CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > ISP Redundancy
Loadbalancing among two routers in the same subnet Loadbalancing among two routers in the same subnet
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-06-25
Junior Member
  
Join Date: 2006-06-22
Posts: 2
Rep Power: 0
sdesse has an average reputation (10+)
Default Loadbalancing among two routers in the same subnet
Hi,

I have two routers, from the same ISP, in the same subnet. Incomming connection are entering from the first router (my ISP constraint) but I would like to load balance answers from my webserver among the two routers (90% of my links load).

Details :
(IP adresse are sample)

My webserver 192.168.1.10 si nater on the outise interface with 195.100.100.10 IP address. On the external side I have one interface 195.100.100.1 in the 195.100.100.0/24 network.

My gateways are 195.100.100.254 and 195.100.100.253. Inbound trafic is achemined through the firs 195.100.100.254 gateway (no BGP).

I want outboud replies redundancy et load balancing keeping same sessions on the same gateway.

As inbound connections are incoming from the same subnet I don't know if ISP redundancy is able to share load across two routers.

In this context Checkpoint ISP redundancy is not documented.

I'm interested in feedback on how FW is functionning with the how gateways in the same subnet and what should I care during implementation.

Thanks for your help.

Regards,

Sebastien
Reply With Quote
  #2 (permalink)  
Old 2006-07-02
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 4
Sergej has an average reputation (10+)
Default Re: Loadbalancing among two routers in the same subnet
I guess it could be possible if SecurePlatform Pro routing daemon supports equal cost load balancing (for OSPF or static routes). Although load balancing and asymmetric routing could create serious problems for firewall (trying to maintain connection state)
Reply With Quote
  #3 (permalink)  
Old 2006-07-12
Senior Member
  
Join Date: 2006-07-10
Posts: 164
Rep Power: 3
Porter has an average reputation (10+)
Default Re: Loadbalancing among two routers in the same subnet
I think it's not possible for you to loadshare incoming with CP if the routers are on the same subnet, you would need a third device that's in front of those two routers which would loadbalance the traffic to the routers, ask your provider if they support something like that

the only way I know to make it happen with CP to is to have your external dns behind your gateway(s) and activate the dns proxy on your gateway(s) too, but you would need a private ip for your webserver, 2 public addresses in different ranges for that servers an two nat rules for it and finally two internet links
You would enter both public addresses in the dns behind your firewall and also enter both adresses into the dns proxy with a low ttl, all incoming requests for entered ressources are answered by the dns proxy on your firewall
__________________
misery is optional
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 08:32.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0