[nsp] Suggestions on Load Balancing

dtodd at partners.org dtodd at partners.org
Thu Dec 19 10:29:24 EST 2002 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian:

It seems that your setup is fine for DS1 redundancy. HSRP is a good
thing to use in your problem. Use HSRP and track the S0/0 interface
of the primary Router.  When that router detects a failure it will
cause hsrp to time out and switch to the secondary.  I would in
addition seek out how your ISP is routing your traffic and I would
look to them to anounce the router w/weight preference. This is so
you don't get a black hole when you lose the primary T1.

If you need some help w/the config give me a yell.

==DMT>

- ----SIGNAURE-------
Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html 
- -----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net]On Behalf Of Brian Zeitz
Sent: Friday, December 13, 2002 3:26 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] Suggestions on Load Balancing


I was asked to set up the following for www.mydomain.com

I know how I would do it with 2 firewall, I could just treat it as
different sites, and use global load balancing. But they now want me
to set this up with a single firewall. Here is the diagram.


Internet-aT1-----aCisco 3640 (4ether)---3550EMI\______Pix 515UR (w/FO
and 4DMZ)----Coyotepoint (FreeBSD Based) Load balancer with
Failover--aWeb Server Cluster
Internet-aT1-----aCisco 3640 (4ether)---3550EMI/


The T1s need to be active/active and be able to fail over in an
outage.

I am not sure how I would go about taking the 2 outbound Ethernet IPs
of the routers, and have them go though the firewall. I thought about
HSRP, but even still, It looks like I would need 2 Firewalls. Is
there anyway to combine the T1s and have them come out as a single
IP? I know I am asking the world. Just looking for some suggestions
as I sit here looking at the wall.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPgHl1AgiZycqTvq3EQL0bwCfWKz696vB3iFDm30UM6JkZeF6vagAn3P9
E8CCDVsABW5Su3LsbC03xRZ/
=B/JU
-----END PGP SIGNATURE-----

-------------- next part --------------
z'µìmjÛZržžÜ²Ç+¹¶ÞtÖ¦{§™¨¥u«SÊ—š¦™bq«b¢æ²ÙÞ}(³{^yí¼­zÀÞ±É赫ڊV›•å+–m§ÿé¹É'zØ^®w­þ˜©z¹šŠ_ÜŠÇ(žÊjÛZržžÛ?ÛM6×m}ÿOvy·z÷ü"žf¢•¸§

More information about the cisco-nsp mailing list