Solved: Internet Traffic Load Balancing/Fail-over

vinnienguyent · ‎05-26-2010

Building A

ASA Outside interface 207.158.106.2 à ISP router Ethernet0

Inside interface 10.20.30.1 à 6509

Building B,

ASA Outside interface 63.48.50.2 à to ISP router Ethernet0

Inside interface 10.20.40.1 à 6509

Building A & B, Ethernet connection from 6509 -àASA à ISP router has no

Dynamic routing.

From 6509 in Bldg A & B. I added statement below to direct Internet traffic to both ASA

(load balancing)

ip route 0.0.0.0 0.0.0.0 10.20.30.1

ip route 0.0.0.0 0.0.0.0 10.20.40.1

In theory, this should work.

The goal is to have a design that does load-balancing and fail-over for the Internet traffic.

The question I have is, how I make this set up for fail over without spending lots of $$$.

Thanks,

Rick Arps · ‎05-27-2010

If you want to have more control over it, you can use the static route tied to an sla tracker. Here's a quick example:

ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now

track 1 rtr 1
delay down 10 up 20

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1

This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.

Hope this helps

Rick

View solution in original post

Rick Arps · ‎05-26-2010

Your 6509 should remove the static route from the table if the next hop becomes unreachable. The other option you have is using ip sla to track the reachability of each asa and then tie the static route into the sla monitor.

Here's a pretty good article on the subject:

http://www.ciscoblog.com/archives/2008/08/dynamic_failove.html

Hope this helps!

Rick

vinnienguyent · ‎05-26-2010

Hi Rick,

Thanks for the answer. If one of the static route gets removed from the 6509's routing table once the next hop is not reachable then that would be my prefered design. I have been wondering about it, I didn't think the static route will get removed when the next hop is unreacheable because it's static, I guess the 6509 is smart enough to do it even the static was hard coded.

Vinnie,

Ganesh Hariharan · ‎05-26-2010

Hi Rick,
Thanks
for the answer. If one of the static route gets removed from the 6509's
routing table once the next hop is not reachable then that would be my
prefered design. I have been wondering about it, I didn't think the
static route will get removed when the next hop is unreacheable because
it's static, I guess the 6509 is smart enough to do it even the static
was hard coded. 
Vinnie,

Hi Vinnie,

Check out the below link for active/passive configuration related to your secnarios in ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

Hope to help !!

Ganesh.H

Remember to rate the helpful post

vinnienguyent · ‎05-27-2010

Ganesh,

It's 30 miles between building A & B . Also building A has already have a pair of ASA's that are configured for fail over.

Thanks for the link.

nguyenvinnie · ‎05-27-2010

Thanks,

Rick Arps · ‎05-27-2010

If you want to have more control over it, you can use the static route tied to an sla tracker. Here's a quick example:

ip sla 1
icmp-echo x.x.x.x
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now

track 1 rtr 1
delay down 10 up 20

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2.210 track 1

This will insert the route only when the ip address is reachable with a ping, and you can adjust the delay down and up timers.

Hope this helps

Rick

nguyenvinnie · ‎05-27-2010

Thanks Rick, I'll give it a shot