GLBP using host-destination load-balancing and IP SLA


It has been a long time indeed since I’ve brewed up a how-to blog. This is a little interesting, its a massive one. I will be doing it in chunks and lets deal with the biggest chunk. In this scenario,

  • 3 Routers, 1 for data and 2 for voice
  • All PC surfing the internet will use the data router while all calls will be using the 2 voice routers.
  • All 3 routers will be connecting to the internet, will be assigned public IPs. obviously they’ll be using NAT overload
  • 2 voice routers will be using GLBP, load-balancing via host-destinating because we are using NAT
  • Voice routers will use IP SLA to test reachability to the cloud PBX system, if one router fails, its weight will decrement by 10 and will cease to be the AVF.

I will not go into the basics of what is GLBP and the first-hop standby protocols, it is assume you know the fundamentals so I can jump right into the config.

Voice Router 1

interface Vlan2
description VOIP_LAN
ip address
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1454
glbp 1 ip
glbp 1 preempt
glbp 1 weighting 100 lower 95
glbp 1 load-balancing host-dependent
glbp 1 authentication text delanpass
glbp 1 weighting track 3 decrement 10
glbp 1 forwarder preempt delay minimum 0
track 3 ip sla 3 reachability
ip sla 3
icmp-echo source-interface Dialer0
! — We are to assume that is the public IP of the PBX system
frequency 10
ip sla schedule 3 life forever start-time now

As you can see, I have configured IP SLA 3 to send icmp-echo request to the cloud pbx system every 10 secs. In the event a ping fails, it will decrement the weight of the GLBP to 10 from 100, making this below the set lower limit of 95. If this is triggered, Router will stop being the AVF and the other router will take over and forward traffic.

I don’t need the write the config of voice router 2 because its basically the same thing except the ip address of the interface is different for obvious reasons.

The next how-to would be how you would you configure data router if you want to reach the phones on VLAN 2.

Hiatus from Cert studying

Its one of those days I feel like I have to force myself to write something even there’s really nothing techie to write about. I know I have been missing alot on how to’s. My highest hits are still on this blog are still from my dot1x auth, unified communication and free radius blogs which I admit really helpful and I myself would refer back to them once in a while.

I am still in hiatus mode from studying and cert taking. Mostly in research mode with CCIE R&S, I’ve purchased my first CCIE related book so far TCP/IP Illustrated. When I say purchased, I meant it is in paper form. I already have the Cisco’s CCIE v5 vol 1 & 2 books but to be honest I still go for the old school hard bound books.

Working on a number of projects at work, in a way its been helpful to me. Last week I was working on VRF aware Ipsec, pretty neat technology as our core network mostly run on an MPLS network. Figuring out a way to use 4G as a fail-over solution, wherein in the event the primary link goes down, 4G connection will kick-in creating a IPSec tunnel back to the customer’s private cloud.

Also this week Brocade offered to foot the bill for their Ethernet Fabric training leading to getting a Brocade Certified Ethernet Fabric Professional certification (CEFP). How can I say no to something’s free.

Also ordered and installed my very first Fibre 400/400, well my honest opinion about it, its like glorified NBN. Nothing still beats an Fiber over Ethernet connection with dedicated bandwidth because of the SLAs.