We would like to load-balance and have failover for our outbound Internet traffic across two different T1 connections to the same provider. Each of the T1's terminate at a separate 2651XM router with a single PIX 515 behind them. Would it be possible to use HSRP or GLBP to accomplish both failover and load-balancing? If not, what would you recommend?
If you configure HSRP on both of the 2651 routers and employ the HSRP track feature to monitor the outbound T1 then you should have very good failover. The PIX will have an outbound static default route with the next hop address being the HSRP shared address. In this configuration the PIX will forward to the active router and if the active router fails or its T1 fails then the other router becomes active and the failover is transparent to the PIX.
This configuration does not give you much load balancing.
We will be doing BGP with our provider. Both routers are on the same subnet, and the PIX simply has a default route to the GLBP address. Would you recommend implementing a routing protocol on the PIX? It is a 515 running version 6.2(4).
I disagree that the GLBP in your situation will give you load-balancing. If there were multiple hosts on the LAN, GLBP allows the multiple hosts to use different gateways (same virtual IP address, but different virtual mac addresses), hence the traffic is shared amongst the routers participating in GLBP. But because the 2 routers are connected to just the PIX firewall, the PIX will acquire one virtual mac address for its gateway, and all traffic will be forwarded to this address.
If you are running BGP to your Service provider, you use this to achieve your load-balancing. Configure your iBGP session as well between the 2 routers. You can then configure BGP outbound policy to share the outbound traffic between the two routers.
To ensure failover, you will need to run a routing protocol between the PIX and the routers. Or, you could run either HSRP or GLBP, and have static default route on the PIX, pointing to the HSRP or GLBP address.
since you have two connections to the same ISP, i would probably use GLBP (instead of hsrp/vrrp). If they are both going to the same AS, there's probably not much of a need to run iBGP either. This is probably ideal for load balancing. Just put default routes into both routers pointing to whatever IP is on the other side of the connections. Point the PIX (whose code needs upgraded (: ) to the virutal GLBP IP. Dont run any routing protocols between your two routers.. I would say the only routing that needs to be done is advertising your network to AT&T(?) via BGP. Dont even receive routes from them, just use your default routes.
olorunloba hasn't taken into account that your ISP connections go to the same ISP (AT&T, i think). you would *probably* be receiving the same routes via BGP over both connections, making iBGP pointless.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...