Link to home
Start Free TrialLog in
Avatar of cliffordgormley
cliffordgormleyFlag for United States of America

asked on

HSRP and BGP on two routers

I have two Cisco 2821 Routers on my Internet Edge, Router1 and Router2.
I will use HSRP on the two routers' internal interfaces (the default gateway for the internal hosts).
In the 'normal' condition, all of the packets that are sourced from the Internal network will be sent through Router2.

I will be using BGP on the two routers' external interfaces.
I want to advertise the link through Router1 as the preferred link over Router2.

Thus, in 'normal' conditions, packets that are sourced from the internal network will use Router2 to forward their packets to the Internet, and the responses to those packets will return through Router1.

Conversely, in 'normal' conditions, packets that are sourced from the Internet will use Router1 to forward their packets to the internal network, and the responses to those packets will return through Router2.

I want to set it up this way to acheive Load Balancing and Failover.

Both routers connect to the same internal switch.

Will this cause a problem?  I am concerned, because packets will basically leave one router and return through the other router.
Avatar of JFrederick29
JFrederick29
Flag of United States of America image

It's only an issue if you are doing NAT on the routers.  If you are not, then it's not a problem...
Avatar of cliffordgormley

ASKER

JFrederick29
I was concerned about the TCP-Established ACL on my router.  If a packet leaves the internal network to the Internet, how will the response make it back THROUGH the other router, if it has not 'learned' the tcp-establish info (TCP sequence #??).  As the 'outgoing' router is the one that learned the information?
Thanks!
It's not a problem as it's not keeping state information about the connection like a stateful Firewall would.  The TCP established rule simply allows any TCP packet with the ACK flag set (return traffic)...
Thanks for the reply JFrederick29.
In response to  your reply, though, if the internal lan initiates Packet #1, and that packet gets sent out through Router1 to the Internet, and the Reply is received from the Internet on Router2, will Router2 simply let the reply come back in because the ACK bit is set?  In other works, is the ACK bit the only portion of the packet that Router2 will look at (.i.e, Router2 will not look at TCP Sequence Numbers??).
Thanks again for your help so far JF.
ASKER CERTIFIED SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
execellent thanks JF