We have two geographically separated subnets connected over dual DS3 lines and dual routers at each end. See attached drawing for the network configuration. I would like to use HSRP on each end as well as load balance using static routes of equal priority (one across the "primary" routers DS3 link, the other to the "backup" router and then across its DS3 link). The drawing also includes the static routing table configuration. So the idea was that all clients send their requests to the current active gateway which would then either route the packet out its interface connected to the DS3 or to the other standby router which would then route the packet across its DS3, effectively sharing the load across the DS3 lines. The same configuration on the other end such that the return packet could come across either DS3 and through either router combination. Since the standby routers do not have dual routes to the remote network, if they were to become active there would be no more load balancing until the configuration could be changed.
I originally had problems with CBAC as I had ip inspect turned on, and since the return packets were coming across different routers they were denied since both routers were unaware of the session initiation from the inside. So I turned CBAC off, but am still having issues. If I ping from oss_router1 to the remote 22.214.171.124/24 network, some of the pings time out and some work. If I take out the secondary route to 126.96.36.199/24 through oss_router2 all pings are successful. So it looks like when the ping is directed to oss_router2 it is somehow blocked, but all pings going out of oss_router1 straight across its own DS3 are successful.
There are no ACLs on any of the router interfaces. It's almost like CBAC is "stuck" in that even though I removed all ip inspect statements it still might be doing something?
Could someone take a look at my drawing and router table configs and let me know if there's a better way to do load balancing across the DS3s? I don't want there to be any single point failure, but I will consider additional equipment purchases if needed.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...