Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GLBP problem

Dears,

I have two cisco routers connected to a firewall through a multi-layer switch ,I tried to configure glbp on the two routers on fastethernet interface but the problem is when I shutdown fa interface to test glbp the router remain in the "Init state" and didnt go to standby state,this mean that the second router will not handle the traffic!!

Any advise...Thanks

16 REPLIES
Hall of Fame Super Bronze

Re: GLBP problem

Can you post the portion of the config from those 2 devices along with the show glbp output ?

New Member

Re: GLBP problem

it is a basic glbp configuration...see following:

Router1:

glbp 1 ip

glbp 1 priority 150

glbp 1 preempt

glbp 1 load-balancing round-robin

Router2:

glbp 1 ip

glbp 1 priority 100

glbp 1 preempt

glbp 1 load-balancing round-robin

Hall of Fame Super Bronze

Re: GLBP problem

Still missing the show glbp output while the interface is shutdown.

New Member

Re: GLBP problem

attached is the output of show glbp on router 1 while interface is down

New Member

Re: GLBP problem

Any help??

Re: GLBP problem

It will be in init state as long as the interface is down. It cannot be in standby if the interface is down. Also, it cannot know the state of the partner, so it assumes that is init as well.

Have a look at the show glbp on the remaining router. You will see the shut-down one as init and the other as active.

Then re-enable the original. They will both be active forwarders. But only one will be active virtual gateway, while the other will be standby.

Kevin Dorrell

Luxembourg

New Member

Re: GLBP problem

This is right but the second router must handle all the traffic and this didnt happen!!!???

Re: GLBP problem

So could you post the show glbp and show int at the router that you didn't shut down?

Also, I assume your firewall has a static route to targeted at the vitual address of the GLBP group, yes?

In any case, I don't think you are going to get the traffic from the firewall load-balanced between the two routers. GLBP works by having a different MAC address for each forawrder, and handing each host one of the two MAC addresses in response to the ARP. One host (like one firewall) will operate on one MAC address. When a router fails, its partner takes its MAC address as well as its own.

You might be better off load-sharing at layer-3 using OSPF. That really can load-share per-packet.

Kevin Dorrell

Luxembourg

New Member

Re: GLBP problem

Thank you Kevin Dorrell for your cooperation...the firewall has a default route to the "Virtual IP address" but I have different real IP range on the firewall and nating is implemented on the firewall..there is a load sharing but it's unequal..what is the other solutions you suggests

Re: GLBP problem

Can your firewall do OSPF?

New Member

Re: GLBP problem

Yes it is a juniper firewall

Re: GLBP problem

I would go for OSPF then. Configure the two routers and the firewall as OSPF, and forget about the GLBP. In your routers, re-distribute your external routes into the OSPF with the same path cost.

(The routes in your firewall - are they statics, or are they picked up by OSPF on the untrusted zone? If they are statics, you must make sure they do not get redistributed if the output interface is down.)

The firewall should pick up routes via both routers. If I remember right, there is a parameter you have to set up in the Juniper to make it load balance, but once it is set, it works quite well.

Kevin Dorrell

Luxembourg

New Member

Re: GLBP problem

what if i configure two default routes on my firewall???first route consider router one as a next hop and the second route consider router 2 as a next hop???

Re: GLBP problem

That would work for the outgoing load balancing, but it would not failover correctly if one of the routers failed. The inaccessible static default route would still be in your firewall and would sink half the traffic.

Kevin Dorrell

Luxembourg

New Member

Re: GLBP problem

but I knew that cisco routers consider a static route invalid if it is directly connected and unreachable.??is this true??

Re: GLBP problem

That is true, but if the three units - the two routers and the firewall - are on an Ethernet then the firewall will not know that one of the routers is down. As far as it is concerned, the Ethernet is reachable so the two routers must be.

Unless you can get the firewall to do object tracking, but I have not seen that feature in it.

Kevin Dorrell

Luxembourg

1061
Views
0
Helpful
16
Replies