load balanced internet connection

Unanswered Question
Mar 29th, 2007

Hi all, im at my new job now, they seem to have a load balanced internet connection, 2 x 2mb, behind these 2 routers sits one firewall, what will be the most likely config of the internet routers ? as there is a default route on the firewall just to the outside interface !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owaisberg Thu, 03/29/2007 - 12:42


Ideal scenario is:

1. Firewall points to HSRP VIP which presents

both routers (with two firewalls MHSRP is

the best way to go for loadbalanicing)

2. If load balancing based on the source, then

on the primary router should be PBR

sending these sources to the second router


3. If no BGP running between edge and ISPs

then statics with tracking objects is a

way to go.



carl_townshend Thu, 03/29/2007 - 12:56

it says on my diagram protocol based load balancing, but how can this be achieved if there is no static route on my firewall, the route on my firewall is just pointing to its outside interface, any ideas ?

owaisberg Thu, 03/29/2007 - 13:00


I don't see any diagrams. What firewall is

that ? Do you have any configs to post ?



carl_townshend Thu, 03/29/2007 - 15:46

hi, they are cisco 1700 internet routers, the firewall is a symantec one. routers and firewall all have external ip address and sit on the same switch

Amit Singh Thu, 03/29/2007 - 22:04


Protocol based load-balancing is morever reffreing to Policy based routing and using one router for HTTP,FTP traffic and other router for mail or some other traffic. OW has pointed out the same in his post earlier.


-amit singh

carl_townshend Fri, 03/30/2007 - 01:10

Thanks Amit, so how would this work with my firewall? there is no route to either router from my firewall, and will the pbr be from the isp inbound or from my internet routers going outbound ?

Amit Singh Fri, 03/30/2007 - 05:35

Carl,In that case there shouldb be routes on the firewall towards both the routers.The PBR will be from your internet routers going outbound.The routers will decide to route the packet based on the source traffic and will act as backup to ach other.


-amit singh

carl_townshend Fri, 03/30/2007 - 12:55

would I just do 2 default routes from my firewall in this case, and how would these internet routers failover if they each have there own pbr ?


This Discussion