Need advice on WAN redundancy and hardware failover

Unanswered Question
Sep 15th, 2007

We are thinking about adding another full T1 line to our existing ISP so we will have redundancy and higher bandwidth. I realize I don't get true redundancy by having both T1 lines to the same ISP. We thought about buying an IP block/ASN and have two different ISPs route traffic, but it is way too expensive. So we opted to get another T1 line from the existing ISP and to provide higher bandwidth and WAN failover redundancy. I am also looking for hardware failover.

I would really appreciate if someone can advise.

We currently have cisco 2620 router with the WIC-1DSU-T1 and Fe 0/0 (onboard) modules. Existing T1 line feeds into this router. The Fe0/0 connects to our firewall. Here is the spec for the router in production.

IOS (tm) C2600 Software (C2600-I-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

cisco 2620 (MPC860) processor (revision 0x102) with 26624K/6144K bytes of memory.

Processor board ID JAD04390KWU (1814404175)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

We also recently bought another Cisco router for some other purposes, but that project didn't take off and the router is collecting dust. It's 2651XM AIM-VPN/BPII-PLUS with two slots and no WIC module. It has two onboard FastEthernet Ports with 256MB of RAM.

I am thinking of using both 2620 and 2651XM for hardware failover. The 2651XM will be the primary and 2620 is secondary. Both should be able to aggregate the two T1 lines for higher bandwidth. What's the best way to feed two T1 lines into these two routers for WAN failover redundancy, hardware failover and link aggregation? Do they support BGP?

Given the budget, I thought I will stay with 2600 series routers and buy WIC modules. I think 2600 series is discontinued. Should I go for 2800 series?

Your advice is greatly appreciated. You can also point me to whitepapers, etc.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paul.matthews Sat, 09/15/2007 - 22:40

First comment - you really need to upgrade that software - IIRC is was deferred several years ago!

Two links, one ISP. Really you need to talk to your ISP about what they are prepared to do for you.

Your first decision is load sharing Vs Failover and which you prefer. The easiest load sharing is with both links terminating on the same router at each, then BGP or not either static routes each way across both links will work to load share (no BGP) or use static routes or an IGP between your peer and theirs and eBGP multihop with BGP using loopback addresses.

That removes failover though!

BGP to load balance can be a bit of a blunt instrument, and you have to think about both directions separately.

Load balancing inbound traffic - the two main options you can use here are MED and AS_PATH prepending. You use a route map to set different values of MED for different routes going out, or to lengthen the AS_PATH on some routes. You watch your inbound load over a few days and tweak as appropriate. Your ISP can totally override anything you do though, so you need to understand what they will do.

Outbound balancing is more under your control, depending on what routing the ISP sends you. If you just get a default you have fewer options. Again you use route maps to alter either weight (local to the router) or local_preference local to your AS to alter which routes get into the routing table via which router. You may need to upgrade memory in the routers for this though as full BGP tables are huge.

You then need to get this routing info through your firewall and into your IGP. Without knowing how you use the firewall, that is difficult to advise upon.

Best advice is talk to your ISP - they may have a preferred way of doing this that makes all my rambling irrelevant!

pie8terrr Sun, 09/16/2007 - 20:43

Thanks for the response.

The second T1 line will come from different core than the existing line. I don't have a lot of experience with cisco routers or WAN technologies for that matter. I can configure the WICs and FEs, but don't have handson experience with multilinking, WAN failvoer or hardware failover.

We currenlty lease a block of IP numbers from our ISP. They told us they will route traffic to the second T1 line if the first T1 line goes down for any reason. So clients will still use the same IP number regardless of the T1 line being used.

Our firewall will have a single connection to the router and send all traffic to one default gateway. Router must decide which line is good for outbound traffic.

paul.matthews Mon, 09/17/2007 - 00:37

So it sounds like they don't want to use BGP.

From what you have described I reckion you need a nice simple solution. Use HSRP between your two router, using track to follow interface states, so that if the link goes down the traffic will be moved to the other router.

This will give you resilience, but not load sharing. While it will work most of the time, there is a possible state where the link appears to be up, but your ISPs router is not forwarding traffic where the link will not failover. In that case what you will need to do is login and shut the link manually.



This Discussion