Re: Load-balancing across four T1's on 2 routers

---

• From: "Sean-Usenet" <sean-usenet@xxxxxxxxx>
• Date: 31 Aug 2006 10:22:21 -0700

---

Hi Nathan

I looked a little at using GLBP, but I was concerned about how well it
would load-balance, since all traffic is going through the firewall.

- When the firewall receives its first packet, it will ARP for the mac
of the default gateway
- The GLBP AVG will respond to the arp request with the virtual mac of
itself or the other router
- Then the firewall will add this arp response it its arp cache and
forward the data packet
- Since the arp response is now stored in the firewall's arp cache, it
will not arp again until it expires, thus it will continue to use the
same router

In other words, GLBP load-balances on a per source host basis, and
unfortunetly becaues of the firewall there is only 1 host.

Does that make sense, or is my logic off somewhere?


Nathan Harmon wrote:

Sean-Usenet wrote:

I am setting up the following:

- 2 Cisco 2800 series routers, each has two T-1 internet connections.
- Those 2 routers are also connected to a 100mb layer-3 switch.
- Our firewall will also connected to that layer-3 switch.
- The firewall's' default gateway will be that layer-3 switch.
- The workstations are behind the firewall, and will use the firewall
as their default gateway

Well, if I were setting this up, I'm not sure I would need to use the
multilayer capabilities of the layer-3 switch. Is the Cisco 2800
capable of GLBP? If so, I would set up GLBP on both of the routers, and
make the load-balanced gateway address the default route for the
firewall. And then the routers can weigh their traffic capabilities and
load balance themselves.

Merv does bring up a good point about needing to mitigate the effects
of the ISP losing connectivity.

.

---

• References:
  • Load-balancing across four T1's on 2 routers
    • From: Sean-Usenet
  • Re: Load-balancing across four T1's on 2 routers
    • From: Nathan Harmon

• Prev by Date: Powersupply for 7604 router
• Next by Date: Re: Help: Cisco 1801
• Previous by thread: Re: Load-balancing across four T1's on 2 routers
• Next by thread: Pointer in the correct direction...
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Odd SonicWall behavior ... do you have an arp proxy enabled on your interfaces. ... Subject: Odd SonicWall behavior ... They have a webserver with some sort of vaguely sensitive ... > firewall for it and some of the other computers in the lab. ... (Security-Basics) RE: firewall 1 help ... Another GREAT source of info besides the Checkpoint support is ... running on Windows NT ... The common gotya is the need to manually update the windows ARP table, ... On the upstream router from the firewall: ... (Security-Basics) Windows server 2003 proxy ARP? ... I am using it as a firewall and it needs to ... The server ... I removed the firewall software and Windows still does not ... in the arp table. ... (microsoft.public.windows.server.networking) RE: [fw-wiz] Static ARP firewall advice ... I'm not sure why you'd want a packet filter to manage your ARP table, ... You can also use bridge and brconfig to filter by MAC address. ... If you want the ability to replace source IP address with source MAC ... While the current firewall is OBSD, ... (Firewall-Wizards)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2006-08