Well the addresses that are on the load balancer are all publicly routable addresses. The load balancer really does nothing more than allowing all of our traffic in and out. The 2.2.2.0 and 3.3.3.0 are natted in the current device, so I figured I'd have to nat on the router for those subnets as well.

It doesn't load balance in the traditional sense; it's just where our internet connections terminate.

-John

Ah okay. Do you know if the load-balancer has 3 separate interfaces then, one for each network or whether it is just interface.

Are the 3 different ISP's responsible for the 3 different IP ranges because it's still not clear how these links from the ISP to the load-balancer works in terms of addressing.

I ask because you may well not need a router. If it is just a question of NAT you could just use your firewall.

Congrats on the new star by the way :-)

Jon

Thank you! It made my day ;-)

It's a Fatpipe, and it has 3 separate NICs. We do have 3 different ISPs coming into it. We possibly could use the firewall, but it's not Cisco unfortunately, so I'm not sure how to set it up.

--John

If it has 3 separate NIC's then i think you are right to go with the router but i'm not sure how the router will utilise all the links. I suspect your fatpipe is doing more than just terminating the links.

The 1.1.1.0/2.2.2.0/3.3.3.0 networks - are they used to present internal addressing to the Internet for servers that people off the Internet access ?

When your users go out to the Internet which of the above networks do you use to NAT their source IP addresses - assuming you are using private IP addressing internally.

Jon

They go out 1.1.1.0, and the firewall actually does that natting outbound. All of our locations come through us for internet access. We can force connections out any one of those links in the fatpipe, but I don't think I'm going to be able to do that in the Cisco (aside from PBR).

This isn't meant to be a total replacement, but it's more of a "in the meantime" interim replacement until we got a replacement load balancer should that one go down. I wouldn't be as concerned about internet traffic out as I am with connections coming in from the outside.

--John

Sorry not trying to be clever or difficult but i am still not understanding what the 2.2.2.0/3.3.3.0 networks are used for. If all outbound traffic is Natted to 1.1.1.1 then unless you are using 2.2.2.0/3.3.3.0 to NAT internal servers why do you need to NAT them at all for this temporary solution.

Jon

1.1.1.0 is our main internet connection

2.2.2.0 is our "backup" internet connection (but we have dns pointing to this block as well)

3.3.3.0 is our "backup-to-the-backup" and it's primarily for a certain department to use.

The fatpipe has all three public addresses on three different interfaces. The primary lan interface is on the 1.1.1.0 subnet. When I force traffic out 1.1.1.0 network, then I tell it not to NAT, but when I force traffic out the 2.2.2.0 network, I tell it to NAT.

You're not being difficult. =)

--John

Yeah, I'm hoping never to have to use it. I'm sure once I tell them that this looks like the plan, we'll schedule an outage on the weekend to test it.

Thanks again Jon!

John