Internet Automatic Backup Routing

Unanswered Question
Feb 14th, 2009
User Badges:

Hi,


We have two Internet connectivity in our office. One is through Leased line and other through Business ADSL line. Right now we are routing the Internet traffic manually through policy based routing in L3 Core Switch and NaTing through both the PIX. Now we are planning for automatic backup routing by using these two lines. What is the procedure to do this? Please fine below the existing setup,


Internet Leased line setup:-

================================


LL Modem ----> Internet Leased Router -----> Cisco PIX ---> Cisco Core L3 Switch -----> Users/Servers connected


Business ADSL Setup:-

=============================


ADSL Router -----> Cisco PIX ---> same Cisco Core L3 Switch -----> Users/Servers connected.


Regards,

Vidhu


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 02/15/2009 - 00:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vidhu,

being the PIX in the middle the L3 core switch should have some form of L3 communication with the Internet Leased Router via the PIX.


This is under the assumption that you can control and configure the Internet leased router.

If both ADSL router and Internet Leased Router were not controlled by you I'm afraid that nothing can be done.


It is also possible to configure the PIX to manage the alternate routing but again some config on the leased line router is needed.

What if the Leased line router is up but the leased line is down ?

This is the event that dynamic routing can manage and static routing cannot.


the Internet leased router should generate a default route in BGP or in a routing protocol only if the leased line is up and running.


See for example of routing with PIX


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809a417a.shtml


the internet leased router can use


ip route 0.0.0.0 0.0.0.0 ser0


router ospf 10

network 10.0.0.0 area 0

default-information originate metric-type 1

!


without the always keyword the router should generate a default route only until its own static default route is valid.


A further tuning could be that of using reliable static routing to be able to trace public ip next-hop reachability on the leased line.

see


http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html


the PIX taking part in OSPF domain can pass the default route to the L3 core switch.


if the ADSL router is capable of OSPF routing it can inject a default route with worse parameters (metric-type 2 is never preferred over type 1)


Some thought can be needed to perform NAT correctly


Hope to help

Giuseppe


orbitbahrain Sun, 02/15/2009 - 01:21
User Badges:

Hi,


Thanks for your quick reply. Let me explain our setup in detail. Both the Internet links are connected through two different Routers and two PIX which is finally terminating in one L3 switch. From your solution, I think TRACK OBJECT solution will be a good. But I dont have any idea of how track object works in our scenario. Right now, default route in L3 switch is point to the Leased line PIX and we have route map configuration in L3 done for ADSL Internet routing for some VLAN's access-list, if Leased line is down, I manually route this through ADSL, by adding these VLAN's Ip over ADSL routemap. Now as you instructed I need this done automatic through TRACK object.

Mohamed Sobair Sun, 02/15/2009 - 00:57
User Badges:
  • Gold, 750 points or more


Hi,


Could you explain more about the physical connectivity.


How currently the (Internet Leased lint setup) Interconnected with (Business ADSL setup)?


which Automatic Backup are you considering? The WAN link or the LAN link? There are multiple ways to achieve redundancy here based on your criteria.



HTH

Mohamed

orbitbahrain Sun, 02/15/2009 - 01:46
User Badges:

Hi,


Please find attached our Internet setup diagram. We are looking out for WAN link backup.


Regards,

Vidhu

Giuseppe Larosa Sun, 02/15/2009 - 02:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vidhu,

I see there are actually two PIX firewalls one towards the leased line and one towards the DSL line.

This probably helps in doing NAT.


If you control the leased line router and the ADSL line router the solution I've suggested can work.

The idea is to have a routing protocol like OSPF to propagate default route information from leased line via pix leased to L3 core switch.

A worse default route can be propagated by the DSL line router via pix DSL to the L3 core.


the leased line router needs to verify the validity of its own default static route using object tracking.


for the object tracking configuration see section


Configuring Cisco IOS IP SLAs for Cisco IOS Release 12.3(14)T, 12.4, 12.4(2)T, and 12.2(33)SXH


in


http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html


A simpler solution that can be working also is that of using reliable static routing directly on the L3 core switch.


Hope to help

Giuseppe


orbitbahrain Sun, 02/15/2009 - 06:15
User Badges:

Hi,


Sorry for my late reply. Please find attached our existing L3 Core Switch configuration (route map + routings). Other then this, we have configured NATing for these networks through both PIX firewall. Please help us in configuring TRACK OBJECT for this setup/configuration.


Regards,

Vidhu



Mohamed Sobair Sun, 02/15/2009 - 04:26
User Badges:
  • Gold, 750 points or more

Vidhu,


Adding to GUI's post, Reliable static route with Object tracking is one solution.


Both L3 Switches should have 2 Uplinks to every pix, As well as every pix should have 2 uplinks toward both routers, Both could apply Object tracking with reliable static routing.


Another option is to configure OSPF between the Upstream Routers and the Pixs. and have one of them to learn 2 default routes. this would gurantee load sharing and redundancy


However, There is still a single point of failure on the upstream link from the Internet routers toward their Internet providers. The Best approach is to Have IBGP to connect ur both Edge routers. Assuming u have EBGP between u and both Provider, you could also then look at BGP load sharing with different Service providers.



HTH

Mohamed

Actions

This Discussion