Load balancing over Internet link

Unanswered Question
Jun 14th, 2008

i have 2 internet link, both are in different pool

i want 1 link using for one proxy and another one for another proxy

i have one port connectivity between FW & Internet router

i am using NAT FW(Private to public) as well as internetrouter(public to public)

now i want failover over both link, if one link is goes down traffic shifted to another link.

plz suggest me the solution over PBR

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Sat, 06/14/2008 - 23:30

Hi Tarunava,

Are you connecting to 2 ISPs? Public IP address that you nat on the firewall belonging to ISP1 or ISP2? If so you can nat only on one ISP.

Seems you need to seperate the traffics by using the services/ports.Let's assume that you want to Nat both links with each pool ip address.

ip access-l ex Proxy-80

permit tcp host any eq 80

ip access-l ex All-Traffics

permit ip host any

route-map input permit 10

match ip address Proxy-80

set interface RouterInterfaceToISP1 RouterInterfaceToISP2

route-map input permit 20

match ip address All-Traffics

set interface RouterInterfaceToISP2 RouterInterfaceToISP1


ip policy route-map input


route-map interfaceISP1 permit 10

match interface RouterInterfaceToISP1

route-map interfaceISP2 permit 10

match interface RouterInterfaceToISP2

ip nat inside source route-map interfaceISP1 pool Pool-ISP1

ip nat inside source route-map interfaceISP2 pool Pool-ISP2

int Interface

ip nat inside

int Interface

ip nat outside

int Interface

ip nat outside

Hopes that makes you some idea.


michaelchoo Mon, 06/16/2008 - 18:52

Do you have your own address space allocated from IANA? If you're not sure, ask your ISP(s).

If you do have your own block of IANA-allocated addressing, you might want to consider getting a public BGP AS from IANA and run BGP with your ISP(s). If all you need is the ability to automatically fail over, BGP can definitely do it easily for you. Load balancing is tricky though, especially if you're connected to multiple upstream ISPs.


This Discussion