Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
2
Replies

routing issue with dual homed internet

Tahir Ali
Level 1
Level 1

‎08-29-2008 05:38 AM - edited ‎03-03-2019 11:20 PM

Dear All,

we have the following scenario

1 core router with dual internet link. We dont want to run BGP. Can we use or load share using two default routes? I tried but the routes worked one at a time.

We have also created two vlans for LAN segregation and we want one vlan to access internet using first link and other vlan to through second link.

But both the vlans will access one Gre over ipsec VPN ( tunnel interface )created using first internet link.

Can route-maps help if yes how? or any vrf based design?

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-29-2008 09:04 AM

Hello Tahir,

in your case all packets encapsulated in GRE and then in IPSec are seen as a single flow when looking at the external IP header.

To get load-balancing outbound you can :

a) use load-balancing per packet

But it could have some drawbacks

b) use two GRE/IPSec tunnels and have two static routes for destination IPSec endpoints one via link1 one via link2.

Also the routing of the remote site prefixes require to use both GRE tunnels

For internet access you can use PBR (Policy Based Routing) and set the outgoing interface based on source address

PBR uses route-maps for doing its job.

the PBR has to be applied on the interface(s) that receives the traffic to be redirected

if directly connected:

int vlan x

ip policy route-map to_link1

int vlan y

ip policy route-map to_link2

route-map to_link1 permit 10

set ip interface link1

route-map to_link2 permit 10

set ip interface link1

otherwise use ACLs to define source addresses to be redirected and use a two blocks single route-map,

first block will match source addr vlan x and set outgoing interface to link1

second block will match source addr vlan y and set outgoing interface to link2

Hope to help

Giuseppe

0 Helpful

Tahir Ali
Level 1
Level 1
In response to Giuseppe Larosa

‎09-01-2008 04:04 AM

thanks Giuseppe,

We have implemented the route maps and in it we have put the next hop for both the interface as the SP gateway IPs respectively. We are also implementing static nat that is my incoming interface ips are statically natted to public ip for both the internet links.

The question is that since we have applied both the route-map to the in comming interface for that link and also the ip nat inside then which will be processes first by the router?

I am asking this because we have a strange problem with the link. It continously pings with perfect delay, but all of a sudden we get the request timed out then again it pings.

If we remove the link and test the link by terminating it on the ISA server. It works perfectly fine. We also have removed tunnel but still the links is flapping. Can u get the issue?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card