I have a 2 ISP/2 local router set up (one ISP on each router). Currently each router is taking a partial routing table, of AS numbers, and then there's a default route.
The 2 local routers are BGP neighbours in the same AS. We run HSRP between our 2 local routers, with the HSRP address acting as the default gateway (primarily on router 1). So most traffic goes to router 1 > Internet, with some going to router 1 > router 2 > Internet (only routes advertised by ISP). Hope that makes sense.
Unfortunately this is causing router 1 to have 3 times as much traffic as router 2, so we would like to try out taking a full routing table on each, and keeping the same HSRP setup.
Router 1 will see any routes advertised by router 2 as AD 200 - is there a way to change the AD to 20 for routes internal to the AS? Otherwise router 1 will prefer its ISP for all routes, and then it will be very unbalanced!
Also, assuming I can manage for both router 1's ISP's and router 2's routes to be considered for router 1's routing table, what order is preference decided on? I guess I would like it to be decided on path first?
Even with full Internet BGP tables, by default, eBGP routes will be preferred over the iBGP routes. I.e., unless your iBGP peer has a shorter AS path, traffic will go off the external link from the gateway BGP router.
Giuseppe's GLBP solution is probably the easiest. Something to note, virtual MAC changes from HSRP's and I don't believe GLBP does a gratuitous ARP. I.e. clients may lose their connection to the gateway until they re-ARP the gateway IP.
Some other options you might have.
You could "front" your two WAN routers with another L3 device and have it route to each WAN router. This can provide a better load balance than GLBP since flows should be alternated not MACs. (The latter is especially useful for very busy devices that push lots of your traffic, good example would a firewall or proxy.)
If your routers support it, you could also consider OER/PfR. This technology was originally, I believe, designed to optimize outbound flows for the Internet. (It doesn't require full BGP table, or even BGP.)
The OP has not posted any network diagram, so I will just create a scenario in my head that is pretty typical, OK?
Imagine we have 2 parallel paths:
FW_1---->Edge Router_1<--------->ISP Router_A
FW_2---->Edge Router_2<--------->ISP Router_B
Assuming the firewalls are in a hot/standby (failover) configuration, one of them will be forwarding user traffic. Lets say it's FW_1.
FW_1 will most likely have a default static route pointing to the Edge Router's VIP. The thing with GLBP is that each user who ARPs for the default gateway will receive a different MAC, one for each of the AVFs. This is how load balancing is achieved. Its based on the idea that many users will ARP and each will be given a different MAC address in a round robin fashion or based on some other criteria.
The FW however, will only ARP once for the default gateway's MAC address, and thats it. Whichever AVF it is told to use will be the one it will always forward traffic to, unless the ARP entry in the FW times out, in which case it will have to ARP again and may or may not receive the same AVF.
So, my question is, given this scenario, how does GLBP provide load balancing?
GLBP cannot provide any advantage in the scenario you have described as you correctly noted a single client makes a single ARP request for the VIP gets its answer and uses it until ARP cache entry timeouts.
An attempt could be done to see if GBLP can coexist with ip proxy-arp:
at the price of much more ARP activity that involves broadcast traffic the device missing a next-hop for its default route should ARP for each possible destination.
This would require three conditions to be met:
that ip proxy-arp can coexist and interoperate with GLBP
that GLBP has a simple round-robin algorithm to provide its ARP replies from the AVF MAC pool (= it can provide different answers over time to the same requester, not sure of this)
that a security appliance like a firewall arps for every possible destination on the lan segment.
However, even if all these conditions were met the cpu usage of the AVG device could be a problem (this depends also on platform).
So also if it is possible it shouldn't be recommended.
In summary, with a single client GLBP and HSRP provides the same service.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...