WAN PRIVATE LINE CONNECTION - NETWORK LOAD BALANCE, IP BASED POLICY, HA
I need help in configuring HA/load balance from Site A to Site B. Site A is the PRODUCTION and Site B is the BACKUP SITE. We have lease two Private line with two different providers running different speed. I need to configure Load Balance from Site A to Site B and vice-versa if possible, but i am more concert Site A to Site B.
We have Cisco 3850 on Site A, and two interfaces connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below. I greatly appreciate with the right directions.
Thanks a lot.
We have Cisco 3850 on Site A, and two interfaces connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below. I greatly appreciate with the right directions.
Thanks a lot.
atlas_shuddered
What is your routing protocol on the WAN?
Sounds like a job for BGP.
BGP won't get you inbound load balancing. OSPF on the LAN side will get you outbound load balancing but BGP will only populate the one gateway/LAN entry point into the route tables.
ASKER
we are using "EIGRP 100" on Site A and Site B. Please advise.
So you are running EIGRP over the WAN or on the LAN side?
ASKER
over the WAN. Se below configuration.
Site A 20.20.20.0/24
Site B 30.30.30.0/24
Below is my Site B routing protocol info.
site-B-Router#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: eigrp 100
EIGRP-IPv4 Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
EIGRP NSF disabled
NSF signal timer is 20s
NSF converge timer is 120s
Router-ID: 10.10.10.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
10.10.10.0/24
30.30.30.0
Routing Information Sources:
Gateway Distance Last Update
10.10.10.253 90 18:59:53
Distance: internal 90 external 170
Site A 20.20.20.0/24
Site B 30.30.30.0/24
Below is my Site B routing protocol info.
site-B-Router#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: eigrp 100
EIGRP-IPv4 Protocol for AS(100)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
EIGRP NSF disabled
NSF signal timer is 20s
NSF converge timer is 120s
Router-ID: 10.10.10.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
10.10.10.0/24
30.30.30.0
Routing Information Sources:
Gateway Distance Last Update
10.10.10.253 90 18:59:53
Distance: internal 90 external 170
Can you, please, provide edge router configurations and routing tables of those two routers (also, please, mask/change any public addresses, remove passwords etc. , but keep some basic logic when changing addresses)?
show running
sh ip route vfr *ASKER
Here you go. i tried my best to edit this file. (Show run and ip route)
ISP# 1 is on 10.10.10.0/24 (Point to Point)
ISP#2 is on 10.10.5.0/24 (Point to Point)
Primary site LAN (20.20.20.0/24)
Backup Site LAN (30.30.30/024)
BACKUP-SITE-SHOW-RUN.txt
ISP# 1 is on 10.10.10.0/24 (Point to Point)
ISP#2 is on 10.10.5.0/24 (Point to Point)
Primary site LAN (20.20.20.0/24)
Backup Site LAN (30.30.30/024)
BACKUP-SITE-SHOW-RUN.txt
There are many potential solutions for what you want to achieve. Since you are using EIGRP you could use unequal load balancing.
Please, additional output needed:
show ip eigrp topology
sh ip eigrp neigh
Reason:
Both routes how to reach network via EIGRP must be known (present in eigrp topology table), so unequal load balancing can be used.
Other way could be to configure less specific network to advertise it on both interfaces (for failover) and more specific networks (to load balance traffic). Additional question is which type of load balance you want to achieve.
ip route 0.0.0.0 0.0.0.0 30.30.30.254 - looks pretty strange since switch is pointing to itself as the next hop.
Please, additional output needed:
show ip eigrp topology
sh ip eigrp neigh
Reason:
Both routes how to reach network via EIGRP must be known (present in eigrp topology table), so unequal load balancing can be used.
Other way could be to configure less specific network to advertise it on both interfaces (for failover) and more specific networks (to load balance traffic). Additional question is which type of load balance you want to achieve.
ip route 0.0.0.0 0.0.0.0 30.30.30.254 - looks pretty strange since switch is pointing to itself as the next hop.
ASKER
LVL33,
sorry that's a typo when editing the file. the right ip route should be next hop:
ip route 0.0.0.0 0.0.0.0 30.30.30.1
let me get you, your request.
sorry that's a typo when editing the file. the right ip route should be next hop:
ip route 0.0.0.0 0.0.0.0 30.30.30.1
let me get you, your request.
ASKER
LVL33,
Here is your request (below). Also please note that ISP#2 -IP address are 10.10.5.0/24. Connectivity is good, but after that i have not done anything else. I only configure ports with IP addresses on the Edge Switches.
SWITCH#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.254)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 30.30.30.0/24, 1 successors, FD is 2816
via Connected, Vlan30
P 10.10.10.0/24, 1 successors, FD is 28160
via Connected, GigabitEthernet2/0/48
P 20.20.20.0/24, 1 successors, FD is 28416
via 10.10.10.253 (28416/2816), GigabitEthernet2/0/48
SWITCH#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.10.10.253 Gi2/0/48 12 16:03:17 7 200 0 602
SWITCH#
Here is your request (below). Also please note that ISP#2 -IP address are 10.10.5.0/24. Connectivity is good, but after that i have not done anything else. I only configure ports with IP addresses on the Edge Switches.
SWITCH#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.254)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 30.30.30.0/24, 1 successors, FD is 2816
via Connected, Vlan30
P 10.10.10.0/24, 1 successors, FD is 28160
via Connected, GigabitEthernet2/0/48
P 20.20.20.0/24, 1 successors, FD is 28416
via 10.10.10.253 (28416/2816), GigabitEthernet2/0/48
SWITCH#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.10.10.253 Gi2/0/48 12 16:03:17 7 200 0 602
SWITCH#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
LVL33.
ISP#1 bandwidth is 30/30
IPS#2 bandwidth is 50/50
how i can verify the HA and Load Balance?
Thanks.
ISP#1 bandwidth is 30/30
IPS#2 bandwidth is 50/50
how i can verify the HA and Load Balance?
Thanks.
Verify eigrp neighborship (if neighbors are present on both interfaces to other router then HA is OK)
But !!!!
If there is no configuration of bandwidth on interfaces equal load balancing will take place and you will get equal cost load balancing (both links, most likely, have the same cost). EIGRP routers will believe that on each link available bandwidth is 100Mb and with that actually you will, most likely, get 30/30 on each link.
Configuring bandwidth on interfaces and configuring EIGRP variance parameter can be used to configure unequal load balance and both links could be fully utilized.
There are other ways of load balancing traffic (for example - by prefix length)
show ip eigrp topology
sh ip eigrp neigh
sh ip eigrp interfaceshow ip routeBut !!!!
If there is no configuration of bandwidth on interfaces equal load balancing will take place and you will get equal cost load balancing (both links, most likely, have the same cost). EIGRP routers will believe that on each link available bandwidth is 100Mb and with that actually you will, most likely, get 30/30 on each link.
Configuring bandwidth on interfaces and configuring EIGRP variance parameter can be used to configure unequal load balance and both links could be fully utilized.
There are other ways of load balancing traffic (for example - by prefix length)
ASKER
LVL33,
Thank for your support. let's close this up. This is what my new configuration is going to look like.
__________________________
PRODUCTION
Int g2/0/48
Description ISP#1
Ip address 10.10.10.253 255.255.255.0
Bandwidth 30000
Int g4/0/6
Description ISP#2
Ip address 10.10.5.253 255.255.255.0
Bandwidth 50000
Router eigrp 100
Network 10.10.10.253 0.0.0.0
Network 10.10.5.253 0.0.0.0
Network 20.20.20.0
__________________________
BACKUP SITE
Int g2/0/48
Description ISP#1
Ip address 10.10.10.254 255.255.255.0
Bandwidth 30000
Int g2/0/47
Description ISP#1
Ip address 10.10.5.254 255.255.255.0
Bandwidth 50000
Router eigrp 100
Network 10.10.10.254 0.0.0.0
Network 10.10.5.254 0.0.0.0
Network 30.30.30.0
Network 40.40.40.0 (Other Network on DMZ BACKUP SITE)
Thank for your support. let's close this up. This is what my new configuration is going to look like.
__________________________
PRODUCTION
Int g2/0/48
Description ISP#1
Ip address 10.10.10.253 255.255.255.0
Bandwidth 30000
Int g4/0/6
Description ISP#2
Ip address 10.10.5.253 255.255.255.0
Bandwidth 50000
Router eigrp 100
Network 10.10.10.253 0.0.0.0
Network 10.10.5.253 0.0.0.0
Network 20.20.20.0
__________________________
BACKUP SITE
Int g2/0/48
Description ISP#1
Ip address 10.10.10.254 255.255.255.0
Bandwidth 30000
Int g2/0/47
Description ISP#1
Ip address 10.10.5.254 255.255.255.0
Bandwidth 50000
Router eigrp 100
Network 10.10.10.254 0.0.0.0
Network 10.10.5.254 0.0.0.0
Network 30.30.30.0
Network 40.40.40.0 (Other Network on DMZ BACKUP SITE)
So, unequal load balance it is.
Check if 2 paths to destination networks are present in EIGRP topology table after bandwidth is configured on interfaces (it should be - to be able to load balance traffic (I expect that will be there, otherwise additional tweaking is needed)).
If both paths are already present:
variance 2 means that feasible successor that have 2x worse cost that successor can be implemented into routing table
Then you should have non equal cost routes to networks found in routing table:
sh ip route
Check if 2 paths to destination networks are present in EIGRP topology table after bandwidth is configured on interfaces (it should be - to be able to load balance traffic (I expect that will be there, otherwise additional tweaking is needed)).
sh ip eigrp topologyIf both paths are already present:
router eigrp 100
variance X variance 2 means that feasible successor that have 2x worse cost that successor can be implemented into routing table
Then you should have non equal cost routes to networks found in routing table:
sh ip route
ASKER
Great. Thanks a lot.
You're welcome.