Multihomed BGP and HSRP (again)

Posted on 2005-04-20
Medium Priority
Last Modified: 2013-11-30
This questions has seemed to be asked and answered but not exactly to my understanding...(my fault I am sure)
I currently have 1 x 3 meg connection to the internet. We are using BGP because that was the way it was when I took over management. We own a class c network which is announced via bpg to our ISP.
We are getting a new 3.0 meg connection from a different ISP on a different local loop for redundancy. Each ISP will be terminated on its own 7206xvr. Here is how it will look...

     ISP-A      ISP-B
        |            |         (3 meg each)  (Using MFR and MPPP to combine 2 T1's)
 RTRA---iGP---RTRB   (Routers are both 7206XVR with 256 of mem)
      Redundant Pix
     Core Switch (Nortel Passport - soon to be 6509)
        |              |           |  
 Dist Switch     SRV        SRV

My concerns are redundancy, automatic failover, load balancing.
I am confused between HSRP and GLBP.

Sorry about asking this question yet again but this seems to be a popular subject and I want to make sure that there is a clear answer.
I have also seen where I can stagger the announcements to do some outbound load balancing as well as some BGP tweaks to control manipulate inbound traffic.
Any thoughts on this would be appreicated.
Question by:mmahaney
  • 2
  • 2
  • 2
  • +1
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 13828298
HSRP is for redundancy, two routers join a group, each has a physical IP, they are both configured to respond
to a virtual IP, however, only one is active at a time. So the router with the higher metric will be the router who responds
for all ARPs on that segment. The other router will be in standby mode, it will become active only if it cannot talk to the other router. HSRP is for redundancy for outbound traffic only. You could use MHSRP to create multiple groups and balance outgoing
traffic on one router for vlan A and the other router for vlan B.

GLBP takes MHSRP to another level defining multiple VIPs for a single segment. In other words, you can use both routers
simualtaneously, providing redundancy at the same time for the same subnet.

Check it out:



Expert Comment

ID: 13828752
Short for Hot Standby Routing Protocol, a proprietary protocol from Cisco. HSRP is a routing protocol that provides backup to a router in the event of failure. Using HSRP, several routers are connected to the same segment of an Ethernet, FDDI or token-ring network and work together to present the appearance of a single virtual router on the LAN. The routers share the same IP and MAC addresses, therefore in the event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP and MAC address. The process of transferring the routing responsibilities from one device to another is transparent to the user.


Author Comment

ID: 13828964
I do understand all the fundamental concepts I just want to know what would be the best practice way to set up a multihome BGP environment with redundancy at the edge. I was hoping to get thoughts on what was though to be the best way to get this architected....
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.


Expert Comment

ID: 13831970
Coudl you give us more details:

C class is a part of the first ISP-s networks, right? Do you get another C-class form the other one?
You are using NAR, right, and you are translating to the first c-class, how will you move to the other one. If you want to be reached you have to announce your C-class on through noth providers, a very tough thing, I mean, they are very reluctant to do so...

HSRP is clear, you can set it up in two lines, just follow docs on CISCO site, and PIX will happily oblige, but what happends next?

If you have "your" C-class, what I doubt, then you have to ask your ISPs to announce it to their upstream ISPs....
LVL 32

Expert Comment

ID: 13833021
Follow the classic core-dist-access design . Nail down your layer 2 and layer 3 to route/switch traffic along a predictable path to the edge device. I do not agree with the placement of the firewalls, what kind of site is this?

I agree with Vladan, we need more details


Author Comment

ID: 13835007
Ok..it basically boils down to having the ability and need to have 2 different ISP's on 2 differnet local loops, on 2 differnet ingress routers. We own a class C space and will be announcing that space 2 both ISP's. This will enable us to have redundacy at the edge. I was thinking of doing GLBP on the 2 7206XVR's to load balance outbound internet traffic while either letting inbound traffic just pick best path or tweaking some BGP parmaters to try to get a better balance....depending on what the balance turns out to be.

Our core network will remain the same with dist switches connnected to a core switch which then fowards everything to the firewalls.

Vladan, can you explain why you do not agree with the placement of the firewalls. I have inherited this network and have researched some ways to re-architect it so I am intrested in your thoughts....


Expert Comment

ID: 13841012
Thanks for the additional info, mmahaney,

harbor235 explained both HSRP and GLBP, and the basic difference is that HSRP is fail-over redundancy, and GLBP is HA with load-sharing, but I can not justify the use in this particular case. With 3Mbps through each provider, it is hardly a bottleneck in your access to 7206 from PIXes, so I would use only HSRP, turn on IGP between border routers, as you said, and let the BGP decide which router is the best one to use to exit.

Basically, exactly the same as you have proposed.

On the other hand, I am not against your design, and would like to hear from harbor235. We have the same (more or less) architecture. We contain 60% of all traffic inside, the rest goes to the DMZ and to the Internet...

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question