Internet Traffic Load Balancing/Fail-over

Answered Question
May 26th, 2010
User Badges:

Building A

ASA Outside interface 207.158.106.2 à ISP router Ethernet0

Inside interface 10.20.30.1 à 6509

Building B,

ASA Outside interface 63.48.50.2 à to ISP router Ethernet0

Inside interface 10.20.40.1 à 6509

Building A & B, Ethernet connection from 6509 -àASA à ISP router has no 

Dynamic routing.

From 6509 in Bldg A & B.  I added statement below to direct Internet traffic to both ASA

(load balancing)

ip route 0.0.0.0 0.0.0.0 10.20.30.1

ip route 0.0.0.0 0.0.0.0 10.20.40.1

In theory, this should work.

The goal is to have a design that does load-balancing and fail-over for the Internet traffic.

The question I have is, how I make this set up for fail over without spending lots of  $$$.

Thanks,

Correct Answer by Rick Arps about 7 years 2 months ago

If you want to have more control over it, you can use the static route tied to an sla tracker.  Here's a quick example:



ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now


track 1 rtr 1
delay down 10 up 20


ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1


This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.


Hope this helps

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Rick Arps Wed, 05/26/2010 - 11:15
User Badges:
  • Bronze, 100 points or more

Your 6509 should remove the static route from the table if the next hop becomes unreachable.  The other option you have is using ip sla to track the reachability of each asa and then tie the static route into the sla monitor.


Here's a pretty good article on the subject:

http://www.ciscoblog.com/archives/2008/08/dynamic_failove.html


Hope this helps!

Rick

vinnienguyent@y... Wed, 05/26/2010 - 14:22
User Badges:

Hi Rick,


Thanks for the answer. If one of the static route gets removed from the 6509's routing table once the next hop is not reachable then that would be my prefered design. I have been wondering about it, I didn't think the static route will get removed when the next hop is unreacheable because it's static, I guess the 6509 is smart enough to do it even the static was hard coded.


Vinnie,

Ganesh Hariharan Wed, 05/26/2010 - 22:50
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Rick,


Thanks for the answer. If one of the static route gets removed from the 6509's routing table once the next hop is not reachable then that would be my prefered design. I have been wondering about it, I didn't think the static route will get removed when the next hop is unreacheable because it's static, I guess the 6509 is smart enough to do it even the static was hard coded.


Vinnie,


Hi Vinnie,


Check out the below link for active/passive configuration related to your secnarios in ASA


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml


Hope to help !!


Ganesh.H


Remember to rate the helpful post

vinnienguyent@y... Thu, 05/27/2010 - 08:15
User Badges:

Ganesh,


It's 30 miles between building A & B . Also building A has already have a pair of ASA's that are configured for fail over.


Thanks for the link.

Correct Answer
Rick Arps Thu, 05/27/2010 - 09:32
User Badges:
  • Bronze, 100 points or more

If you want to have more control over it, you can use the static route tied to an sla tracker.  Here's a quick example:



ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now


track 1 rtr 1
delay down 10 up 20


ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1


This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.


Hope this helps

Rick

Actions

This Discussion