I'm looking for ideas on weighting, tracking and priority for a scenario where we have a pair of 6500's in one datacenter and another pair of 6500's in another data center present on a single network segment (using VPLS) along with a pair of forwarding firewalls in Active / Stdby mode. Like this...
...all 6500's in same GLBP Group
...by default all 6500's round-robin load-balance
...DC's are geogrpahically diverse
DC 1 DC 2
6500 6500 6500 6500
| | | |
| | | |
----------------Outside VPLS Span -------------------
DC 1 ASA (active) DC 2 ASA
------------------Inside VPLS Span --------------
NOTE: there are production servers and other resources in both DC's, some operating as failover infratructures and other operating independtly. The requirement for layer 2 connectivity is therefore, not an option. VPLS is providing the L2 over L3 connectivity and works just fine.
My concern is, by default all 4 6500's in the GLBP group will round-robin load-balance. Because the DC's are geogrpahically diverse, (max 100ms delay between DC's, typically sub 10ms), if all 4 6500's are forwarding, there could be some TCP coming back through DC 1 distribution pair and other parts of the same TCP conversation coming back over the other DC 2 distribution pair. While all traffic would then traverse the same Active FW, out of sequence TCP from the two geographically diverse pairs of 6500's, including buffering performance and re-assembly delays, could be a problem.
Ideally it would be nice to have the DC1 6500's act as a forwarding GLBP pair and if there were any problems that took out both of these distribution routers, the DC2 GLBP pair would then automtically take over. And, NEVER load-balancing using all 4 group members at one time so that out of sequence TCP would never be a problem.
I don't see a way to make that work with GLBP, though I admint I don't understand the object tracking feature sufficiently to know if that's one possible solution.
Anybody every done something like this before?
Advanced GLBP config guide?