Load Balanceing Question!

[oAUGGIEo]

Cisco Newbie Here!

First, my setup:

Office 1:
2 Cisco 3725
2 ISPs (one to each router)
HSRP is setup between them with 1 virtual IP

VPN to remote office

Remote offices:
Cisco 1700s (some 1720s and some 1750s)

The remote offices are set up to load balance between the 2 3725s/ISPs at Office 1.

What I would like to do is Load balance the outgoing traffic from Office 1 to the remote offices while at the same time keeping the redundency of 2 3725s with 1 virtual IP. Can I link the 2 3725s with a cross over cable and set up load balancing? Also, Our Incoming Email is arriving through 1 of the ISPs, but while its in standby, it wont recieve. How can I fix this.

Please Help!

Thanks

Austin

 

[jato]

Well, I've given it a bit of thought, and it would be possible, but a bit convoluted. The main thing to note is that, assuming you're using your virtual IP as the default gateway out of your enterprise, only one router will be active at one time. This is inherent to HSRP. The trick is not to load balance with IPs, but rather with a dynamic routing protocol. Additionally, if you're running IPSec VPNs, they won't allow multicast traffic (and thus dynamic routing protocol advertisements), so you will have to build GRE tunnels between your sites as well.

So essentially, what you will need to do is configure your IPSec VPN tunnels to terminate on the serial interfaces of the routers, configure loopback addresses and establish GRE tunnels between your office and branches, and then configure a routing protocol such as OSPF or EIGRP to provide the actual load balancing across the two links/tunnels. But you're not done yet. The routing protocol will only pick the best path of the two by default - you need to change this so that it will load balance over unequal paths. I say unequal because if 3750-1 is the active HSRP router, its cost to the remote site is going to be equal to the cost of the IPSec/GRE tunnel. It will also have the option of going through the secondary ISP, but that cost will be more - it will be the sum of the cost of traversing the LAN to the other router's loopback, and then the cost of that tunnel. So you will need to use the "variance" command or manually adjust the costs associated with the links (Bandwidth and Delay for EIGRP, Cost for OSPF) for each of the remote offices to provide for your desired load balancing functionality.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

Load balancing internet traffic is much more difficult. (If you can believe it.) Because not only do you have to sent it out of your company with two ISPs, but more than likely the "internet" as an entity is only going to have one route back to your organization. Put another way, internet data sourced from ISP A has to come back through ISP A. The enterprise level solution is to run BGPv4 and peer with each of your ISPs to provide full routing capabilities to your perimeter routers. But I wouldn't recommended it for your scenerio. Instead, the best way to load balance your email would be to set up a conduit in through each of the ISPs at port 25, and then advertise a DNS MX record for your TLD with equal costs, as in...

mail1-ispA.acme.com Mail Preference = 10
mail2-ispB.acme.com Mail Preference = 10

Then your A records would look something like this...
mail1-ispA - 111.11.11.11 (coming in thru 3725 #1)
mail2-ispB - 222.22.22.22 (coming in thru 3725 #2)

Internally, you may want to put two NICs in your mail servers on different VLANs and run two HSRP instances instead of one. Otherwise (I think) the standby router would never be able to send out, since it wouldn't have an active interface on which to transmit traffic.

*Whew*. At least that's my idea. If anyone else can do it simpler, please share!

Jato