Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
12
Helpful
6
Replies

NAT failover --> 1 ISP - 2 web servers

vekivedran
Level 1
Level 1

‎06-27-2008 02:42 AM - edited ‎03-05-2019 11:52 PM

Is it possible to achieve failover scenario using dynamic NAT?

I have on one WIC connection to ISP (Static IP), and on the other LAN (192.168.1.x).

In the local LAN i have two identical web servers, witch I want to use as backup for each other.

Can I do it with NAT, and track function for monitoring availability of one server, so when first web server stops responding to ping change NAT to the other?

Or some other way?

I have seen similar combination with 2 ISP and outside nat.

http://www.nil.com/ipcorner/SmallSiteMultiHoming/

I want the other way around.

I have Cisco Router 800 Series (NAT device).

Labels:
Preview file
26 KB
0 Helpful
6 Replies 6

stephen.stack
Level 4
Level 4

‎06-27-2008 05:32 AM

Hi,

Unfortunatly, this is not possible. IOS does not allow you to dynamically build a static NAT entry. Either by tracking a dead host or otherwise.

The only way i can see you doing this is by either investing in a Load Balancer (expensive) or by manually changing over. You can use a telnet app that supports scripting ZOC, or secureCRT and create a script that automatically logs into the router and changes the entry.

i.e. 1st script changes the NAT statement to the second server and 2nd script changes it back to the first server. This way anyone can do it.

If you are going to do this, don't forget to clear NAT connecitons first by using the

clear ip nat trans *

at the start of the script. otherwise the NAT entry maybe in use and the script will not work.

HTH (Please rate if it does)

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

vekivedran
Level 1
Level 1
In response to stephen.stack

‎06-27-2008 05:40 AM

Thanks.

I have searched all internet :) looking for this and this is first precise answer.

Not even combined with some form of routing, and than if one route "fails", the other kicks in? Like on the above link?

Scripting is a good idea though.

Thanks a ton.

0 Helpful

stephen.stack
Level 4
Level 4
In response to vekivedran

‎06-27-2008 05:48 AM

I have used the above procedure for outbound connections before. It is very effecitve. But i'm afraid nothing like this will work inbound.

I did not look at this in much detail. But have a look and see if this is along the lines of what you require. It does seem as tho some extra hardware would be required.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtsnatay.html#wp1046675

HTH

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

tdrais
Level 7
Level 7
In response to stephen.stack

‎06-27-2008 10:34 AM

One of the load balance methods I have seen pretty much puts the virtual address sharing on the servers themselves. Our web proxies work this way.

What happens is you put a "loopback" address on each server with same ip address. When the server responds to users it always uses this loopback address as his source rather than his true ethernet address.

So if your server application can accomplish this you can make this work.

The Nat part is simple you put in a static from the outside to the shared inside.

To make the "loadbalance" work you would put a policy route on the outside interface and set the nexthop to the server ethernet address you want to process the data. The policy routing can track RTR object to select which server to send to.

vekivedran
Level 1
Level 1
In response to tdrais

‎06-29-2008 11:04 PM

Thank you all! Now at least I know what are my options!

0 Helpful

Istvan kelemen
Level 1
Level 1
In response to vekivedran

‎02-27-2013 11:38 PM

Hello Sir,

This scenario provides failover for your website. The primary web server is WEB_A. The R2 router is send a ping the virtual ip of WEB_A in every 4 seconds and the wating for the response for 2 seconds. If the WEB_A fails then the router will switch to WEB_B.

Of course the router is keep pinging the virtual ip address, but it will never response anymore. So if WEB_A is recovered, you have to manually set the same virtual ip address for WEB_B. Onece the router is chaged the static route back to WEB_A (should happen in few seconds) you should remove the virtual address from WEB_B config.

Here is my solution for you:

And the configs:

http://www5.zippyshare.com/v/29325000/file.html

PS: i can see that this topic is very old, but my asnwer might helps to others. If so please rate

/edit:

You can use NAT load balancing aswell.

ip nat pool 'poolname' prefix-length 24 type rotary

ip address 'start' 'end'

ip nat inside destination list 100 pool 'poolname'

access-list 100 permit tcp any host xxxxx eq 80 (use any instead of host xxx if you have more pub addresses)

This scenario will provide a load balance between the servers. If one of them fails then every second attemp to load the page will fail.


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card