2 Default Routes in a single router with 2 ISP

Unanswered Question
Nov 25th, 2008
User Badges:

using a 7206 router with 3 FastEthernet ports. For port 1 - ISP1, port 2 - ISP2, port3 - connected to 3524XL switch. To separate each Public LAN IP i created 2 VLANs. My question now, how could I forced each subnet to go to its corresponding ISP. I know that creating 2 default routes will create conflicts. See below for my current configuration:


7206 Router

------------

interface FastEthernet1/0

description to ISP1-WAN

ip address 203.192.165.x 255.255.255.252


interface FastEthernet2/0

description ISP2-WAN

ip address 61.28.165.x 255.255.255.252


interface FastEthernet3/0.1

description ISP1_Public LAN

encapsulation dot1q 10

ip address 61.14.x.x 255.255.255.128


interface FastEthernet3/0.2

description ISP2_Public LAN

encapsulation dot1q 20

ip address 116.50.x.x 255.255.255.128


0.0.0.0 0.0.0.0 203.192.165.x - to ISP1

0.0.0.0 0.0.0.0 61.28.165.x - to ISP2


What I want to know is that if I connect a 2 PCs with 116.50.x.x subnet and 61.14.x.x subnet and both tried to access the internet at the same time. Will it go to ISP2 default route? or ISP1 ? because both have the same administrative distance so it would create conflicts. How do I resolve this problem ? What would be the best approach to this kind of problem ?






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 11/25/2008 - 23:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

PBR would allow you to do this outbound.


access-list 101 permit ip 116.50.x.x 0.0.0.127 any


access-list 102 permit ip 61.14.x.x 0.0.0.127 any


route-map TOINTERNET permit 10

match ip address 101

set ip next-hop 203.192.165.x


route-map TOINTERNET permit 20

match ip address 102

set ip next-hop 61.28.165.x


int fa3/0.1

ip policy route-map TOINTERNET


int fa3/0.2

ip policy route-map TOINTERNET


Note that this will only guarantee that outbound traffic uses the correct links. How the traffic is routed back is dependant on the ISP routing.


Jon

worldcalltel Wed, 11/26/2008 - 20:49
User Badges:

Hi Jon,


What do you mean, by "how the traffic is routed back is dependent on the ISP routing" ? Does it mean, I have to check this with our providers ? In the command set ip next-hop 61.28.165.x, this will replace the default route command 0.0.0.0 0.0.0.0 61.28.165.x ?

lejoe.thomas Wed, 11/26/2008 - 21:04
User Badges:
  • Silver, 250 points or more

What do you mean, by "how the traffic is routed back is dependent on the ISP routing" ?


Since you have been assigned address blocks from ISP 1 and ISP 2,for example, if you use a host address from ISP 1's address block and use the default gateway from ISP2 to route the traffic (provided ISP 2 will not be filtering the address). In that scenario, traffic will go through ISP 2 and come back through ISP 1, since the source address does not belong to ISP 2's address block. To avoid this kind of asymmetric routing, you need configured policy based routing to set next-hops appropriately based on the source address.


HTH


Lejoe


Giuseppe Larosa Tue, 11/25/2008 - 23:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jaime,

in your case you need to use PBR to force traffic from IP block of provider1 to exit on link to provider1.


you need to apply a route-map on interfaces receiving traffic


access-list 111 permit ip 61.14.x.0 0.0.0.127 any


access-list 112 permit ip 116.50.x.0 0.0.0.127 any


route-map pbr-isp1 permit 10

match ip address 111

set ip next-hop 203.192.165.x


route-map pbr-isp2 permit 10

match ip addr 112

set ip next-hop 61.28.165.x


int f3/0.1

ip policy route-map pbr-isp1


int f3/0.2

ip policy route-map pbr-isp2


This should solve your issue


note: you may want to modify the ACLs to permit to route traffic on the inside for that use some deny statement before the current single statement


Hope to help

Giuseppe


Actions

This Discussion