05-23-2012 02:41 PM - edited 03-04-2019 04:27 PM
I have a few questions I am wondering if anyone can help me with.
We currently have two cisco 2861's with c2800nm-adventerprisek9-mz.124-15.T8.bin loaded
Currently one of these routers is in production.
It has a public address, one secondary address and a bunch of ip nat rules (some with source addresses in that nat rule, that do not match either ip on the public interface)
I have been asked to set up GLBP on both sides of the router, LAN and WAN side.
Thinking about it in my head it sounds resonable, the router(s) would just fake an arp to our upstream router at the data center (which we do not control).
I however, looking at the command reference, cannot see a way to assign a secondary address to a glb group, as you can with HSRP.
Would I need to create a group for each ip address we want to float betweeen routers? Or did I miss something in the command reference ?
We only have a single upstream link (it is an HSRP link) but that is transparent to us.
Is it possible to one, run GLBP on a public facing interface with the routers sharing a public address ?
Two, if it is possible, how do I assign the secondary addresses into the GLB pool/group ?
Solved! Go to Solution.
05-24-2012 01:06 AM
Hello John,
the real issue is the use of NAT with GLBP rather then enabling GLBP on interface with a public IP address that is a small detail.
Cisco has developed a feature called stateful NAT that uses HSRP to have resiliency for a scenario like yours.
The issue with GLBP would be that return traffic could be received on the other router that hasn't performed the NAT translation. Generally speaking NAT works well with only one active device at a time.
Read the following white paper about Stateful NAT, there is only one router working that is the primary but secondary router is kept in sync receiving the NAT translation table from primary. If the primary router fails the secondary takes over for the HSRP groups and can handle the current NAT translations with no issues.
see
http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml
and
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html
Hope to help
Giuseppe
05-24-2012 01:06 AM
Hello John,
the real issue is the use of NAT with GLBP rather then enabling GLBP on interface with a public IP address that is a small detail.
Cisco has developed a feature called stateful NAT that uses HSRP to have resiliency for a scenario like yours.
The issue with GLBP would be that return traffic could be received on the other router that hasn't performed the NAT translation. Generally speaking NAT works well with only one active device at a time.
Read the following white paper about Stateful NAT, there is only one router working that is the primary but secondary router is kept in sync receiving the NAT translation table from primary. If the primary router fails the secondary takes over for the HSRP groups and can handle the current NAT translations with no issues.
see
http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml
and
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: