marrj
asked on
Cisco ASA Load Balance Default Route
I am trying to set up a config that will load balance between two default routes on my Cisco ASA5515. I want to avoid a "black hole" when a link goes down by using conditional tracking. Would this config work?
Pertinent Routing Configuration
(Configure Tracking for Static Default Routes For Automatic Failover)
#sla monitor 101
#type echo protocol ipIcmpEcho 1.1.1.1 interface outside
#exit
#exit
#sla monitor 101 schedule life forever now
#track 101 rtr 101 reachability
#sla monitor 100
#type echo protocol ipIcmpEcho 1.1.1.2 interface outside
#exit
#exit
#sla monitor 100 schedule life forever now
#track 100 rtr 100 reachability
(Basic Static Route Config)
#route 0.0.0.0 0.0.0.0 1.1.1.1 track 101
#route 0.0.0.0 0.0.0.0 1.1.1.2 track 100
Pertinent Routing Configuration
(Configure Tracking for Static Default Routes For Automatic Failover)
#sla monitor 101
#type echo protocol ipIcmpEcho 1.1.1.1 interface outside
#exit
#exit
#sla monitor 101 schedule life forever now
#track 101 rtr 101 reachability
#sla monitor 100
#type echo protocol ipIcmpEcho 1.1.1.2 interface outside
#exit
#exit
#sla monitor 100 schedule life forever now
#track 100 rtr 100 reachability
(Basic Static Route Config)
#route 0.0.0.0 0.0.0.0 1.1.1.1 track 101
#route 0.0.0.0 0.0.0.0 1.1.1.2 track 100
The ASA cannot do load balancing, only failover.... for the most part.
You can configure dual default routes and make nat statements in such a way that you will get a load balanced result, but this is not a recommended design and it may or may not work in your environment altogether. It would probably be better to either have the routers do all the load balancing (and either have the ASA still configured for failover or the routers configured as FHRP) or have the ASA participate in a dynamic routing protocol such as OSPF or EIGRP in order to get some active balancing.
You can configure dual default routes and make nat statements in such a way that you will get a load balanced result, but this is not a recommended design and it may or may not work in your environment altogether. It would probably be better to either have the routers do all the load balancing (and either have the ASA still configured for failover or the routers configured as FHRP) or have the ASA participate in a dynamic routing protocol such as OSPF or EIGRP in order to get some active balancing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, both ISPs are advertising a default route only. Your question regarding my configuration so that the path back to me is determined from the outside is not clear to me. I was under the impression that this is the default behavior for BGP. So, to my knowledge, it is prepending. I did take your advice, somewhat, and go for the first-hop redundancy at the edge routers. I have posted my design for verification here. I will still award you the points for this question though. Thank you for your input. https://www.experts-exchange.com/questions/28166366/Multihomed-Site-Edge-Design-Verification.html
ASKER