RE: HSRP with load balancing on a Cisco IOS based firewall

[Dave <update () dsrtech com>]

HSRP is only for fail over.

You can use MHSRP which is multiple groups to "load split".

Lets say you have a /24 network. you would make your HSRP group 1
primary for 0/25 and your HSRP group 2 primary for 128/25.

Then make them each redundant for the other and "split" the load. Your
responsibility would be to ensure you load balance your busiest hosts
between networks.

This same principal applies for BGP. You can essentially balance the
connections by splitting the network routing.




On Fri, 2003-09-05 at 17:05, David Gillett wrote:
>   HSRP does fail-over, but I don't see how it would do load balancing
> without some outside help.  I think whatever does load-balancing for 
> you becomes your alternative to HSRP.  (If I'm wrong, I'd be really
> interested in seeing a lot more detail of what you're doing....)
>
> David Gillett
>
>
> > -----Original Message-----
> > From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com]
> > Sent: September 5, 2003 09:44
> > To: security-basics () securityfocus com
> > Subject: HSRP with load balancing on a Cisco IOS based firewall
> >
> >
> > Hi there,
> >
> > Has anyone implemented HSRP with load balancing on a Cisco IOS based
> > firewall.
> >
> > I have come across vague references to HSRP on IOS firewalls, though I
> > have'nt managed to locate a configuration document as such. I 
> > am not so sure
> > on the possibility of load balancing though.
> >
> > Any ideas ?
> >
> > Thanks in advance.
> >
> > Regards
> >
> > CP
> >
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > Attend Black Hat Briefings & Training Federal, September 
> > 29-30 (Training), 
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
> > technical IT security event.  Modeled after the famous Black 
> > Hat event in 
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and 
> > sponsors.  
> > Symantec is the Diamond sponsor.  Early-bird registration 
> > ends September 6.Visit us: www.blackhat.com
> > --------------------------------------------------------------
> > --------------
>
>
> ______________________________________________________________________
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
> technical IT security event.  Modeled after the famous Black Hat event in 
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
> Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------