
Back to Aamir's question, I have these options:
- Option1: Turn Firewall to run a routing protocol to learn two default
routes dynamically, or set two static default gateway.
- Option2: Get the switch to work as a L3 device and do the same as above.
- Option3: Use tunnels
+ Configure 2 tunnels between R1 and R2: Tunne12 is served to offload
traffic sent to R1, and Tunnel21 is to off-load traffic send to R2.
+ Configure additional static default route on each router going via one
of the "off-load" tunnel.
+ route-map to do policy-base routing, so that traffic coming from the
"off-load" tunnel have the next-hop as the Internet WAN.
The option 2 is the cleanest, however it requires you to have the L3
capability.
Cheers,
Huan
Below are sample configuration, without GLBP, or HSRP . Both do the same job
for router redundancy in this case. The configuration below just does the
load-sharing.
R1#
!
interface Tunnel12
! for offloading trafic via R2
ip address 12.0.0.1 255.0.0.0
tunnel source 10.0.0.1
tunnel destination 10.0.0.2
!
interface Tunnel21
ip address 21.0.0.1 255.0.0.0
ip policy route-map FROM_R2
tunnel source 10.0.0.1
tunnel destination 10.0.0.2
!
interface FastEthernet0/0
ip address 10.0.0.1 255.0.0.0
!
interface Serial1/1
! WAN link
ip address 13.0.0.1 255.0.0.0
ip route 0.0.0.0 0.0.0.0 Serial1/1 13.0.0.3
ip route 0.0.0.0 0.0.0.0 Tunnel12 12.0.0.2
!
!
!
route-map FROM_R2 permit 10
set ip next-hop 13.0.0.3
R2#
!
!
interface Tunnel12
ip address 12.0.0.2 255.0.0.0
ip policy route-map FROM_R1
tunnel source 10.0.0.2
tunnel destination 10.0.0.1
!
interface Tunnel21
ip address 21.0.0.2 255.0.0.0
tunnel source 10.0.0.2
tunnel destination 10.0.0.1
!
interface FastEthernet0/0
! LAN
ip address 10.0.0.2 255.0.0.0
!
interface Serial1/1
! WAN
ip address 23.0.0.2 255.0.0.0
!
!
ip route 0.0.0.0 0.0.0.0 Tunnel21 21.0.0.1
ip route 0.0.0.0 0.0.0.0 Serial1/1 23.0.0.3
!
!
route-map FROM_R1 permit 10
set ip next-hop 23.0.0.3
!
!
By default, router load-balance traffic per destination. If you want easily
see load-sharing effect, turn on load-sharing per-packets under the
interface
ip load-sharing per-packet
no ip route-cache
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
shiran guez
Sent: Wednesday, 6 February 2008 3:29 AM
To: Aamir Aziz
Cc: ccielab@groupstudy.com
Subject: Re: Load Balancing with 2 Routers and Single FW
when you arp for the virtual address assigned either GLBP/HSRP/VRRP you will
get only the MAC address assigned to the virtual address!
GLBP is build in a way that it allow you to load share by methods of your
choice. and your arp will get based on the method the correct Virtual MAC.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiap_c
/ch20/haipglbp.htm#wp1027129
On Feb 5, 2008 10:08 AM, Aamir Aziz <aamiraz77@gmail.com> wrote:
> Hi Group:
>
> I have a simple scenario:
>
> Router 1 Router 2
> \ /
> \ /
> \ /
> \ /
> Switch 1
> |
> |
> |
> Firewall
>
> Router 1 and Router 2 are connected to Internet. Hosts are behind the
> firewall so how to acheive load-balancing in order to utilize both the
> Internet Links?. I want firewall to have one default route. If i use
> GLBP on Router 1 and Router 2 it wont work as FW will arp and get
> virtual MAC of any one router or i simply use the switch as layer 3
> and define two default routes on the switch pointing towards Router 1
> and Router 2? what would be the best practice?
>
> Thanks
> Aamir
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Shiran Guez MCSE CCNP NCE1 http://cciep3.blogspot.com http://www.linkedin.com/in/cciep3
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST