Hello, thank you for your reply. I would like to have a primary link to ISP1, but the balancing is interesting as well. The main objective is to provide automatic failover. There are no servers at the location. The co-lo is at another location and I need to always be connected to the co-lo where all the servers are.

Do you have an example configuration for what I have described? Like I said, I have one NAT working, but I cannot find an example configuration that allows me to do this with two ISPs from one router with two outside interfaces.

Hi,

just configure nat as per documentation, but twice. In the aCL you only permit the inside network, then apply to "nat inside ..." statement twice, one time per outside interface.

Start with two default static routes only. That will do backup and load balancing. Then you have time to fine tune it as you whish. Note that on both links, if the interface stays up, but provider drops packet, this type of failure won't be detected by the static routes. If you want to avoid this possibility, you can congure IP SLA, tracked objects and policy routing to monitor the actual status f links. This is a more advanced configuration.

Please remember to rate all useful posts!

Hello again,

I am not sure I totally understand your answer. I am not understanding how the router will know which translation rule to use if they have the same source-list.

Can you or someone provide an example configuration showing what you are describing here?

Hi,

the source access-list only defines what is allowed to be natted and what is not.

Because you have two default routes of equal weight, packets going out will choose alternatively one or another link. Actually the load balancing will not be per-packet but per-destination. So once a conversation starts going out on an interface, it will stick on it. This is automatic.

There is really no configuration to take as example. Just two "ip nat inside" statements, pinting to the two interfaces or IP address used for nat. That's it.

The configuration above can be simplified and made to load-balance over two ISP by:

- use access-list instead of route-map in "ip nat inside source"

- do no specify a weight for any of the static routes.

Hello again,

Both of these solutions solve the problem nicely. I think if we have a requirement to load balance, we will use this solution as well.

Thanks for the help, it is much appreciated.

Hi,p.bevilacqua:

According my knowledge, if you input two or more default static route without different administrive distances specified, just only one of these default static routes will enter routing table and take effect. that's the reason I have to specify a 200 as administrative distance.

regards.

Hi Jer,

no that's not correct. When multiple routes have same administrative distance (does not matter if static or by protcol), the router will begin distributing traffic in load sharing, up to maximum of 6 paths.

The algorithm used to decide with path to take depends if you are using CEF (three algos available), fast switching, or the most brutal per-packet load balancing.

This has been the key for routers to use multiple links to the same destination for many years before the advent ot MLPPP.

excellent, you're right, i jut tested what you said, see the following, two default static routes in routing table.

Regards

Jerry

--

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Ethernet0

2.0.0.0/24 is subnetted, 1 subnets

C 2.2.2.0 is directly connected, Ethernet1

S* 0.0.0.0/0 [1/0] via 2.2.2.2

[1/0] via 1.1.1.1

Yes. One more correction: the numeric parameter in static routes like 200, commonly called "weight", is not the "administrative distance", but more correctly a "metric". Administrative distance is something else, but let's not digress.

Hi,

This works for me very well. I really did not need to load balance, so this should not be an issue at all.

Thank you.