Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Load Balancing Across Dual DS3 Lines


We have two geographically separated subnets connected over dual DS3 lines and dual routers at each end.  See attached drawing for the network configuration.  I would like to use HSRP on each end as well as load balance using static routes of equal priority (one across the "primary" routers DS3 link, the other to the "backup" router and then across its DS3 link).  The drawing also includes the static routing table configuration.  So the idea was that all clients send their requests to the current active gateway which would then either route the packet out its interface connected to the DS3 or to the other standby router which would then route the packet across its DS3, effectively sharing the load across the DS3 lines.  The same configuration on the other end such that the return packet could come across either DS3 and through either router combination.  Since the standby routers do not have dual routes to the remote network, if they were to become active there would be no more load balancing until the configuration could be changed.

I originally had problems with CBAC as I had ip inspect turned on, and since the return packets were coming across different routers they were denied since both routers were unaware of the session initiation from the inside.  So I turned CBAC off, but am still having issues.  If I ping from oss_router1 to the remote network, some of the pings time out and some work.  If I take out the secondary route to through oss_router2 all pings are successful.  So it looks like when the ping is directed to oss_router2 it is somehow blocked, but all pings going out of oss_router1 straight across its own DS3 are successful.

There are no ACLs on any of the router interfaces.  It's almost like CBAC is "stuck" in that even though I removed all ip inspect statements it still might be doing something?

Could someone take a look at my drawing and router table configs and let me know if there's a better way to do load balancing across the DS3s?  I don't want there to be any single point failure, but I will consider additional equipment purchases if needed.



Everyone's tags (2)
Hall of Fame Super Blue

BrettThis may be a typo but


This may be a typo but looking at the routing tables for the ntwin routers for the network you have created a routing loop ie. 

nwtn_router1 sends return packets to either direct to or to nwtn_router2.

But ntwn_router2's route for points back to ntwn_router1.

I would have thought ntwn_router2's next hop for that subnet should be ?

Edit - perhaps i am not understanding what you are trying to do but it looks like you have done the same for other routes as well.

I was assuming that if you did a ping from the return traffic could come back via either link ?


CreatePlease to create content