failover between 2 links

shivathapa · ‎04-26-2009

Dear All,

I have 2 links from 2 different ISP.I have got cisco router in my end.Got 2 interface and in both i have the 2 link connected.

My problem is: whenever one link goes down mainly marked as primary , other marked as secondary should work automatically.

I want of use private ips to my end machines.

How to configure so that the link automatically routes via 2 different links..

Giuseppe Larosa · ‎04-26-2009

Hello Shiva,

the routing part is relative easy and involves the usage of two default static routes the second floating (with a specified AD)

like

ip route 0.0.0.0 0.0.0.0 primary

ip route 0.0.0.0 0.0.0.0 secondary 200

! here that 200 is an AD for the route

! in this way the first is used

The most difficult is to manage NAT multihoming:

each ISP expects you use its own public address block when talking with him

see the following whitepaper about NAT multihoming

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml

you need to create two route-maps in which you check the ip addresses and you set the exit interface

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

route-map NAT-to-ISP1 permit 10

match ip address 101

set interface primary

route-map NAT-to-ISP2 permit 10

match ip address 102

set interface secondary

ip nat inside source route-map NAT-to-ISP1 int primary overload

ip nat inside source route-map NAT-to-ISP2 int secondary overload

You can achieve redundancy, not load balancing

About smarter detection of primary link failure see

reliable static routing

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html#wp1066247

Hope to help

Giuseppe

lamav · ‎04-26-2009

G:

What is the purpose of the set interface command?

Im trying to lab it out, but I need another routed interface on my router and the 3550s I have dont do NATing.

Given the NAT order of operations, a packet received an the inside interface will first get NATed, then routed, so the NAT route map will kick in. Without the set interface command, the packet should still get routed to the exit interface because of the static route. No?

Victor

lamav · ‎04-27-2009

Giuseppe?

Thotsaphon Lueangwattanaphong · ‎04-27-2009

Victor,

Maybe his typo!. (grin)

!

route-map NAT-to-ISP1 permit 10

match interface primary

route-map NAT-to-ISP2 permit 10

match interface secondary

!

When the router looks for NAT statements line by line. That will help the router to correctly do NAT on the correct interface that packets are being sent.

No need to use ACL 101 and 102 in this case.

HTH,

Toshi

Peter Valdes · ‎05-25-2009

Hi All,

This config is great. I'm assuming that the policy is applied on both WAN1 and WAN2?

ip dhcp pool LAN

network 172.16.13.0 255.255.255.0

default-router 172.16.13.1

dns-server 61.88.88.88

lease 7

!

interface FastEthernet0/0

description WAN LINK VLAN 100

ip address 10.0.0.250 255.255.255.0

ip nat outside

ip virtual-reassembly

ip policy route-map NAT-to-ISP1

speed 100

full-duplex

!

interface FastEthernet0/1

description WAN LINK VLAN 200

ip address 10.0.10.250 255.255.255.0

ip nat outside

ip virtual-reassembly

ip policy route-map NAT-to-ISP2

speed 100

full-duplex

!

interface FastEthernet2/0

description LAN LINK

ip address 172.16.13.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 10.0.0.1 10 name PRIMARY

ip route 0.0.0.0 0.0.0.0 10.0.10.1 20 name SECONDARY

!

ip nat inside source route-map NAT-to-ISP1 interface FastEthernet0/0 overload

ip nat inside source route-map NAT-to-ISP2 interface FastEthernet0/1 overload

!

access-list 35 permit 172.16.13.0 0.0.0.255

!

route-map NAT-to-ISP2 permit 10

match ip address 35

match interface FastEthernet0/1

!

route-map NAT-to-ISP1 permit 10

match ip address 35

match interface FastEthernet0/0

!

Thanks