10-03-2007 06:55 AM - edited 03-09-2019 06:56 PM
We are upgrading from active/standby configuration to active/active. What would be the best way to load-balance from the Core 65xx perspective? The firewall's are not running any routing-protocol or VRRP. The Core is running OSPF & CEF. Thanks!
................-->L2Switch-->FW1
CORE65xx
................-->L2Switch-->FW2
10-03-2007 07:04 AM
Hi,
What is the firewall vendor/model and what HA tecnology it use for active/active state?
I have setup CheckPoint (cluster) and Juniper (cluster) with a redundant core. However, PIX/ASA active/active state differs from these two.
Regards,
Dandy
10-03-2007 07:14 AM
Juniper ISG 2000's...
10-03-2007 07:33 AM
Hi,
For both CheckPoint and Juniper active/active state, run OSPF in the firewall. In the core, run OSPF load-balancing.
The firewall should see equal path to 2xcore to achieved load balancing in the core (outgoing traffic from Firewall). Do note that the incoming traffic to firewall is already load balancing no matter what is the routing configuration.
Don't forget to put a rule on top of the policy for OSPF connection between firewall and core. That is;
IP:
FW-VIP
FW1-IP
FW2-IP
FW-OSPF_ID (if available, I can't remember if Juniper need this but CheckPoint need this)
Core1-IP
Core2-IP
Core1-OSPF_ID
Core2-OSPF_ID
224.0.0.5
224.0.0.6
Service:
IP Protocol 89 (OSPF)
ICMP Type 8 (echo-request)
Good luck!
Regards,
Dandy
10-03-2007 07:52 AM
When you say run OSPF load-balancing are you speaking of the automatic equal-cost load-balancing?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: