5 replies to this topic

[hammer083]

hello,

I have a firewall and after it switch with two internet BGP routers connected to it. Each BGP router is connected to a different ISP. bandwidth is unequal - 14Mb and 4Mb. I have my own AS. Is it possible to load balance outgoing and incoming traffic without any extra hardware just using BGP features?

Now the second router/line is used as a standby only.


thank you,

hammer083.

[slymoose]

You can easily influence inbound traffic with MED/AS prepend/Origin on the BGP routers.  How to best load balance will depend on your traffic patterns.  Do you control the routers?

For egress I would look at what features your firewall supports, perhaps it has a tunable per-flow load sharing setting?  That would be your best bet, what model FW is it?

If your firewall untrusted port + routers share the same subnet (and thus same egress IP when NATing) you could probably do equal cost static routes to each BGP speaker...however this would not distribute the flows evenly given the bandwidth difference....hmmm.  Are they all Cisco devices?  You could do EIGRP unequal load balance across the FW -> BGP-router links with variance of 4.  I have read that you can do multipath BGP with bandwidth settings, but I have never done this.  I am betting you do not run BGP on the Firewall?

[hammer083]

slymoose, on 13 June 2011 - 06:05 AM, said:

You can easily influence inbound traffic with MED/AS prepend/Origin on the BGP routers.  How to best load balance will depend on your traffic patterns.  Do you control the routers?

For egress I would look at what features your firewall supports, perhaps it has a tunable per-flow load sharing setting?  That would be your best bet, what model FW is it?

If your firewall untrusted port + routers share the same subnet (and thus same egress IP when NATing) you could probably do equal cost static routes to each BGP speaker...however this would not distribute the flows evenly given the bandwidth difference....hmmm.  Are they all Cisco devices?  You could do EIGRP unequal load balance across the FW -> BGP-router links with variance of 4.  I have read that you can do multipath BGP with bandwidth settings, but I have never done this.  I am betting you do not run BGP on the Firewall?

thank you for replying. Internet firewall is CheckPoint, not Cisco. i will have to check if it supports per-flow load sharing.

[suraj0220]

you cannot load balance with two isps with different AS's. Only one route remains as the best route.

You need multiple links towards same isp.

At the max you can do is load-sharing and link failover.

Some reference to help you with that :

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

[slymoose]

suraj0220, on 17 June 2011 - 08:23 PM, said:

you cannot load balance with two isps with different AS's. Only one route remains as the best route.

You need multiple links towards same isp.

At the max you can do is load-sharing and link failover.

Some reference to help you with that :

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

I don't agree.  In this instance I assume the firewall is not speaking BGP so egress decisions are made on IGP/static routes.

[johnwhite3]

hi,

In case the BGP speaker on you side is Cisco router(s) you may consider using OER (pfr) feature. It automagically mangles BGP parameters for given routes to achieve load balancing according to BW utilization.

Have a look at this first:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/product_data_sheet0900aecd806c4ee4.html

Cheers,
JW3.