Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bronze

GLBP

I have 2 bgp routers multihomed to 2 diff isp both sending def route only. I have a ASA-FW behind the BGP routers. I setup bgp local pref and as-prepend so that symmetrical routing go to ISP#1. I currently have hsrp but would prefer to migrate to another solution for the following conditions:

1.  ISP BGP session dies

2. line protocol on isp facing interface goes down

I was looking into GLBP but not sure if it would see condition #1. Also, not sure what are good timers for redirect but was thinking of 2sec interval with default 14,400 seconds timeout

R1-TO ISP#1

glbp 1 ip 10.1.2.1

glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 110
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2

track 1 interface f0/0 line-protocol

R2-TO ISP#2
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 105
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2

track 1 interface f0/0 line-protocol

3 REPLIES
Hall of Fame Super Blue

Re: GLBP

aamercado wrote:

I have 2 bgp routers multihomed to 2 diff isp both sending def route only. I have a ASA-FW behind the BGP routers. I setup bgp local pref and as-prepend so that symmetrical routing go to ISP#1. I currently have hsrp but would prefer to migrate to another solution for the following conditions:

1.  ISP BGP session dies

2. line protocol on isp facing interface goes down

I was looking into GLBP but not sure if it would see condition #1. Also, not sure what are good timers for redirect but was thinking of 2sec interval with default 14,400 seconds timeout

R1-TO ISP#1

glbp 1 ip 10.1.2.1

glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 110
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2

track 1 interface f0/0 line-protocol

R2-TO ISP#2
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 105
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2

track 1 interface f0/0 line-protocol

You can track interfaces with HSRP as well just in case you weren't aware.

Using GLBP in this scenario doesn't really give you anything as GLBP is primarily to do with load-balancing across multiple routers but you need different src mac--addresses for that and the src mac will always be the ASA.

If you want to failover if either the BGP session or the line protocol fail then the easisest thing to do would be to -

1) run EIGRP on your ASA

2) redistribute BGP default-route into EIGRP and use a metric so that ISP 1 is preferred.

that way if anything happens to the ISP1 router including if the link between the ISP router and the switch that connects to the ASA goes down, the ASA will then only be able to use the other default route.

If you are unhappy with running EIGRP on your firewall you could use the ASA to track the reachability of an IP destination and if it fails install a backup route to the ISP2 router.

Both ASA EIGRP support and route tracking are supported in version 8.x code.

Jon

Bronze

Re: GLBP

I am running 8.0 on my ASA. I want something quick and easy so sounds like ASA track would be easier...got any sample configs for me to start out with?

thx

Hall of Fame Super Blue

Re: GLBP

aamercado wrote:

I am running 8.0 on my ASA. I want something quick and easy so sounds like ASA track would be easier...got any sample configs for me to start out with?

thx


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1090243

616
Views
0
Helpful
3
Replies
CreatePlease to create content