HSRP load-balancing ?

Similar Messages

• EIGRP load balancing when using HSRP on LAN

  Hi 
  I have a question about my topology. I have two routers  with EIGRP on both of them connected through 2 ISPs to other site. On those routers i have HSRP runing. Now my question is: HSRP is standby/active protocol so when one router act as active will it send data to other site only through one ISP??? will load balancing work on WAN side? will routers use both ISPs or just one- the one which is active in HSRP when sending data???

  Hi sotiris_pafitis, may be I didn't understand what you mean but if the idea is to configure one static on each router  (pointing it's ISP) and redistribute it in EGRIP, I disagree: is useless because the other router will prefer the static route due to its better administrative distance. Using EIGRP unequal load balancing is useless because  it balanced EIGRP path with different metric, not different Administrative distance. Isn't it ?
  If you want to use static route simply configure two static route on each router: one though WAN interface and the other through the LAN.
  For example:
  R1#conf t
  ip route 0.0.0.0 0.0.0.0 192.168.13.3
  ip route 0.0.0.0 0.0.0.0 192.168.12.2
  The result is:
  R1#sh ip route 0.0.0.0
  Routing entry for 0.0.0.0/0, supernet
    Known via "static", distance 1, metric 0, candidate default path
    Redistributing via eigrp 100
    Advertised by eigrp 100
    Routing Descriptor Blocks:
    * 192.168.13.3
        Route metric is 0, traffic share count is 1
      192.168.12.2
        Route metric is 0, traffic share count is 1
  In any case I think static router is not a good choice: in case of a fault on ISP 1, WAN interface can remain up producing a routing blackhole. If possible it's better to have a dynamic routing protocol between router and ISP, receving the default route and changing delay on interf to have the same metric for both  the path 
  Bye,
  enrico

• Load Balancing on 837 router

  HI Prof,
  I've two cisco 837 router with cisco IOS 12.3 currently. I would like to configure load balancing on both the router, have tried to configure GLBP but it show me that the hardware not supported.
  Is there any other protocol or technology to achieve my desire?
  Thank and Advice.

  What are your requirements. Do you have multiple segments to support? Are you only looking for load-balancing or do you have a high availibility requirement?
  In that case you can use multiple HSRP groups for instance.
  Do both 837 routers have a separate xDSL connection?
  Are you using NAT to translate between private and public address pools?
  There is more than one solution to achieve load-balancing. Please answer the above questions and if possible draw a simple diagram of your desired topology.
  HTH
  Leon

• How can I design Load Balancing for distant Datacenters? without single point of failure

  Dear Experts,
  We are using the following very old and passive method of redundancy for our cload SaaS but it's time to make it approperiate. Can youplease advise:
  Current issues:
  1. No load balancing. IP selection is based on primary and secondary IP configurations. If Primary fails to respond, IP record for DNS changes to secondary IP with TTL=1min
  2. When primary server fails, it takes around 15 min for clients to access the servers. Way too long!
  The target:
  A. Activate a load balancing mechanism to utilized the stand-by server.
  B. How can the solution be designed to avoid single point of failure? In the previous example, UltraDNS is a single point of failure.
  C. If using GSS is the solution, how can it be designed in both server locations (for active redundancy) using ordinary DNS server?
  D. How can HSRP, GSS, GSLB, and/or VIP be used? What would be the best solution?
  Servers are running ORACLE DB, MS SQL, and tomcat with 2x SAN of 64TB each.

  Hi Codlick,
  the answer is, you cannot (switch to two web dispatchers).
  If you want to use two web dispatchers, they need something in front, like a hardware load balancer. This would actually work, as WD know their sessions and sticky servers for those. But remember you always need a single point for the incoming address (ip).
  Your problem really is about switchover groups. Both WD need to run in different switchover groups and need to switch to the same third software. I'm not sure if your switchover software can handle this (I'm not even sure if anyone can do this...), as this means the third WD needs to be in two switchover groups at the same time.
  Hope this helps,
  Regards,
  Benny

• Load-balancing vs Load-sharing (L2/L3)

  What is the difference in load balancing and load sharing. Can you generalize load-balancing to layer two? Or layer three protocols also do this, except BGP?
  FHRPs like VRRP, GLBP, and HSRP are essentially load sharing protocols (except GLBP though). Loop prevention mechanisms like MSTP, G.8032, and REP also do not do load balancing I guess. Instead they offer a way to distribute (share) traffic over multiple links unevenly. Why do people still call it load-balancing?
  While link aggregation may truly be considered load balancing. Where traffic can be balanced based on a few attributes ( src-dst/mac, ip, port).
  And what role does fast-switching/process-switching play in load balancing. I am aware that these are the very processes that ultimately do load-balancing, given enough equal cost paths. Does CEF really take load balancing to another level? It still does the same job, but by caching flow data (RIB) to the CEF table, doesn't it?
  Incase of IGP, load-balancing may be possible, but BGP just doesn't support it. Because it only selects one best route (?). Even with multipath, BGP advertises best path only; it does install multiple routes in routing table though. So IGP does the balancing?

  What is the difference in load balancing and load sharing. Can you generalize load-balancing to layer two? Or layer three protocols also do this, except BGP?
  FHRPs like VRRP, GLBP, and HSRP are essentially load sharing protocols (except GLBP though). Loop prevention mechanisms like MSTP, G.8032, and REP also do not do load balancing I guess. Instead they offer a way to distribute (share) traffic over multiple links unevenly. Why do people still call it load-balancing?
  While link aggregation may truly be considered load balancing. Where traffic can be balanced based on a few attributes ( src-dst/mac, ip, port).
  And what role does fast-switching/process-switching play in load balancing. I am aware that these are the very processes that ultimately do load-balancing, given enough equal cost paths. Does CEF really take load balancing to another level? It still does the same job, but by caching flow data (RIB) to the CEF table, doesn't it?
  Incase of IGP, load-balancing may be possible, but BGP just doesn't support it. Because it only selects one best route (?). Even with multipath, BGP advertises best path only; it does install multiple routes in routing table though. So IGP does the balancing?

• Load balancing Internet and Site to Site VPN's across Multiple ISP.

  Hi Everyone,
  We  are currently connected to a single ISP with different Internet related  services like mail, web, dns and IPSEC site to site VPN's running. We  would be adding another ISP and do load balancing across these multiple  links. We are using Cisco ASA firewall.
  Can anyone suggest a load  balancer which can not only provide load balancing of the links but  failover as well for mail,web and IPSEC Site to Site VPN's. I came  across Peplink that can achieve this but I guess I will have to  decommision our ASA in order to install Peplink.
  Check attached diagram, this will be our proposed design.
  Regards

  Hi Sundeep,
  The simplest solution would be to put an IOS router (or two with HSRP) between the ASA and the ISPs and do policy-based routing for your flows between the 2 ISPs. Otherwise, any load balancer should work fine with the ASA. If failover of the load balancer is a requirement, you'll need to look at product specific documentation for whichever solution you choose.
  -Mike

• ASA Load-Balancing intriguing question

  I have a setup where the inside interface may be in the same private subnet, but the outside interfaces, are most likely in different public subnets.
  For example. inside on both ASA: 192.168.1.1 and 192.168.1.2 /24 and the public connected even to two different ISPs.
  My guess is that I would probably lose the possibility for failover of the master for load-balancing, in case this ASA goes down, but nevertheless, I would be still interested in that users connect to the same public ip, and that the master gives the fqdn of the other ASA, and balance their Anyconnect entry into the network between both ASAs. Does this works this way?
  I mean, does this vpn load-balance feature talks only accross the inside network, or it needs to have same outside subnet mask? Is it a trick of the mask in the interface? 
  If not, is there a way around that? like this, if use a bogus outside interface and tunnel it somehow to the other outside in the other ASA, will still the offering of fqdn be on, so that the client connects to the other "real" public IP? 

  you cant route based on source ip with firewall only with router possiable by PBR
  you can make to static routes each one point to deffrent router with deffrent metric
  in this case it will make the topology like active standby which not good in your case
  but you can use sub interfaces on your ASA intis case make each subinterface in deffrent subnet and deffrent security level
  and let each subinterface use deffrent hsrp instance
  or there is another way
  IF you dont use VPN on your ASA u can achive it by useing multiple context
  in multiple context you gonna separate your firewall virtualy
  so if you have two vlans in your inside network (two deffrent subnets)
  then each subnet will use deffrent firewall virtually
  u goona divide the internal interface to two subinterfaces
  and you can use one outside interface shred between the context or also separate it to two subinterfaces
  and allocate those interface to each context
  so you gonna deal with each context as deffrent firewall
  and you can use deffrent HSRP instance on each context
  but with multiple context you cant use VPN on the firewall
  *****use the following method*****
  THE OTHER WAY WHICH ALSO I SUGIST YOU TO TRY IT WHICH IS THE Transparent Firewall
  in the case your firewall will operate in L2 mode
  so you can use the routers HSRP IPS AS there is no firewall in the path
  which i thnk helpful in you case aslo
  in transperante mode the defaultgate way for your client will be the hsrp IP because the firewall will not have any IPs exept for managment
  also the useres will be in the same IP subnet as the gateway in your case HSRP VIP
  and also you can control the network security through the firewall normally
  try this way and let me know
  see the following link for configuration
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
  please, Rate if helpful

• Two 2911 routers and 3560 switches (load balancing and redundancy)

  Good day, Sir !
  I have a model with hierarchical model. Two routers 2911 and two core switches 3560, two providers.
  I want to design redundancy scheme. Can you advice me how is better to do it ? here you can find image with topology, can you say is it good idea to connect with devices in this way ?
  Hope on you help ! Thank you !!!

  Hi,
  If you want to configure redundancy in your network on LAN you can use HSRP and from the WAN side depending on the connection with the provider you can either use BGP or any IGP.
  If you want to have load balancing as well with redundancy you can define differnt  HSRP group for different  vlan and on the wan with BGP you can use multipath option or with IGP you can manipulate the route matric.
  Thanks & Regards
  Sandeep

• Load balance multicast stream

  Hi, i have the same stream coming from 2 different
  directions. The 2 routers in the multicast server are using hsrp. My question is, can i load balance the stream?The method in use is SSM.

  PIM (dense/sparse) will not load balance multicast packets due to prune behavior to prevent duplicate packets. However, GRE tunnel(s) can be used to "load balance" multicast traffic. There is also another global command "ip multicast multipath" which allows load balancing But it will only load balance If multiple sources exist for the same group(s):

• 6509 Load Balancing

  Hello guys,
  How can I implement load balancing and redundancy at my two 6509 Switch?
  Thanks in advance.
  Cheers!

  The easiest way would be to implement VSS. It may require a Sup and/or chassis upgrade.
  http://www.cisco.com/en/US/products/ps9336/index.html
  Another way is to implement first hop gateway redundancy using HSRP or GLBP.
  http://www.cisco.com/en/US/tech/tk648/tk362/tk321/tsd_technology_support_sub-protocol_home.html
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807d2520.shtml
  Hope that helps.

• Load Balance and failover over 2 lines.

  We have 2 x Cat 6509 with Sup720 and are running Native IOS.
  On Switch A, we have a 1GB link configured as an access link on Vlan 2 to DR site connected to a Cat 3550
  On Switch B, we have a 1GB Link configured as a trunk to the same DR connected to another Cat 3550
  We configured devices to be in VLAN 2 as we want them to use the 1GB link. And the 2nd 1GB link is a logical extension of our main site.
  Now, I want to configure these 2 x 1GB link so that they now act as failover as well as Load balancing.
  1. How do I do this?
  2. Will I need to move the 1GB link on Switch A to switch B
  3. Should I configure the Switch A link also as Trunk?
  Please help.
  Thanks

  Do your 3550s run EMI or SMI? If they run EMI, why not run dynamic routing protocol between the 3550s and the 6500s? OSPF would be a good one to use, if you have hierarchical IP addressing. If your addressing is not hierarchical, then use EIGRP.
  Other than this, the only other possible way I can think of is GLBP (http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a00801541c8.shtml)
  Prior to GLBP, you could also have used HSRP. But it's a bloody nuisance to configure, 'cuz you need to configure two different HSRP groups for the same pair of switches, then manually assigning different hosts/PCs to use different default gateways. As I said, bloody nuisance.
  HTH.

• Error while selecting Load Balancing in JCO creation

  While creating JCO i am facing this error.It is working fine with Single server connection,but when i chose Load balancing i error comes out.Please tell me the solution.
  I have read couples of forum mentioned you need to start both Portal and ECC.
  For you information my Portal and Java are both on diffrrent Box.
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=olameccpdvr GROUP=PUBLIC R3NAME=DVR MSSERV=sapmsDVR PCS=1 LOCATION    CPIC (TCP/IP) on local host with Unicode ERROR       service 'sapmsDVR' unknown TIME        Thu Feb 24 12:19:54 201 RELEASE     701 COMPONENT   NI (network interface) VERSION     38 RC          -3 MODULE      nixxhsl.cpp LINE        776 DETAIL      NiHsLGetServNo: service name cached as unknown COUNTER     5

  Is your backend system configured correctly in your SLD ?
  Go to transaction SMMS on your backend system that your are connecting to. Click on Goto=>Parameters=>Display. Look for "server port" value.
  This should give you the TCP/IP port for your message server. It could be 3600 or 3601 (36NN - where NN is the instance number).
  In your services file, if you made the entry at the end of the file, press Enter (Return) after your entry.
  Try restarting your server after making the above changes.
  - Shanti

• Error in creation of JCO with Load balancing server

  Hi,
  We are using a ABAP user base for our WEBAS server 6.40 (with ABAP+JAVA). i have created a Public group in concerned ECC 5.0 system. I have already configured SLD, and then i maintain data supplier bridge in SLD and run RZ70 in ECC 5.0 system to load system information.. i can see details in SLD ..
  now i am trying to create JCO connections .. here i am unable to create JCO with load balancing option..  i get
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=<servername> GROUP=PUBLIC R3NAME=SID MSSERV=sapms<SID> PCS=1 ERROR       service 'sapms<SID>' unknown TIME        Fri Jun 16 12:41:20 2006 RELEASE     640 COMPONENT   NI (network interface) VERSION     37 RC          -3 MODULE      ninti.c LINE        505 DETAIL      NiPGetServByName2: service 'sapms<SID>' not found SYSTEM CALL getservbyname_r COUNTER     1
  i am able to create single server JCO, but it fails in load balancing.. is there anything i have  missed out in settings...
  Thanks and regards,
  Sudhir

  Thanks, Bogdan Rokosa
  I have the same problem,and solved it following the steps provided by Bogdan Rokosa  :
  you must insert an entry for your R3 system
  (like: sapms<SID> 3600/tcp)
  in services file
  (C:\WINDOWS\system32\drivers\etc\services) on Java WAS.
  I test the Jco successful without restart J2EE Engine.

• ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

  Hello guys
  Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
  Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
  I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
  Thanks in advance
  Sayre

  Hello Sayre-
  For Question #1:
  Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
  You can configure Radius and Profiling to be enabled on other interfaces
  Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
  Take a look at this link for more info:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
  For Question #2
  If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations. 
  The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
  –Option 12—HostName of the client
  –Option 60—The Vendor Class Identifier
  After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
  Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
  On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
  http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
  I hope this helps!
  Thank you for rating helpful posts!

• SAP GLM Print Request - Load Balancing of WWI server

  Hi GLM Experts,
  I am using new GLM + module that generates labels based on Print Requests. I am unable to understand how I can load balance the WWI services when there are multiple label printing requests.
  In GLM + we associate a WWI to a Print Station and which can then be associated with a printer. So in the configuration we are tying up a printer a WWI.
  Also during label printing, if the scenario uses print request module, then the use need to select a print station and printer. What happens if the WWI related to the print station is down?
  For example I have two services in WWI server GENPC1 and GENPC2. I created WWII and WWI2 as two print stations. I will associate my printer PRNWWI to both the print stations WWI1 and WWI2.
  During label printing if the user picks and WWI1 and Printer PDNWWI and if the GENPC1 WWI server assocaited with print status WWI1 is busy and down I want WWI GENPC2 to generate the label?
  How to setup the above load balancing or fall back? Please let me know.
  Thanks
  Pugal

  Dear Pugal
  we are not using GLM + and I am not sure about the technqiue used there to handle load balancing. Regarding general WWI setup I assume you know this Note: EH&amp;amp;S: Availability and performance of WWI and Expert servers
  On the top there is a further SAP Note abvailable which might be of interest. This is referenced here:
  http://de.scribd.com/doc/191576739/011000358700000861002013-e
  May be check OSS note: 1958655; OSS Note 1155294 is more related to normal WWI stuff; but may be check it as well. May be 1934253 might help better
  May be this might help.
  C.B.
  PS: may be check as well: consolut - EHS_MD_140_01 - EH&amp;amp;S-Management-Server einrichten
  The load balancing of synchron WWi servers is donein the "RFC" layer, therefore you have no inffluence here, for asynchron WWI servers you can do a lot to manage the WWI load balancing by using "exits" etc.