HSRP to GLBP Conversion

rfranzke · ‎12-02-2011

Hello netpros...

I am considering a switch from using HSRP on our edge routers to GLBP to try and get some better use of our CPE gear. I basically have two routers each with a BGP session to an ISP, accepting full BGP feeds, and an iBGP session between them. I have a PIX firewall connected to the edge routers via a switch. The routers are using HSRP between them. The firewall is sending all outbound traffic to the HSRP VIP of the routers. One router is the primary HSRP router and the second router is the backup.

Since my firewall is the only device using the HSRP VIP as its gateway (internal hosts use the PIX internal interface as theirs), would there be any advantage as far as traffic load sharing by implementing GLBP on the edge routers rather than HSRP. The way I understand GLBP to work, it seems that without adjusting the ARP timeout on the PIX, I would not really see any load sharing at all between the AVFs in the GLBP group. The PIX would just learn the virtual MAC of the AVF and send all its traffic there until the ARP timeout occurs until which time it might or might not get the vMAC of another AVF to share the traffic load. The point is I don't think the loadsharing would occur without dropping the ARP timer down very low.

Can anyone tell me if there is some advantage to using GLBP in the way I am describing and what would be the impact of dropping the ARP timer down very low in terms of CPU usage? Would there be any way I could leverage GLBP as a load sharing mechanism in my environment. Maybe multiple GLBP groups and dual default routes on the PIX? Would really like to just use GLBP without too much complication if possible. Then again it seems HSRP could work just as well in that scenario. As always....thanks.

-Bob

Joseph W. Doherty · ‎12-05-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As I recall, GLBP won't be too useful if it only "sees" one sending host.

If your routers support it, you might find OER/PfR a much better method to balance outbound traffic on your ISP links.

rfranzke · ‎12-05-2011

Agreed on the OER/PfR. That will be the next step but thought I would see if there was any benefit to switching to GLBP as well. Sounds like HSRP is good enough for what I am doing. Thanks for the reply.

Joseph W. Doherty · ‎12-05-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

While you're working to try OER/PfR, you might also try mHSRP, assuming the PIX can support two gateways.