Automatic Failover with VLAN subinterfaces

Unanswered Question
May 9th, 2007
User Badges:

Hello all,

I have a problem configuring our internet router. we have two main circuits from two different service providers which means two different IPs.

I need to configure static nat of different IP addresses base on ISP's IP for specific servers and nat overload on the external interface for the internal users.

Another requirement is that, the ISP changeover should be automatic (when one goes down, the other takes over automatically). I believe I have to use something like OER and route-maps but I am stuck.

Please advice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohammedmahmoud Wed, 05/09/2007 - 05:54
User Badges:
  • Green, 3000 points or more

hi,


It depends whether you want it Load-balancing or Primary and backup, you'll also need to add the static NAT for your server.



1-Load Balancing:


interface serial 0/0.1 point-to-point

description Connected to ISP1

ip nat outside


interface serial 0/1.1 point-to-point

description Connected to ISP2

ip nat outside


interface fastethernet 0/0

description Connected to LAN

ip nat inside


ip nat inside source list 10 interface serial0/0.1 overload

ip nat inside source list 10 interface serial0/1.1 overload


ip route 0.0.0.0 0.0.0.0 serial0/0.1 x.x.x.x (Default route to ISP1)

ip route 0.0.0.0 0.0.0.0 serial0/1.1 y.y.y.y (Default route to ISP2)



access-list 10 permit





2-Primary and Backup:


interface serial 0/0.1 point-to-point

description Connected to ISP1

ip nat outside


interface serial 0/1.1 point-to-point

description Connected to ISP2

ip nat outside


interface fastethernet 0/0

description Connected to LAN

ip nat inside


ip nat inside source list 10 interface serial0/0.1 overload

ip nat inside source list 10 interface serial0/1.1 overload


ip route 0.0.0.0 0.0.0.0 serial0/0.1 x.x.x.x (Default route to ISP1 - Primary)

ip route 0.0.0.0 0.0.0.0 serial0/1.1 y.y.y.y 254 (Default route to ISP2 - Backup)



access-list 10 permit




HTH, please do rate if is helpful,

Mohammed Mahmoud.

jkofosu Wed, 05/09/2007 - 06:13
User Badges:

Hi Mohammed,

Thanks for the quick reply. I want to translate static external IP to the internal servers and the the internal users to the external interface. And also, since the static IP addresses for the servers would not be the same for each service provider. I would appreciate more insight.

Thanks.

bjornarsb Wed, 05/09/2007 - 08:18
User Badges:
  • Bronze, 100 points or more

Hi,


For full redundancy to work for both IP segments upstream and downstream I would recomend Multihomed BGP.


Have a look at this example. Keep in mind that you need Provider independent IP addresses.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf5


However if you hesitat to run multihomed BGP,

you loose redundancy for WEB servers.

Well to be honset its possible using Dynamic DNS, but I've no practical experience with it and you somehow need to change the IP on your servers.


So if we stick with your case and the IP's that you've got. Using floating static and NAT would solve your problem.


HTH


Regards,

Bjornarsb

mohammedmahmoud Wed, 05/09/2007 - 10:30
User Badges:
  • Green, 3000 points or more

Hi,


For your servers, plus the above configuration you'll need to use PBR, apply it to the input interface using "ip policy route-map server"


route-map server permit

match ip address 1

set ip next-hop ISP1


access-list 1 permit host


ip nat inside source static




HTH, please do rate all helpful replies,

Mohammed Mahmoud.

jkofosu Wed, 05/09/2007 - 11:47
User Badges:

hi Mohammed,

Based on the above configuration, the ip nat inside source static would translate to only one ip for a single service provider. This means that, when that link goes down, translation would not work for the backup link. Please correct me if I am wrong.

Thanks.

mohammedmahmoud Wed, 05/09/2007 - 12:09
User Badges:
  • Green, 3000 points or more

Hi,


You are right, but the idea is that the server IP is always required to be a fixed well know IP, acordingly it should be NATed to 1 IP, the problem is that you can't get the IPs of 1 provider to go out of the other provider, unless you get your own PI addresses (which also requires ASN and BGP) and then you can control to which provider this IP can go.


So i don't think that we have a solution to this problem.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.

jkofosu Wed, 05/09/2007 - 12:16
User Badges:

Thanks for this. Can we in any way try using the OER technology base route maps?

Again, this is something I dont know and reading about this, makes me think there is a way to do this.

Thanks for the help.

Actions

This Discussion