Re: Off Topic: Load Balancing Through a PIX

Fri, 09 Mar 2001 01:44:30 -0800 

take a look at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/con
fig.htm#xtocid2757030

other comments in-line

----- Original Message -----
From: Yonkerbonk <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 08, 2001 7:49 AM
Subject: Off Topic: Load Balancing Through a PIX


> What with the talk going on about load balancing
> between two PIXs, it has gotten me curious about
> another scenario.
>
> [RouterA]  [RouterB]
>     |          |
>      ----------
>           |
>         [PIX]
>           |
>       [RouterC]
>
> In this scenario, I have two routers connecting to the
> Internet, a PIX behind it, and one router (router C)
> behind the PIX. I have two default routes on RouterC
> pointing to the other two, so that it would try to
> load balance between them, and then I have two static
> routes pointing to the PIX for recursive lookup of the
> default route next hops.

recursive lookups?
RouterC only has one "next hop", and that is the PIX.  In essence, you can't
point RouterC to RouterA and RouterB.  In other words, this doesn't work:

RouterC> ip route 0.0.0.0 0.0.0.0 RouterA
RouterC> ip route 0.0.0.0 0.0.0.0 RouterB

The packet would get lost, because there's no direct route to those two
interfaces except through the PIX, which doesn't perform any kind of Proxy
ARP.

> My question is, RouterC would try to load balancing to
> the other two routers, but when the packet gets to the
> PIX, does the PIX make its own routing decision from
> that point? In which case, whatever routes I had on
> RouterC wouldn't matter and load balancing wouldn't
> work.

The PIX will take the packet and send it to the default route.  You can only
have ONE default route for a PIX.

> My assumption is yes. The PIX is basically a router
> and not a switch. So the only way I can see this
> working is to tunnel through the PIX (security hole)
> or put another router in front of it to load balance.
> Any thoughts?

A PIX is basically NOT a router... I've learned that the hard way.

>
> Michael
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to