Load balancing and OSPF default router issue on ASA

Unanswered Question
Feb 11th, 2009

I have following setup:

WAN-------Router 1--------ASA

| |

| |

| |

--------Router 2---------

I have BGP running between Router 1, Router 2 and WAN. Ospf is running between Router 1, Router 2 and ASA..Router 1 and 2 are injecting default route to ASA so I do see two defaults on ASA but I observe that it only ends up using one..rather then ASA if this would have been router it would do equal cost load balancing but that doesnt happen when we learn two dynamic defaults over ospf on ASA..whats the reason for that.

Secondly whats the way out to do traffic based load balancing over WAN links on router 1 and 2. As one router has WAN link of 1MB and other is 2MB, I configured GLBP but that doesnt seems to be the right solution in this design. What I mean is lets I would like to divert traffic to Router 2 if Router 1 WAN link usage has hit 1MB.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 02/12/2009 - 01:03

Hello Omair,

for the first issue other collegues have reported the same : that ASA installs only one default-route even if it receives two.

For the second issue:

GBLP works by providing different MAC addresses for ARP requests so it works well only if multiple clients are on LAN: the ASA does a single ARP request receives one answer and use it.

So GLBP doesn't provide load balancing to a single client.

You may try to inject fake summary routes (very large each one fourth of whole address space) in OSPF so that the ASA tries to use the two routers

Hope to help


oqureshi Thu, 02/12/2009 - 01:56

Ya but thats just a workaround, I may end up using policy based routing on routers to handle traffic balancing for major chunk of it.

Thanks for the reply.


rayborg Thu, 02/19/2009 - 07:23

Hello Giuseppe

i`ve read this conversation and i have seen some similarity to my issue. I have found some documentation about this Protocol and thought I could implement it on our WAN connection so to enlarge our capacity.

In our case we have active redundant ASAs. Does GLBP still not be able to load balance the two WAN connections?


Giuseppe Larosa Thu, 02/19/2009 - 14:06

Hello Ray,

GLBP works by answering with different MAC addresses to ARP requests for the VIP address.

So this works well when multiple clients need to communicate with outside world.

So if you have two ASAs as clients with a round robin algorithm in GLBP they should use one router1 and one router2.

When I tested GLBP I used a single router as an host and I was changing its ip address and making it to perform ARP request for the VIP

with sh ip arp I could see the MAC address changing at each request in a round-robin manner (with default algorithm)

The result is that you have redundancy and you can have load balancing (high probability if you make the ASAs the only two clients in that VLAN)

Hope to help


oqureshi Fri, 02/20/2009 - 01:35

Thats correct but in my first post this is not the main issue, GLBP works better if you have more host trying to use more then one default gateway. The issue I have is related to ospf running between Router1, Router2 and two ASA. ASA does learn two defaults from both the routers but do not use both of them it will always show * which means active route for one of them. There is no way to advertise GLBP virtual IP as route as it would be on same subnet between ASA and Routers.

ASA doesnt load balance two equal cost learned OSPF routes.



This Discussion