PBR - load balancing

Published on by dellpe

Question:

Hello friends, I have a hub and spoke network running EIGRP with 2 central Cisco 4506E at the data center and approx. 90 spokes. Each spoke connects to each of the hubs over separate tunnel interfaces utilizing a local high speed internet connection. Currently I have the EIGRP maximum-path set to 1 in order to avoid out of sequence packet issues at the core. With this setting, all of the spokes connect to HUB1 while HUB2 is sitting idle. I know there is a way to load-balance between two hubs so that spokes are utilizing both hubs example: email over HUB1 and Citrix over HUB2. I am just not quite sure how I can do that?

Subnets at the data center are 172.18.120.0/24, 172.18.120.121/24 and 172.18.120.123/24 which host most application servers each of the branches need to communicate with.

Answer:

I put the web server in there to show that anything that doesn't match this policy will route out whatever the routing table says to get to. The policy-map next-hop ip will override whatever is set in the routing table for these two hosts going outbound. When they hit the inside interface transmitting traffic to hosts, these 2 hosts will go to Hub2. Traffic going to the hosts, depending on the routing table from their perspective, could come over Hub1 and then return traffic would come through Hub2.

You could configure PBR to achieve load balancing by application type. I also note that his suggestion works from the hub to the spoke and that you would need similar configuration at each of the spoke routers to manage traffic from spoke to hub.

I would suggest a different approach to achieve load balancing. I have set up a similar network with 2 hub routers and many remote sites. The customer wants to do load balancing so that each hub routers is actively used, the load is shared, and traffic will fail over to the other hub if there is a problem. What we did was to configure an offset list on each of the spoke routers. The offset list applies to inbound advertisements and also to outbound advertisements. Approximately half of the spoke routers apply the offset list to advertisements from hub 2 (making hub1 more preferred) and the other half apply the offset list to hub1 (making hub2 more preferred). The result is that half of the spokes use each of the hub routers and if there is a problem with one of the hub routers then all traffic flows through the other hub router.

You should be able to use PBR for something like this. You'd create an acl matching the source address or protocol, create a route-map, and apply it to the interface.

HUB1: 192.168.1.1

HUB2: 192.168.1.2

Mail server: 192.168.1.50

Citrix server: 192.168.1.51

Web server: 192.168.1.52

access-list 101 permit ip host 192.168.1.50 any

access-list 101 permit ip host 192.168.1.51 any

route-map MyPolicy permit 10

match ip address 101

set ip next-hop 192.168.1.2

int fa0/1 (lan interface)

ip address 192.168.1.1

ip policy route-map MyPolicy

To be informed of the latest articles, subscribe:
You might also like:
What is the difference between router and L3 switching
What is the difference between router and L3 switching
Configuration Change Notification and Logging
Configuration Change Notification and Logging
Cisco active/standby FWSM pair went active/active after switch upgrade
Cisco active/standby FWSM pair went active/active after switch upgrade
Cisco Catalyst switches port-channel interface
Cisco Catalyst switches port-channel interface
The question about cisco ospf LSA
Calculate OSPF cost
Comment on this post