cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
683
Views
0
Helpful
1
Replies

GLBP on public interfaces

I have a few questions I am wondering if anyone can help me with.

We currently have two cisco 2861's with c2800nm-adventerprisek9-mz.124-15.T8.bin loaded

Currently one of these routers is in production.

It has a public address, one secondary address and a bunch of ip nat rules (some with source addresses in that nat rule, that do not match either ip on the public interface)

I have been asked to set up GLBP on both sides of the router, LAN and WAN side.

Thinking about it in my head it sounds resonable, the router(s) would just fake an arp to our upstream router at the data center (which we do not control).

I however, looking at the command reference, cannot see a way to assign a secondary address to a glb group, as you can with HSRP.

Would I need to create a group for each ip address we want to float betweeen routers? Or did I miss something in the command reference ?

We only have a single upstream link (it is an HSRP link) but that is transparent to us.

Is it possible to one, run GLBP on a public facing interface with the routers sharing a public address ?

Two, if it is possible, how do I assign the secondary addresses into the GLB pool/group ?

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello John,

the real issue is the use of NAT with GLBP rather then enabling GLBP on interface with a public IP address that is a small detail.

Cisco has developed a feature called stateful NAT that uses HSRP to have resiliency for a scenario like yours.

The issue with GLBP would be that return traffic could be received on the other router that hasn't performed the NAT translation. Generally speaking NAT works well with only one active device at a time.

Read the following white paper about Stateful NAT, there is only one router working that is the primary but secondary router is kept in sync receiving the NAT translation table from primary. If the primary router fails the secondary takes over  for the HSRP groups and can handle the current NAT translations with no issues.

see

http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml

and

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html

Hope to help

Giuseppe

View solution in original post

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello John,

the real issue is the use of NAT with GLBP rather then enabling GLBP on interface with a public IP address that is a small detail.

Cisco has developed a feature called stateful NAT that uses HSRP to have resiliency for a scenario like yours.

The issue with GLBP would be that return traffic could be received on the other router that hasn't performed the NAT translation. Generally speaking NAT works well with only one active device at a time.

Read the following white paper about Stateful NAT, there is only one router working that is the primary but secondary router is kept in sync receiving the NAT translation table from primary. If the primary router fails the secondary takes over  for the HSRP groups and can handle the current NAT translations with no issues.

see

http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml

and

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco