Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1463
Views
0
Helpful
3
Replies

Internet redundancy (2 2821, 2 ISPs, BGP, GLBP?, 1 ASA)

Go to solution
dgroscost
Level 4
Level 4

‎10-19-2008 06:42 PM - edited ‎03-03-2019 11:59 PM

I would like to get some feedback to this design:

2821 - ISP1 (MLPPP NxT1)

2821 - ISP2 (T1)

1 ASA FW

BGP announcing ISP1's /24 block over both ISPs.

Thinking of running GLBP on 2821 routers thus giving the ASA a single default (redundant) route to Internet.

I am not necessarily interested in load balancing/sharing as the MLPPP provides plenty of BW.

Is this a typical design?

If I were to advertise a default route from BGP into OSPF/EIGRP to the ASA (ver 8.x), or even use two default routes (same ASA interface), will that accomplish the same level of redundancy without the additional GLBP design?

Also - assuming this design works, and load balancing is not an issue, is it worth it to receive full internet routes in BGP vs. default routes from ISPs? Both 2821s would run w/ 1GB of RAM.

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Calin C.
Level 5
Level 5
In response to dgroscost

‎10-20-2008 09:36 PM

Hi!

Yes, on your routers GLBP/HSRP will use public IP addresses. If you want NAT/PAT on your ASA, then ASA will have a public IP address on the outside interface (from /24 block) with the gw on the "virtual IP". You will do NAT/PAT on ASA through this public IP address from the outside interface.

Good luck!

Cheers,

Calin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Calin C.
Level 5
Level 5

‎10-19-2008 09:37 PM

Hello!

1. If you don't want to use load-balancing features of GLBP, why use GLBP. HSRP is much easier to configure (personal opinion!).

2. You need some redundancy protocol between 2821 routers even if you announce one default route. Think of the following issue. Your 2821's are announcing a default route to your ASA. ASA forward the packets in our case to 1st 2821 (ISP1), but for some reason your connection to ISP1 is broken. Then what? The packet will be dropped. Your 2821's will still announce the default route to your LAN, no matter if their uplink is UP or not. With redundancy protococolo (HSRP, GLBP..) between the two 2821, the packet is switched/routed (in case of uplink to ISP1 for example) from the 1st 2821 to the 2nd 2821 and from there to your ISP2.

3. If you have BGP session with provider and enough memory to support big routing table, let them advertise full internet routes. If they advertise only default gw and they have an error with that particular IP which is your gw, then all your traffic is lost. Let BGP do it's job and dynamically reroute packets.

Hope this is clear for you. If not, please ask and I'll try to answer!

Cheers,

Calin

0 Helpful

Go to solution
dgroscost
Level 4
Level 4
In response to Calin C.

‎10-20-2008 07:54 AM

Thanks for the input.

Regarding GLBP/HSRP - I would like to retain the NAT/PAT at the ASA level. Am I correct by assuming the GLBP/HSRP configuration on the routers will use public IP addresses from my ISP assigned /24 block? And the "virtual IP" from either config will also be from the public IP block so that the ASA will still be in control NAT/PAT and operate on the edge level as well?

0 Helpful

Go to solution
Calin C.
Level 5
Level 5
In response to dgroscost

‎10-20-2008 09:36 PM

Hi!

Yes, on your routers GLBP/HSRP will use public IP addresses. If you want NAT/PAT on your ASA, then ASA will have a public IP address on the outside interface (from /24 block) with the gw on the "virtual IP". You will do NAT/PAT on ASA through this public IP address from the outside interface.

Good luck!

Cheers,

Calin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card