Cisco 3560 Load Balancing

I have two offices interconnected by two fiber circuits from two separate providers.  Both offices are using Cisco 3560 layer 3 switches as endpoints for these circuits.  I have configured static routes with different administrative distances to essentially make one circuit the primary and the other the second; however, when the primary link fails, the secondary route does not go into effect since the interface isn't actually going down.  What I'd like to accomplish is load balancing/true failover.  How can this be done?
On switch one I have
ip route 129.47.33.0 255.255.255.0 10.0.0.2
ip route 129.47.33.0 255.255.255.0 10.0.1.2 50

On switch two I have
ip route 129.47.32.0 255.255.255.0 10.0.0.1
ip route 129.47.32.0 255.255.255.0 10.0.1.1 50

129.47.32.0/24 is office 1 LAN.  129.47.33.0/24 is office 2 LAN.  I inherited this ridiculous IP address scheme wherein the last admin was using public ip addresses for LAN ip addresses.
matthewiAsked:
Who is Participating?
 
rauenpcCommented:
For load balancing and failover, why not go with a dynamic routing protocol such as RIP, EIGRP, or OSPF? Using metric manipulation you can prefer one link over another, or if you don't manipulate any metrics it can do equal cost load balancing. The hellos in the routing protocol will allow failover when a link fails - whether the physical interface goes down or there is a problem somewhere in the ISP cloud. Your 3560 only needs the IP Base license to do the basic dynamic routing.

In GNS3 I quick lab'd the most basic config of two routers connected. Here's one side of the config (the other side is the same minus IP addresses):

R1#show run
Building configuration...

Current configuration : 1307 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.23.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 1
 network 0.0.0.0
 no auto-summary
 eigrp stub connected
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/156160] via 192.168.23.2, 00:00:14, FastEthernet1/0
                [90/156160] via 192.168.12.2, 00:00:14, FastEthernet0/0
C    192.168.23.0/24 is directly connected, FastEthernet1/0
R1#

Open in new window

0
 
sr75Commented:
Hot Standby Routing Protocol (HSRP) is designed for this.

here is how to configure it.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750e_3560e/software/release/12-2_44_se/configuration/guide/scg/swhsrp.html
0
 
Farooq567Commented:
The simplest way to do this is using the feature  in Cisco ios called Reliable static backup routes with IP SLA Tracking.
The configuration can be as under.
SW1

ip route 129.47.33.0  255.255.255.0 10.0.0.2
ip route 129.47.33.0 255.255.255.0 10.0.1.1 50

!

ip sla 1
icmp-echo  10.0.0.2 source-interface fa 0/1          ( i suppose this is the switch interface connected to provider 1)
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now

!
track 1 ip sla 1 reachability
!

ON SW-2
Change the route as follows:

ip route 129.47.32.0  255.255.255.0 10.0.0.1
ip route 129.47.32.0 255.255.255.0 10.0.1.1 50

Also make special note of the interface in IP sla portion. and change also this command as under.
icmp-echo  10.0.0.1 source-interface fa 0/1
check by shutting down the interface and see how long it takes for the backup route to take over.

Hope this helps.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
matthewiAuthor Commented:
Upon entering the command IP SLA 1 I receive the following output (while in config mode): % Invalid input detected at '^' marker.

The IOS version is 12.2(46)SE

So, does this mean my version of IOS does not support IP SLA and that I just need to upgrade the IOS?
0
 
Farooq567Commented:
What exactly is your ios image ?
0
 
Craig BeckCommented:
For EIGRP and ECLB you'd need to use GRE tunnels between the sites - it won't work over the internet or a layer-3 network otherwise.

If you can't do that you could use static routes and IP SLA.  If one of the trackers fails the affected static route will be removed from the routing table.  You'd need to make sure you ping a host at the remote site instead of something on the internet or the route would only be removed from one end of the link, allowing the other end to send traffic on the broken link and effectively lose the traffic.
0
 
matthewiAuthor Commented:
Thank you rauenpc. For my cousin Miley's understanding though, what happens when one wan link fails somewhere on along the ISP network but both the links are still up on my routers?  Won't EIGRP still advertise that route over the other path?
0
 
Craig BeckCommented:
With respect, why are you choosing a correct answer if you've not actually tried the solution?  I've already said that EIGRP won't work over a layer-3 link without a tunnel - no neighbor relationship will be formed.
0
 
matthewiAuthor Commented:
Craigbeck I have tried the EIGRP solution and it does indeed work. Neighbor relationship formed with no tunnel or any additional configuration.
0
 
Craig BeckCommented:
Ok fair enough.

I've just re-read the OP and I think I misunderstood the bit that said: "Both offices are using Cisco 3560 layer 3 switches as endpoints for these circuits.".  I took that to mean that the fiber circuits were actually internet circuits, not pure layer2 circuits.

I hold my hands up! :-)
0
 
matthewiAuthor Commented:
Thanks for your help craigbeck!
0
 
rauenpcCommented:
To answer your last question to me, EIGRP sends hellos at regular intervals, if the hello messages are not received for so many seconds, EIGRP will consider the neighbor to be down and remove all routes learned from said neighbor. You will form two neighbor relationships in your setup, one for each link even though the neighbor relationship is to the same device. This way intermediate failures are detected as well as physical port failures for each link.
0
 
Craig BeckCommented:
I have configured static routes with different administrative distances to essentially make one circuit the primary and the other the second; however, when the primary link fails, the secondary route does not go into effect since the interface isn't actually going down.
I'm interested... why does the interface not go down if the link fails?
0
 
matthewiAuthor Commented:
The interface won't go down if the problem is with the ISP network as I mentioned.  These are Metro Ethernet circuits.
0
 
Craig BeckCommented:
Ah ok, so the circuits don't directly plug into your 3560s then?  I got the impression that they did.  So the links terminate at the Met-E switch and your 3560s connect to the Met-E switch on the same VLAN.  Couldn't see that in the OP, that's all :-)

rauenpc's solution is absolutely the right one.  It's perfect for L2 Met-E.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.