I am trying to redesign the infrastructure for my company (been here 3 months). I have to ISPs ATT (1.54) UUNET (1.54) which terminate into separate 2600's with WIC 1DSUT1. I will be installing a failover PIX configuration between the ISP routers and my internal network. (We have no firewall in place right now ;) I want to load balance outbound traffic between ISPs, I know I can do this with route-maps based on source address, but can I do this when the source address will be the external interface of the pix. We are not running BGP.
Would it be easier to load balance if I had both connections on one router? Instead of separate routers?
Any ideas on how to accomplish this would be greatly appreciated.
Depending of your infrastructure and budget. If you have only 2 2600, you can load balance your outbound traffic by using multiple vlan in your internal network where the 2 routers used HSRP. Router A is active for subnet 1, Router B is active for subnet 2...etc.
If you can add a couple of routers, this couple can load balance all the traffic in failover setup (hsrp)...
You could probably do this using static routes on the PIX, each covering some part of the IP address space, and each pointing to a different router towards a different ISP. For instance, on the PIX, you could configure four static routes:
0.0.0.0/0 to router 1
0.0.0.0/0 to router 2
0.0.0.0/1 to router 1
18.104.22.168/1 to router 2
This would split the ip address space in half, sending half to each router. The pix may not allow these short of prefix lenghts, so you may have to do more specifics, say /4's, or even a lot of /8's (I hope not, since that would be 256 static routes!), to split the address space up.
According to the information on the PIX on CCO, it should be able to load share--but you'll have to make both paths have the same administrative distance. Right now, you're setting one with an administrative distance of 200, which means the route to ISP A will always be installed in the table, and the other route, to ISP B, will not be.
So, something like this:
0.0.0.0 0.0.0.0 22.214.171.124
0.0.0.0 0.0.0.0 126.96.36.199
It should work out seperate interfaces, I would think, as well.
Inbound traffic you can load balance if sourced from outside. (IE. SMTP Traffic, WWW, FTP, etc.) Having 2 ISP's, and 2 separate IP Spaces, you can configure your DNS with 2 host entries on each service, Therefore DNS will round robin in-between the hosts, selectively sending inbound traffic via both ISP's.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...