regarding NAT and Load-balancing

Unanswered Question
Jul 2nd, 2010
User Badges:

Hi All,


I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .



Thanks

Taran

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Mon, 07/05/2010 - 22:22
User Badges:
  • Cisco Employee,

You need to use PBR concept in order to achieve load balancing. As a first step, you need to determine which traffic goes through which ISP. Once you determine that, you can write an access-list to match interesting traffic. Then you need to write a route-map to set the next hop for that traffic.


Example:


Let us assume that you want to send all HTTP traffic through ISP 2 and all other traffic through ISP 1. Then your configuration on the router looks something like below:


IP route 0.0.0.0 0.0.0.0

IP route 0.0.0.0 0.0.0.0


access-list 101 permit tcp any any eq 80



route-map ISP2 10

match ip address 101

set ip next-hop


interface

ip policy route-map ISP2


The above configuration will ensure that all your outbound HTTP traffic goes over ISP2 link while rest of the traffic will go over ISP1 link. If your ISP has given you a pool of addresses to use on your firewall and have assigned a seperate IP address pool for the link between your router and the ISP, then you can do the NAT on the firewall itself and then write the access-list based on the Public IP addresses. If you are sharing the same range of usable addresses on your ISP links, you could do the NAT on eithre the firewall or the router. If you are doing it on the firewall, make sure that routr is not doing the RPF check. Hope this helps.

Ganesh Hariharan Mon, 07/05/2010 - 22:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi All,


I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .



Thanks

Taran

Hi Taran,


As suggested by Nagaraj Route map will do the load balancing of isp traffic with natting configuration on router, for load balancing you can use 2 default routes each pointing a different ISP as next-hop. Because of their admin distances will be same so your outgoing traffic will be load balanced between two ISP. After that you can use nat with route maps. This makes router to decide which "nat overload" statement will be used based on next-hop.


ip nat pool provider1-space ...

ip nat pool provider2-space ...

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool provider2-space


route-map provider1-map permit 10

match ip address 1

match interface E1  -> your int. that goes to ISP1


route-map provider2-map permit 10

match ip address 1

match interface E2 -> your int. that goes to ISP2


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

tarnhundal Wed, 07/07/2010 - 02:19
User Badges:

Hi Ganesh,


Thanks for reply.I am also plannning this solution but I think if I wll add interface rather than public pool from isp and also will add SLA then i think it wll load balance . what u say ??




Thanks

taran

Ganesh Hariharan Wed, 07/07/2010 - 02:33
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Taran,


You are right best recommended to have ip address configured insipte of

interface with sla configured for automatic failover without manual

intervention.


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

tarnhundal Wed, 07/07/2010 - 02:40
User Badges:

Hi Ganesh,


Let me check this scenario on this upcoming Saturday or Sunday. Then I wll give you the results.


Thanks

Taran

Nagaraja Thanthry Wed, 07/07/2010 - 06:03
User Badges:
  • Cisco Employee,

SLA configuration is typically used for redundancy purposes. You can certainly use the SLA to ensure that if one of the ISP goes down, other will take over. But for load balancing, you still need to do the configuration manually. You need to identify interesting traffic and then force it to go via one of the ISP. Rest of the traffic will go via the other ISP. If you are running running a dynamic routing protocol (like EIGRP) with both ISP's, then the routing protocol will take care of the load-balancing part.  Hope this helps.


Regards,


NT

tarnhundal Sun, 07/11/2010 - 07:15
User Badges:

Hi ALL,


I have tried this stuff with route-maps and  access-lists but there is one problem which I am getting that is I have  two different public IP pool and also different Name servers . It means I  have to create lot of route maps statements because I have done static  NAT previously , I can not do NAT with the total LAN pool.

What  you say ??



Thanks

Taran

Ganesh Hariharan Sun, 07/11/2010 - 22:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi ALL,


I have tried this stuff with route-maps and  access-lists but there is one problem which I am getting that is I have  two different public IP pool and also different Name servers . It means I  have to create lot of route maps statements because I have done static  NAT previously , I can not do NAT with the total LAN pool.

What  you say ??



Thanks

Taran


Hi Taran,


Can you elobarate more what exactly is the issue are you facing.


Ganesh.H

tarnhundal Mon, 07/12/2010 - 00:10
User Badges:

HI Ganesh,


As you know I have 2 ISPs and connected to same router . Both ISP provide different public IP pool and DNS servers for internet connectivity , now my requirement is that half of traffic will go on one interface and half on other int and in present scenario I have implemented static NAT .plz help me to sort out this issue.




Thanks

Taran

Alen Danielyan Thu, 07/22/2010 - 02:48
User Badges:

Just add static routes to the DNS servers (to provide each DNS traffic to be sent via respective ext. interface), and everything will work fine.

Mohamed Sobair Thu, 07/22/2010 - 04:06
User Badges:
  • Gold, 750 points or more

Taran,


For your Static Nat , I am afraid that you dont have the option of loadbalancing, with Static Nating it should only traverse the desired ISP link , if its down your static Nat wont work.



HTH

Mohamed

tarnhundal Fri, 07/23/2010 - 00:25
User Badges:

Hi


You are totally right ? I am also confuse about the exact solution . SO what you say about the right solution ? I am thinking to create two route-maps with matching LAN ACL and also the WAN int within the route-map then same will be to other route-maps  Now both route-maps will be called to NAT. But I am not sure about it !


Thanks

taran

Mohamed Sobair Fri, 07/23/2010 - 04:52
User Badges:
  • Gold, 750 points or more

Taran,


what you are saying is correct, however, I would suggest you also to implement IP Sla for both ISPs, this will ensure you have redundancy and loadbalancing in place as well.



HTH

Mohamed

tarnhundal Fri, 07/23/2010 - 07:32
User Badges:

HI ,


I am also considering SLA but I am not implementing it because I am doubtful about it , will this work or not ?



Thanks

Taran

Actions

This Discussion