Firewall Wizards mailing list archives

Re: GLBP Alternative

From: Ryan McBride <mcbride () countersiege com>
Date: Mon, 14 Aug 2006 02:35:27 +0000

On Thu, Aug 10, 2006 at 11:45:03AM -0300, Fabio Meneses wrote:

   Anyone know any alternative to Cisco's GLBP ?

   Its more like an redundancy solution, but provided with Load Balancing
   capabilities, for L3 devices.


OpenBSD's CARP protocol (also available on FreeBSD and Linux, among
others) has the same functionality. In fact, CARP's arpbalance feature
seems to predate GLBP, although I've never seen OpenBSD credited for the
idea.

Note that the ARP-based load balancing found in both CARP and GLBP share
the same limitations: 

- ARP balancing only works on the local network segment. It cannot
  balance traffic that crosses a router, because the router itself will
  always be balanced to the same virtual host.

- Secondly, ARP load balancing can lead to asymmetric routing of
  incoming and outgoing traffic. If you're using a packet filter that
  does state tracking, this may cause problems as state values will be
  out-of-sync. Proxies or NAT can be used to avoid this asymetric route
  issue.

More information can be found in the OpenBSD carp(4) manual page:
http://www.openbsd.org/cgi-bin/man.cgi?query=carp


Disclosure: I'm one of the primary authors and maintaners of CARP.

-Ryan

--
Ryan T. McBride, CISSP - mcbride () countersiege com
Countersiege Systems Corporation - http://www.countersiege.com
PGP key fingerprint = 5A63 31A0 B2E0 4A64 3D16  C474 99A7 BEFE F9BA A8E0
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

GLBP Alternative Fabio Meneses (Aug 13)
- Re: GLBP Alternative Jeremiah Cornelius (Aug 15)
- Re: GLBP Alternative Ryan McBride (Aug 15)