Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

Load Balancing Across Dual DS3 Lines

brett.s.wilson
Level 1
Level 1

‎04-04-2014 10:14 AM - edited ‎03-04-2019 10:43 PM

Hello,

We have two geographically separated subnets connected over dual DS3 lines and dual routers at each end.  See attached drawing for the network configuration.  I would like to use HSRP on each end as well as load balance using static routes of equal priority (one across the "primary" routers DS3 link, the other to the "backup" router and then across its DS3 link).  The drawing also includes the static routing table configuration.  So the idea was that all clients send their requests to the current active gateway which would then either route the packet out its interface connected to the DS3 or to the other standby router which would then route the packet across its DS3, effectively sharing the load across the DS3 lines.  The same configuration on the other end such that the return packet could come across either DS3 and through either router combination.  Since the standby routers do not have dual routes to the remote network, if they were to become active there would be no more load balancing until the configuration could be changed.

I originally had problems with CBAC as I had ip inspect turned on, and since the return packets were coming across different routers they were denied since both routers were unaware of the session initiation from the inside.  So I turned CBAC off, but am still having issues.  If I ping from oss_router1 to the remote 166.17.34.0/24 network, some of the pings time out and some work.  If I take out the secondary route to 166.17.34.0/24 through oss_router2 all pings are successful.  So it looks like when the ping is directed to oss_router2 it is somehow blocked, but all pings going out of oss_router1 straight across its own DS3 are successful.

There are no ACLs on any of the router interfaces.  It's almost like CBAC is "stuck" in that even though I removed all ip inspect statements it still might be doing something?

Could someone take a look at my drawing and router table configs and let me know if there's a better way to do load balancing across the DS3s?  I don't want there to be any single point failure, but I will consider additional equipment purchases if needed.

Thanks,

Brett

Labels:
Preview file
152 KB
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-04-2014 10:46 AM

Brett

This may be a typo but looking at the routing tables for the ntwin routers for the 10.72.2.8/30 network you have created a routing loop ie. 

nwtn_router1 sends return packets to 10.70.2.10 either direct to 10.70.5.10 or to nwtn_router2.

But ntwn_router2's route for 10.70.2.10 points back to ntwn_router1.

I would have thought ntwn_router2's next hop for that subnet should be 10.70.4.10 ?

Edit - perhaps i am not understanding what you are trying to do but it looks like you have done the same for other routes as well.

I was assuming that if you did a ping from 10.72.2.10 the return traffic could come back via either link ?

Jon

 
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card