Re: Load Balancing with 2 Routers and Single FW

From: Aamir Aziz (aamiraz77@gmail.com)
Date: Thu Feb 07 2008 - 02:29:24 ARST

• Next message: Robert CCIE: "Re: CCIE# 20000 ??"
• Previous message: Chuck Ryan (chryan): "RE: CCIE# 20000 ??"
• Maybe in reply to: Aamir Aziz: "Load Balancing with 2 Routers and Single FW"
• Next in thread: Sarfaraz Munir: "Re: Load Balancing with 2 Routers and Single FW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi guys,

thank you for your replies, yeah i beleive Huan's option 2 is better,
i was also thinking the same, the only issue is it might lead to
single point of failure :)

thanks
aamir

On Feb 6, 2008 12:11 PM, Huan Pham <huan.pham@valuenet.com.au> wrote:
>
> Shiran,
>
> I go with Aamir. GLBP load-balancing is based on the assumption that you
> have many LAN hosts. Each host arp request for the default gateway IP will
> get a different virtual default gateway MAC address, in a round robin
> fashion. On virtual default gateway MAC corresponds to one active router.
>
> Since you have only one Firewall on that LAN segment, only one active
> virtual router is serving that host. No load-balancing is achieved.
>
> Back to Aamir's question, I have these options:
>
> - Option1: Turn Firewall to run a routing protocol to learn two default
> routes dynamically, or set two static default gateway.
>
> - Option2: Get the switch to work as a L3 device and do the same as above.
>
> - Option3: Use tunnels
>
> + Configure 2 tunnels between R1 and R2: Tunne12 is served to offload
> traffic sent to R1, and Tunnel21 is to off-load traffic send to R2.
>
> + Configure additional static default route on each router going via one
> of the "off-load" tunnel.
>
> + route-map to do policy-base routing, so that traffic coming from the
> "off-load" tunnel have the next-hop as the Internet WAN.
>
>
> The option 2 is the cleanest, however it requires you to have the L3
> capability.
>
>
> Cheers,
>
> Huan
>
>
> Below are sample configuration, without GLBP, or HSRP . Both do the same job
> for router redundancy in this case. The configuration below just does the
> load-sharing.
>
> R1#
> !
> interface Tunnel12
> ! for offloading trafic via R2
> ip address 12.0.0.1 255.0.0.0
> tunnel source 10.0.0.1
> tunnel destination 10.0.0.2
> !
> interface Tunnel21
> ip address 21.0.0.1 255.0.0.0
> ip policy route-map FROM_R2
> tunnel source 10.0.0.1
> tunnel destination 10.0.0.2
> !
> interface FastEthernet0/0
> ip address 10.0.0.1 255.0.0.0
>
> !
> interface Serial1/1
> ! WAN link
> ip address 13.0.0.1 255.0.0.0
>
> ip route 0.0.0.0 0.0.0.0 Serial1/1 13.0.0.3
> ip route 0.0.0.0 0.0.0.0 Tunnel12 12.0.0.2
> !
> !
> !
> route-map FROM_R2 permit 10
> set ip next-hop 13.0.0.3
>
>
>
>
>
>
> R2#
> !
> !
> interface Tunnel12
> ip address 12.0.0.2 255.0.0.0
> ip policy route-map FROM_R1
> tunnel source 10.0.0.2
> tunnel destination 10.0.0.1
> !
> interface Tunnel21
> ip address 21.0.0.2 255.0.0.0
> tunnel source 10.0.0.2
> tunnel destination 10.0.0.1
> !
> interface FastEthernet0/0
> ! LAN
> ip address 10.0.0.2 255.0.0.0
>
> !
> interface Serial1/1
> ! WAN
> ip address 23.0.0.2 255.0.0.0
> !
> !
> ip route 0.0.0.0 0.0.0.0 Tunnel21 21.0.0.1
> ip route 0.0.0.0 0.0.0.0 Serial1/1 23.0.0.3
> !
> !
> route-map FROM_R1 permit 10
> set ip next-hop 23.0.0.3
> !
> !
>
>
> By default, router load-balance traffic per destination. If you want easily
> see load-sharing effect, turn on load-sharing per-packets under the
> interface
>
> ip load-sharing per-packet
> no ip route-cache
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> shiran guez
> Sent: Wednesday, 6 February 2008 3:29 AM
> To: Aamir Aziz
> Cc: ccielab@groupstudy.com
> Subject: Re: Load Balancing with 2 Routers and Single FW
>
>
> when you arp for the virtual address assigned either GLBP/HSRP/VRRP you will
> get only the MAC address assigned to the virtual address!
>
> GLBP is build in a way that it allow you to load share by methods of your
> choice. and your arp will get based on the method the correct Virtual MAC.
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiap_c
> /ch20/haipglbp.htm#wp1027129
> On Feb 5, 2008 10:08 AM, Aamir Aziz <aamiraz77@gmail.com> wrote:
>
> > Hi Group:
> >
> > I have a simple scenario:
> >
> > Router 1 Router 2
> > \ /
> > \ /
> > \ /
> > \ /
> > Switch 1
> > |
> > |
> > |
> > Firewall
> >
> > Router 1 and Router 2 are connected to Internet. Hosts are behind the
> > firewall so how to acheive load-balancing in order to utilize both the
> > Internet Links?. I want firewall to have one default route. If i use
> > GLBP on Router 1 and Router 2 it wont work as FW will arp and get
> > virtual MAC of any one router or i simply use the switch as layer 3
> > and define two default routes on the switch pointing towards Router 1
> > and Router 2? what would be the best practice?
> >
> > Thanks
> > Aamir
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Robert CCIE: "Re: CCIE# 20000 ??"
• Previous message: Chuck Ryan (chryan): "RE: CCIE# 20000 ??"
• Maybe in reply to: Aamir Aziz: "Load Balancing with 2 Routers and Single FW"
• Next in thread: Sarfaraz Munir: "Re: Load Balancing with 2 Routers and Single FW"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST