BGP, NAT, Redundancy and VOIP traffic on a Router 2821

Unanswered Question
Jul 6th, 2009
User Badges:

Hi all,


I'm trying to know, how can I do NAT portmap-based for a group of Asterisk-based VoIP servers, on the inside interfaces of the router, with multiple Internet links.


I have a dual-ISP connection, on a Cisco 2821 with the IOS 14.4(15)T and two HWIC-4ESW. Two default routes are applied. Services (WEB, VOIP, DNS) have been isolated in different vlans.


Each server will have two public IP address and one private address. So, external clients on Internet will have two paths for each server. In the event that one fails, the other takes the entire load. In this case, how BGP4 can improve the efficiency and redundancy of the network? What attributes help?


what type of QoS I can put on the router, in order to ensure SIP and RTP traffic flows?

and What routing best practices can be implemented?


If I install a DNS Server with local IP address, on the inside zone of the network, that serves queries for external clients, the DNS response must be to a Global IP address or may be to a local IP address?



Thanks for all.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 07/09/2009 - 09:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Peter,


>> Each server will have two public IP address and one private address


you probably need PBR policy based routing that allows you to route outbound based on source address applied inbound on internal vlan interfaces.


BGP by itself cannot route based on source address. BGP can be used to influence return path but likely you have one IP address pool from provider A and one address pool from provider B or you have divided your own IP address blocks in two halfs (in this last case BGP can be helpful)


for PBR you can have a look at:


http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_prb_mult_track_ps6017_TSD_Products_Configuration_Guide_Chapter.html


About DNS:

the external clients should look for the ip address of your servers contacting their DNS that then can contact your public DNS server.


if you are going to use NAT and BGP combined the config will be complex and interaction with DNS has to be considered


Hope to help

Giuseppe




petero007 Mon, 07/13/2009 - 12:37
User Badges:

Hi Giuseppe,


You have right on this >>you probably need PBR policy based routing that allows you to route outbound based on source address applied inbound on internal vlan interfaces.


I have actually doing this. I create one route-map for ISPs exit, that match servers IP address and route them throught the same inbound flow traffic.


But I have a lot of questions about this particular topology design and his network configuration.


|||||ISP_A||||| |||||ISP_B|||||

200.100.50.1/28 50.100.200.1/29

. .

. .

. .

G0/0:200.100.50.2/28 |||||R2821||||| G0/1:50.100.200.2

VLAN10 VLAN20

STATIC NAT

200.100.50.3 --> 172.16.10.100 50.100.200.3 --> 172.16.10.101

200.100.50.4 --> 172.16.20.100 50.100.200.4 --> 172.16.20.101

. .

. .

. .

(sip.dmn.com) (ns.dmn.com)

|||||VoIP Server||||| |||||DNS Server|||||

eth0:172.16.10.100/24(sip1.dmn.com) eth0:172.16.20.100/24(ns1.dmn.com)

eth1:172.16.10.101/24(sip2.dmn.com) eth1:172.16.20.101/24(ns2.dmn.com)


Note: The IP adressess and domains has been changed, but VLANs and netmask still be the same.


First: DNS Server Multihomed Configuration

I consulted three books about DNS, and still not find anything similar. So, multihomed DNS server configuration isn't work yet. I can reach the DNS Server through both ISPs. I can actually ping with an external client to:


ns.dmn.com OK

ns1.dmn.com OK

ns2.dmn.com OK

sip.dmn.com Don't work

sip1.dmn.com OK

sip2.dmn.com OK


Second: BGP Protocol

I know that BGP by itself cannot route based on source address, and can be used to influence return path, but at this point, BGP can really help in redundacy and optimization of this network? if so, what is the recommended way to implement it?


Third: NAT Multihomed

Given the limited space in each ISP pool, would help implement NAT port forwarding to the server farm. Again, what is the recommended way to implement it?

I readed this article and I didn't understand the last topic "Single NAT to Multiple ISPs"

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml


Thanks a lot.

petero007 Mon, 07/13/2009 - 12:39
User Badges:

Hi,


I tried to post the topology with ASCII, but didn't work.


Sorry.

Actions

This Discussion