Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix and two default routes?

Ive tried to look through the documentation on this, but can you do two default routes on a pix also, for load balancing?

8 REPLIES
New Member

Re: Pix and two default routes?

Or an ASA?

Re: Pix and two default routes?

Hi friend,

I dont think you can have 2 default routes on the PIX or the ASA.

But if you want this for redundancy they can surely run OSPF with which you can achieve what you want

HTH

Narayan

New Member

Re: Pix and two default routes?

I dont think you can load balance but there are some options for redundancy. If you have Proxy-Arp turned on you can set your default route to the interface on the Pix or with version 7.2 you can track a router using the SLA monitor feature and switch to a backup route if its not available.

New Member

Re: Pix and two default routes?

This is actually incorrect. I worked with the TAC on this issue today as the documentation is unclear.

In PIXOS 6.3 you can do Equal Cost Multipath (ECMP) load balancing using OSPF.

In PIXOS 7.x you can do Equal Cost Multipath load balancing with static routes.

The dynamic routing solution with OSPF is better as it will remove the bad route if a router should go down or you loose connectivity.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/ip.htm#wp1047900

New Member

Re: Pix and two default routes?

yes, but it will load-balance on a per-destination basis. OSPF and RIP both support equal cost load balancing. The switching path for the pix and asa i believe is process-switched meaning that it is destination load balanced. i don't know if you can change this or if you would want too.

New Member

Re: Pix and two default routes?

Right, here is what TAC said about that issue:

"The limitation is that the PIX will do per-destination Load Balancing instead of per packet load balancing. The algorithm will look at the source and destination addresses. It does not do 1:1 load balancing. Given enough different source and destination addresses, the packets will more or less reach a 50/50 spit between the two next-hops. However, in real world testing with the same source and destination addresses, it may not reach an even load balancing."

New Member

Re: Pix and two default routes?

i'm assuming the reason for this is because in the setup i have here i have some asa 5520 that have the content inspection module from trend micro in it. i don't think the asa would react too kindly to recieving packets way out of order or if it was in a active/active cluster that half the ZIP file was routed through one asa and half the ZIP file through the other. how would it then inspect the file in accordance to policy? just a thought. i don't know the real reason for this though. cisco probably figures if you need to do crazy routing stuff - get a router. :)

New Member

Re: Pix and two default routes?

I'm very curious about the traffic distribution algorithm. It is important to me that clients remain with the same servers most of the time.

That link states:

"With ECMP, the traffic is not necessarily divided evenly between the routes; traffic is distributed among the specified gateways based on an algorithm that hashes the source and destination IP addresses."

Has anybody used this? Do clients stick to servers unless routing changes are made?

164
Views
12
Helpful
8
Replies