Two 1700 routers with one WIC-ADSL interface in each connected to the same ISP; the two ADSL lines are separate.
The ethernet interfaces are on the same VLAN as each other plus there is also the outside interface of a PIX firewall on the same VLAN.
All users access the internet through the firewall and then out of the routers. We have normal Active/Passive HSRP running, however the customer now wants to load balance the two ADSL circuits to maximise throughput.
The question is which is the best way to load balance please? Is it GBLP or OER or VRRP?
A concern that our tech guys are bringing up is the fact that the balancing methods are based on MAC addresses, and since there is only internal device (i.e. the PIX firewall) there may be difficulty balancing the load since the PIX will only look at one router.
Can anyone shed light on this for me please? Which is the best method of load balancing?
It's not quite true to say that a VRRP/GLBP setup will not work because the PIX only looks at one interface. In fact, with such a setup, the PIX will only believe that there is a single physical device out there, with it's IP address being the virtual address assigned via VRRP/GLBP.
I would go for GLBP because it lets you do load-sharing and will certainly work in this scenario. While you can do load-sharing by using multiple VRRP groups, that is not quite applicable in your scenario since you only have a single device connected to the 2 routers.
I'm doing some research into GLBP and have seen the following:
GLBP Active Virtual Gateway
Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The function of the AVG is that it assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the AVG. These gateways are known as active virtual forwarders (AVFs) for their virtual MAC address.
The AVG is also responsible for answering Address Resolution Protocol (ARP) requests for the virtual IP address.
Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses.
The last sentence is the one that concerns me - we have a single PIX firewall that is doing the ARP requests; surely the PIX will only ARP for it's gateway once every once in a while - once it receives the response containing the virtual MAC (which is attached to only one of the routers - each router has it's own virtual MAC) then it will send all it's traffic to that router.
Is the above correct?
Paresh - thanks for your help - I really appreciate it.
Good observation.. you are correct. The load-balancing part of GLBP will not work too well with your setup since it's very unlikely to time out its MAC association once it acquires it.
I guess that kinda rules out GLBP. I'm not an expert on PIXes but don't they run OSPF ? You could run OSPF between the PIX and the two routers and get it to load-share that way. You could configure the two routers to conditionally inject a default route into OSPF when their outbound link is up.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...