[nsp] Suggestions on Load Balancing
dtodd at partners.org
dtodd at partners.org
Thu Dec 19 10:29:24 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian:
It seems that your setup is fine for DS1 redundancy. HSRP is a good
thing to use in your problem. Use HSRP and track the S0/0 interface
of the primary Router. When that router detects a failure it will
cause hsrp to time out and switch to the secondary. I would in
addition seek out how your ISP is routing your traffic and I would
look to them to anounce the router w/weight preference. This is so
you don't get a black hole when you lose the primary T1.
If you need some help w/the config give me a yell.
==DMT>
- ----SIGNAURE-------
Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html
- -----Original Message-----
From: cisco-nsp-bounces@puck.nether.net
[mailto:cisco-nsp-bounces@puck.nether.net]On Behalf Of Brian Zeitz
Sent: Friday, December 13, 2002 3:26 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] Suggestions on Load Balancing
I was asked to set up the following for www.mydomain.com
I know how I would do it with 2 firewall, I could just treat it as
different sites, and use global load balancing. But they now want me
to set this up with a single firewall. Here is the diagram.
Internet-aT1-----aCisco 3640 (4ether)---3550EMI\______Pix 515UR (w/FO
and 4DMZ)----Coyotepoint (FreeBSD Based) Load balancer with
Failover--aWeb Server Cluster
Internet-aT1-----aCisco 3640 (4ether)---3550EMI/
The T1s need to be active/active and be able to fail over in an
outage.
I am not sure how I would go about taking the 2 outbound Ethernet IPs
of the routers, and have them go though the firewall. I thought about
HSRP, but even still, It looks like I would need 2 Firewalls. Is
there anyway to combine the T1s and have them come out as a single
IP? I know I am asking the world. Just looking for some suggestions
as I sit here looking at the wall.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBPgHl1AgiZycqTvq3EQL0bwCfWKz696vB3iFDm30UM6JkZeF6vagAn3P9
E8CCDVsABW5Su3LsbC03xRZ/
=B/JU
-----END PGP SIGNATURE-----
-------------- next part --------------
z'µìmjÛZrܲÇ+¹¶ÞtÖ¦{§¨¥u«Sʦbq«b¢æ²ÙÞ}(³{^yí¼zÀÞ±É赫ÚVå+m§ÿé¹É'zØ^®wþ©z¹_ÜÇ(ÊjÛZrÛ?ÛM6×m}ÿOvy·z÷ü"f¢¸§
More information about the cisco-nsp
mailing list