Load Balancing b/w two cisco router
Hello Friends,
Please advise me,We are using two Cisco Routers with F5 Load balancer,
Router A (Cisco 2811) has one ISP configured
Router B (Cisco 3825) has the other ISP configured
ISP on Router A has 5 Mbps Bandwidth
ISP on Router B has 10 Mbps Bandwidth
My Doubt is if the load balancer is down,how to utilize the ISP (or) How to divert the connection ?
Here i have attached my N/w diagram for ur reference..........
Can someone solve my question.............please
Thank you.
Hi Mohamed,
With default routing in use you can just configure one default route on each router But it would only do load sharing not load balancing.
PFR(performance routing) is a better solution but have never tried with two diffferent router series. Also need to validate if the router series you are using supports PFR.
Regards,
Sathvik K V
Similar Messages
-
How do I load balance TFTP between two servers and a client on the same subnet?
Hi,
I have trawled through several documents and tried umpteen different configs, all to no avail. I have a PXE boot client trying to access a boot file via TFTP from a couple of TFTP servers on the same VLAN/subnet. For HA purposes I want to load balance the two TFTP servers.
Config is currently;
=====
probe icmp ICMP_PROBE
description icmp probe for default gateway tracking
interval 5
passdetect interval 15
rserver host server1
description Server1
ip address 10.0.0.1
inservice
rserver host server2
description Server 2
ip address 10.0.0.2
inservice
serverfarm host serverfarm_01
description servers used
probe ICMP_PROBE
rserver server1
inservice
rserver server2
inservice
class-map match-all L4_VIP_TFTP
10 match virtual-address 10.0.0.10 udp eq 69
policy-map type loadbalance first-match L7_TFTP
class class-default
serverfarm serverfarm_01
policy-map multi-match L4_LB_VIP_POLICY
class L4_VIP_TFTP
loadbalance vip inservice
loadbalance policy L7_TFTP
loadbalance vip icmp-reply active
nat dynamic 1 vlan 200
interface vlan 200
ip address 10.0.0.250 255.255.255.0
nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.255 pat
service-policy input L4_LB_VIP_POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.254
=====
I have read the doco by Ivan Kovacevic amongst many others but as my clients and servers are on the same subnet, the config doesnt work.
Can anybody point me in the right direction please. The devices are ACE 4710 running A3(2.3).
ThanksTry using the following configuration:
Note: Please make sure to configure also a udp probe to probe udp port 69, in case the application is down.
You need to configure a management policy on the interface when using a UDP probe.
That is because, when port 69 on the server will be unreachable, the server will send an ICMP unreachable.
ACE will consider a udp probe as "failed" only when it sees ICMP unreachable.
Without a management policy-map, the ICMP unreachable message will be dropped.
Also, add an ICMP probe to the rserver because udp probe will not be enough when the physical interface will be down.
That is because UDP is a connection-less protocol. To consider a UDP probe successfull, ACE need to see NO answer from the server in respose to the probe.
The ACE will not see any answer from the server when the interface is down and thus, will consider the probe as "sucessful".
With ICMP probe attached to the rserver, you also test the reachability of the server and not only the UDP port.
Here is the configuration (of course, you can chage the names of the of the objects to the name you are using if you want) :
access-list ALL line 10 extended permit ip any any
probe udp TFTP
port 69
interval 5
passdetect interval 15
probe icmp ICMP_PROBE
interval 5
passdetect interval 15
rserver host TFTP_1
ip address 10.0.0.1
probe TFTP
probe ICMP_PROBE
inservice
rserver host TFTP_2
ip address 10.0.0.2
probe TFTP
probe ICMP_PROBE
inservice
serverfarm host TFTP-SFARM
rserver TFTP_1
inservice
rserver TFTP_2
inservice
sticky ip-netmask 255.255.255.255 address source TFTP-STICKY
timeout 10
replicate sticky
serverfarm TFTP-SFARM
class-map type management match-any MANAGE
2 match protocol icmp any
class-map match-all NAT
2 match virtual-address 0.0.0.0 0.0.0.0 udp any
class-map match-all TFTP
2 match virtual-address 10.0.0.10 udp eq 69
policy-map type management first-match MANAGE
class MANAGE
permit
policy-map type loadbalance first-match ROUTE
class class-default
forward
policy-map type loadbalance first-match TFTP-POL
class class-default
sticky-serverfarm TFTP-STICKY
policy-map multi-match TFTP-MULTI
class TFTP
loadbalance vip inservice
loadbalance policy TFTP-POL
nat dynamic 1 vlan 212
class NAT
loadbalance vip inservice
loadbalance policy ROUTE
nat dynamic 2 vlan 212
interface vlan 212
ip address 10.0.0.250 255.255.255.0
no normalization
access-group input ALL
nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.0 pat
nat-pool 2 10.0.0.10 10.0.0.10 netmask 255.255.255.0 pat
service-policy input TFTP-MULTI
service-policy input MANAGE
no shutdown
Let me know how it goes.
Good luck! -
Load balancing by equal cost Static Routes
Hello All,
I have 2 WAN links for Internet connectivity and I want to load balance IP traffic on both links. If I use 2 default routes like this,
ip route 0.0.0.0 0.0.0.0 serial 0
ip route 0.0.0.0 0.0.0.0 serial 1
then its enough to achieve load balancing or I have to configure following interface configuration command.
(config-int)# ip load-sharing per-packet
Kindly advice.
Regards,
Mujeebhi ankurbhasin. I have one doubt pertaining to per-packet load-sharing. In order to connect my two remote sites- A & B, Site A is having two WAN links and Site B is having two WAN links - one from ISP1 (30Mbps link) and the other from ISP2 (50Mbps link). I am doing static route load balancing using same AD values for both the ISPs. I have configured "ip load-sharing per-packet" on both the outgoing interfaces.
The load is getting distributed equally across both the links but total bandwidth utilization across both the links is not going beyond 30Mbps. The combined bandwidth of both links is 80Mbps (50+30). However links are not getting fully utilized even though heavy load is there on the links. Can you please tell me how to make full use of both the wan links at both the ends? -
Load balancing the R12 two application node
Hi,
We are having 2 Application node(running all the services) with all the services running,
I wanted to any option is there to load balancing the Two application nodes without having Hardware or DNS load balancing.
Regards
VasuVasu,
You can configure Oracle Web Cache as a Load Balancer.
Note: 380486.1 - Installing and Configuring Web Cache 10g and Oracle E-Business Suite 12
https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=380486.1
WebCache 10g (10.1.2.2) Certified with Apps 11i and 12
http://blogs.oracle.com/stevenChan/2007/08/webcache_10g_10122_certified_w.html
Regards,
Hussein -
Per Packet load Balancing in Cisco Switches
Hi Team,
Can we enable per packet load balancing/sharing in cisco 3560 and 4948 Switches ? I can see two routes are installed in routing table for a destination prefix but for traffic to specific destination is not going across both the link. The option what i am getting in command line is ip load-sharing per-destination but not ip load-sharing per-packet.
Please do let me know is there any option to do per-packet load balancing
I have tried disabling route-cache, cef etc.. no result.
Rgds
RamaHi Ramachandra,
On both these platforms per packet load balancing is not surpported. it is a feature mostly seen in routers.
it can use the following variables for the load sharing hash (but the per packet is never used)
Source ip
Dest ip
Source tcp port
Dest tcp port
so you can configure flow based sharing based on above parameters on both the switches.
The more random variables going into the hash equation the more likely of an even distribution across links.
The src/dst ports in the equation gives us this randomization. If the same (static) variables go into the hash, the
same link is chosen.
Follow this link for more details:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/cef.html#wp1150531
cheers,
sandeep -
Load balancing between two interfaces on 2811
Hi,
We have a 2811 router with VPN and NAT configured. We have two internet connection from different ISPs. The speed of our original connection is 2MB up and down. The speed of our new connection is 1MB up and down. We want to configure load balancing between the two connections. Our new ISP has provided us with a CISCO 837 router. We want to connect that router into our 2811 on one of the free WIC card and then configure load balancing between the two interfaces on our 2811. The third interface has a local address configured. Please suggest where to start. I tried searching on net for any configuration example but I was unable to find any particular example with commands. I am new on CISCO platform. Any help will be hugely appreciated. Thanks in advance.Raju,
you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
ip route x.x.x.x "WAN-interface"
ip route x.x.x.x "secondary router"
ip route y.y.y.y "WAN-interface"
ip route y.y.y.y "secondary router"
etc.
As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
HTH, Thomas -
Load balancing between two routers
I have two routers connected through the LAN connection. The first one is using as routing protocol EIGRP, the other one is part of the managed service and I do not have access to it. I would like to make a load balancing between the two of them by redistributing the static routes in EIGRP. When I tried this, I am loosing the EIGRP entry for this route in the routing table. I would like to have both of them , so we could have traffic sharing. I appreciate if you give me any hints.
Raju,
you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
ip route x.x.x.x "WAN-interface"
ip route x.x.x.x "secondary router"
ip route y.y.y.y "WAN-interface"
ip route y.y.y.y "secondary router"
etc.
As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
HTH, Thomas -
Two active active ISPs with load balancing, publishing and VPN connection
Hi,
I wonder how to enable a scenario where i have to use two ISP's to share 30/70 load on our internet traffic, have to configure almost 60 internal websites already published using microsoft TMG firewall and connect client VPN connections and site-to-site vpn connections. I know that ASA firewall has limitation when using security contexts. Is good idea that how to achieve this gool?
I previously tried connecting four sites running ASA devices with this fifth site running Microsoft TMG firewall but i was able to connect only two ASA firewalls using site-to-site VPN, though I was able to connect remaining two as well but last two were not able to access ASA-TMG resources. furthermore behavious of two ASA-TMG connected sites was strange: sometime i was not able to access cross site resources from one machine but was able to do so from another machine.
I noticed that two of ASA sites connected with TMG site has different internal IP class (e.g site one 192.168.0.* and site two using 172.16.*.*) while remaining two have same class like the first site e.g 192.168.128.* and 192.168.100.*
Did anyone has experiance connecting TMG-ASA with multiple sites within same IP class scenario?
OR
How to enable same features using Cisco devices as they are on a single Microsoft TMG?
Best,
Saulat (Contact# 0092-321-4025587)Sulat,
You can load balance between the two ISPs. That is not possible. But, we do have some options that I have discussed here:
Hope the above link gives you some ideas to utilize both your ISP links.
-Kureli -
2 load balancing process in one router ?
Dear,
Please I have case and I want your help for this case
Our enterprise company has 7 modems (adsl+sdsl)
we want to reach internet access continuty so we will do load balancing betwen this modems by router support feature of load balance
when I searched about this router I found multi wan router CISC0 RV 016
that support up to 7 modems load balanced together
but in reality I want to load balance between the first 3 modems to act as one modem to some users
and load balance between the other 4 modems to act as one modems for other users
(I mean I want one router act as 2 routers independent of each other each one do load balancing process)
So I want router support minmum 2 loadbalancing process
If CISCO RV 016 support this feature please tell me how?
and if not,please give me examples to another CISCO routers support this feature
I appreciate your reply
Thanks in advanceHi,
you can load-balance per IP prefix with PBR( not available on RV016 I think) but I'm not sure you can use multiple interfaces for a particular prefix with this method. I'll try to lab it up this evening and let you know.
Regards.
Alain -
Cisco ACE - Firewall load balancing
I am using two sets of ACE load balancers for load balancing traffic across two firewalls (firewall load balancing).
The solution works fine. I have a virtual address of 0.0.0.0 in either direction to match traffci going from the internal users to the internet and vice versa.
The problem is that when I try to manage the load-balanced firewalls (either using SSH (or) HTTPS) from outside, then that connection also gets load balanced and when I try to connect to FW1 then sometimes this connection ends up on FW2 and vice versa and the connection gets dropped. I have a workaround in place where i am using a virtual address per firewall to connect to the real IP address of the firewall.
Is there any other way of managing firewalls (which are defined as real-servers) in a FWLB setup.
Attached is the configuration of the external ACE which has the two firewalls defined as the real-servers.
access-list ALL line 8 extended permit ip any any
probe icmp ICMP-Probe
interval 15
passdetect interval 60
rserver host FW1-ASA
ip address 10.11.71.10
inservice
rserver host FW2
ip address 10.11.71.11
inservice
serverfarm host Firewalls
transparent
predictor leastconns
rserver FW1-ASA
inservice
rserver FW2
inservice
serverfarm host Firewalls-NO-LB
rserver FW1-ASA
inservice
serverfarm host Firewalls-NO-LB1
rserver FW2
inservice
sticky ip-netmask 255.255.255.255 address source new-sticky
timeout activeconns
serverfarm Firewalls
This is my workaround for connection to the IP address of the firewalls (for management)
class-map match-any FW-Real
2 match virtual-address 10.11.71.254 any
class-map match-any FW-Real2
2 match virtual-address 10.11.71.253 any
class-map type management match-any Remote-Access
201 match protocol telnet any
202 match protocol http any
203 match protocol https any
204 match protocol ssh any
205 match protocol snmp any
206 match protocol icmp any
class-map match-any fwlb
2 match virtual-address 0.0.0.0 0.0.0.0 any
policy-map type management first-match Remote-Management-Policy
class Remote-Access
permit
policy-map type loadbalance first-match FWLB-No-LB
class class-default
serverfarm Firewalls-NO-LB
policy-map type loadbalance first-match FWLB-No-LB1
class class-default
serverfarm Firewalls-NO-LB1
policy-map type loadbalance first-match FWLB-l7slb
class class-default
serverfarm Firewalls
policy-map multi-match Firewall-No-LB
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
policy-map multi-match Firewall-No-LB1
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
policy-map multi-match int70
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input Firewall-No-LB --> connect to the real IP address of the firewall for management
service-policy input Firewall-No-LB1 --> connect to the real IP address of the firewall for management
service-policy input int70
no shutdown
interface vlan 71
description "Firewall side"
ip address 10.11.71.2 255.255.255.0
mac-sticky enable
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
no shutdownHello,
as i know, there is no others ways.
You can only reduce your configuration by puting all your class undert the same policy-map:
policy-map multi-match int70
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input int70
no shutdown -
Solution load Balancing for two Servers run Sun One Web Server 7.0
Hi All ,
I must configure load balancing web server for two server . Could you tell me Solution ?
Please help
Thanks .The following should help you configure Web Server to reverse proxy (load balance) to your two backend servers.
[http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy|http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy] -
If equal cost routes exist, OSPF uses CEF load balancing?
Hi All,
Can anyone explain about:
. If equal cost routes exist, OSPF uses CEF load balancing?Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Rick is correct, but if his response, with mine, causes any confusion. . .
To OP's original question:
If equal cost routes exist, OSPF uses CEF load balancing?
The answer is technically no, for the reason Rick describes.
But if we rephrase, such as:
Does CEF load balance across multiple equal cost routes generated by OSPF?
The answer would be yes.
I suspect the latter question is what the OP really had in mind, but again, Rick is correct to distinguish that OSPF doesn't use CEF. -
Disable load balancing on dual PRIs - 3640 with MICA modems for dial out
We have a custom application that connects through reverse telnet to a Cisco 3640 that has 2 NM-24DM modules and 2 PRIs connected to it. Currently all outgoing calls are getting load balanced over the two PRIs. I need to change that so that all calls go over the first PRI and when all channels are used up, it starts using the second PRI. Seems like a simple enough thing to do but I can't figure out how to.
Here is my config
Current configuration : 1401 bytes
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname DIALOUT01
boot-start-marker
boot-end-marker
enable secret 5 xxxxxxx
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip routing
no ip cef
no ip domain lookup
ip domain name xxxxxxx.xxx
isdn switch-type primary-ni
controller T1 0/0
framing esf
linecode b8zs
pri-group timeslots 1-24
description xxxx
controller T1 0/1
framing esf
linecode b8zs
pri-group timeslots 1-24
description xxxx
interface FastEthernet0/0
ip address dhcp hostname dialout01
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
interface Serial0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
no fair-queue
no cdp enable
interface Serial0/1:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
no fair-queue
no cdp enable
no ip http server
control-plane
line con 0
line 33 56
modem InOut
modem autoconfigure type mica
transport preferred telnet
transport input telnet
transport output telnet
line 65 88
modem InOut
modem autoconfigure type mica
transport preferred telnet
transport input telnet
transport output telnet
line aux 0
line vty 0 4
password 7 xxxxx login
end
Thanks,
ShahidIf I understand the question I think that isdn bchan-number-order is the command you are interested in. I think it detaults to round-robin, sounds like you want ascending (that is isdn bchan-number-order ascending). It is an interface subcommand.
See http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_ibcac.html#wp1055853
That may only apply to native ISDN calls and not MICA based calls, but see if that helps. -
Hi
Two node Exchnage 2010 DAG. All server roles on the same boxes.
CAS high availability using Cisco load balancer.
We have some applications they are relaying using Exchange 2010 Hub. They are configured using the vip of the load balancer.
The problem is, that they are unable to relay to external recipients, internal is no problem. Using the Hub directly works fine.
What could be the problem?
Regards
PeterFor those who still monitor this thread,
The issue here is that the HLB is not configured to Use Source IP. In the Netscaler world, this is configured on a device or load balancer level and is referred to as USIP. (Use Source IP) If Source IP is not configured, the HLB will pass
the traffic to Exchange using the HLB's interface. You can configure this IP as an allowed IP address on your relay connector, but this is a big security risk as previously stated because all traffic that is routed through the HLB has rights to relay.
Concerning the network guy in PeterN22's post, open connections can be a problem and can cause port saturation if you are using an (*) as a wildcard on your RPC load balancing service. I have had much better luck, across all my load balanced deployments
(Citrix, Kemp, Cisco, etc.), when I use static port assignments on all load balanced services. For example:
SMTP - 25
RPC - 59532
OAB - 59533
HTTPS - 443
POP - 110
etc.
Exchange 2013 load balancing is now stateless and doesn't rely on Source IP, but this same issue with SMTP will occur if Source IP is not used. I know this is a recap of some of the other posts, but hopefully the additional information is helpful for
someone who may come across this post. -
Hi
I have a 7505 with two CIP cards in and a 4port token ring card (amongst other things). The 7505 will have 2 escon connections to the mainframe.
I wish to implement CLAW load balancing across the 2 CIP cards, although the clients will use one IP address to access the mainframe. Is this possible with CLAW or should I consider another method.
Any advice would be greatly appreciated.
RegardsHi Karl,
Sure, there are several ways to do this. It's likely that you want to use a virtual IP address (VIPA), and run a routing daemon (OSPF or RIP) on the mainframe. With that in place you can use equal cost routing to take advantage of the multiple paths. The mainframe stack also allows you to do the same for outbound traffic. The usual recommendation is to use per-flow/session allocation rather than per-packet for traffic in both directions.
For more functionality, things like server health probing, deep packet inspection, various session allocation algorithims, geographic balancing, etc you can add the appropriate load balancing technology.
http://www.cisco.com/en/US/products/hw/contnetw/index.html
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps780/index.html
There is also a Cisco load balancing solution designed primarily for the mainframe, as shown in this IBM Redbook.
http://publib-b.boulder.ibm.com/Redbooks.nsf/RedpieceAbstracts/sg246297.html
Rgds, Dan
Maybe you are looking for
-
Don't know why format change happen or how to get back to normalcy. Can't access my Inbox nor read mail.
-
UD CODE OF RESPECTIVE PLAN SHOULD BE AVAILABLE IN F4 FUNCTION
Hi Guys, I have made the configuration for the U.D code for each Inspection type. Based on the origin of inspection I want only respective U.D code should show in the F4 function. Eg: If the Origin of inspection lot is G.R then in U.D code F4 functio
-
I just downloaded the new Pages today from Apple, and went to start working on some exisiting documenation. I've quickly realised that the new version excludes the ability to automatically update filenames as 'inserts' inside documents. Very useful f
-
MDD can't recognize drive connected via PCI card
Hello there, I tried connecting a new Maxtor ATA100 drive to my MDD via a Sonnet TEMPO ATA100 PCI card. Everything works OK except that the drive doesn't mount. Disk Utility doesn't "see" it and get this, ... when I tried opening System Profiler to s
-
I can't edit my donwloads. The organizer photos have an orange icon at the top left corner and the find offline volumem - edit pops up when I try to edit the pictures. Also, the downloaded pictures don't show up in "My Pictures" document. How can