I've 2x877 routers which are each connected to a separate ADSL circuit with different providers for redundancy.
Currently I have HSRP setup for failover should one of the devices die. This doesn't cover failover should the upstream ADSL circuit stop working (leaving line protocol up, but no routing of traffic). And it means 1 ADSL circuit is left not doing much as all traffic goes out the primary Router.
I would like to start using both routers/circuits, with load balancing and failover.
What i've thought is, if I configure each router to track a couple of hosts on the internet (our vpn host at another site, and perhaps http://www.google.com), and then use the reachability of those hosts as an indicator of whether the circuit connected to that router is up, i can then use that status to trigger a fail over and route all traffic out via the other circuit.
While both circuits are active and working i would like to be able to load balance traffic in and out of both ADSL circuits, but am not sure what type of load balancing i should use (i presume GLBP is the best option). I understand that if the circuit fails that a persistant session (like RDP or SSH) is using fails, then it will have to be re-established to initiate the session out the other router.
Currently everything i've looked at seems to rely on decrementing and if ADSL_1 circuit fails more often than ADSL_2 then it's object weighting or priority will be decremented more often and thus, much lower than ADSL_2 so no fail over will occur unless ADSL_2 fails the same number of times to bring it's weighting/priority to below ADSL_1 (i hope i make sense).
I want to fail based on state of a tracked object, ie if tracked_object_1 is UP all is well and load balance between 2 circuits but when tracked_object_1 is DOWN route via the other circuit, and when tracked_object_1 comes back UP, load balance again.
Any help would be much appreciated, as i'm fairly new to the track command and GLBP on the 877.
Re: 2x877's, 2xADSL Circuits - Failover and Tracking
The ADSL connections are normal ISP provided internet access links and we are using NAT. We will probably setup a site-2-site vpn back to head quarters, mainly for administration of the firewalls and host machines behind that, but otherwise a vpn will not be used as all access needed by the office is available via the web.
Thanks for the tips. I had started looking into the object tracking with static routes with that document, and then saw your post mentioning the same document and ideas so persevered and i think i have it working now.
With the GLBP load balancing, will this affect VPN connections? and i presume if i don't specify a type of load balancing it will just use round robin? There will be a maximum of 12 hosts on the network.
When I do some testing, i notice failover is fine and there is no loss of connectivity as the other router picks up the traffic, however when the connection comes back up on the second router, there isa 3 second delay until traffic starts flowing again. Can this be done with no loss of connectivity? ie, a similar idea to port-channelling? I understand session based connections going out via the router that fails like RDP or SSH sessions will have to be re established but the least amount of time the connection is down during failover and failback the better. I was thinking of having 3 ip sla monitors and grouping them in an OR list. That way i can shorten the timeout, meaning if one packet reponse is missed it won't false failover as the other two are up, and if all 3 drop then chances are the connection is down and to fail over. However i'm not sure how to stop the short connection failure when the failed connection comes back online (whether it be a router power cycle or pulling the ADSL cable out of the back and plugging it back in).
For the sake of the config I've substituted one of our public devices with the Google IP address for the tracking statement, but as you mentioned i will be using a device that we have control of the IP.
I've attached our config to this post (various details changed/removed for public viewing)
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...