regarding NAT and Load-balancing

Unanswered Question
Jul 2nd, 2010

Hi All,

I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .

Thanks

Taran

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Mon, 07/05/2010 - 22:22

You need to use PBR concept in order to achieve load balancing. As a first step, you need to determine which traffic goes through which ISP. Once you determine that, you can write an access-list to match interesting traffic. Then you need to write a route-map to set the next hop for that traffic.

Example:

Let us assume that you want to send all HTTP traffic through ISP 2 and all other traffic through ISP 1. Then your configuration on the router looks something like below:

IP route 0.0.0.0 0.0.0.0

IP route 0.0.0.0 0.0.0.0

access-list 101 permit tcp any any eq 80

route-map ISP2 10

match ip address 101

set ip next-hop

interface

ip policy route-map ISP2

The above configuration will ensure that all your outbound HTTP traffic goes over ISP2 link while rest of the traffic will go over ISP1 link. If your ISP has given you a pool of addresses to use on your firewall and have assigned a seperate IP address pool for the link between your router and the ISP, then you can do the NAT on the firewall itself and then write the access-list based on the Public IP addresses. If you are sharing the same range of usable addresses on your ISP links, you could do the NAT on eithre the firewall or the router. If you are doing it on the firewall, make sure that routr is not doing the RPF check. Hope this helps.

Ganesh Hariharan Mon, 07/05/2010 - 22:52

Hi All,

I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .

Thanks

Taran

Hi Taran,

As suggested by Nagaraj Route map will do the load balancing of isp traffic with natting configuration on router, for load balancing you can use 2 default routes each pointing a different ISP as next-hop. Because of their admin distances will be same so your outgoing traffic will be load balanced between two ISP. After that you can use nat with route maps. This makes router to decide which "nat overload" statement will be used based on next-hop.

ip nat pool provider1-space ...

ip nat pool provider2-space ...

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool provider2-space

route-map provider1-map permit 10

match ip address 1

match interface E1  -> your int. that goes to ISP1

route-map provider2-map permit 10

match ip address 1

match interface E2 -> your int. that goes to ISP2

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

tarnhundal Wed, 07/07/2010 - 02:19

Hi Ganesh,

Thanks for reply.I am also plannning this solution but I think if I wll add interface rather than public pool from isp and also will add SLA then i think it wll load balance . what u say ??

Thanks

taran

Ganesh Hariharan Wed, 07/07/2010 - 02:33

Hi Taran,

You are right best recommended to have ip address configured insipte of

interface with sla configured for automatic failover without manual

intervention.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

tarnhundal Wed, 07/07/2010 - 02:40

Hi Ganesh,

Let me check this scenario on this upcoming Saturday or Sunday. Then I wll give you the results.

Thanks

Taran

Nagaraja Thanthry Wed, 07/07/2010 - 06:03

SLA configuration is typically used for redundancy purposes. You can certainly use the SLA to ensure that if one of the ISP goes down, other will take over. But for load balancing, you still need to do the configuration manually. You need to identify interesting traffic and then force it to go via one of the ISP. Rest of the traffic will go via the other ISP. If you are running running a dynamic routing protocol (like EIGRP) with both ISP's, then the routing protocol will take care of the load-balancing part.  Hope this helps.

Regards,

NT

tarnhundal Sun, 07/11/2010 - 07:15

Hi ALL,

I have tried this stuff with route-maps and  access-lists but there is one problem which I am getting that is I have  two different public IP pool and also different Name servers . It means I  have to create lot of route maps statements because I have done static  NAT previously , I can not do NAT with the total LAN pool.

What  you say ??

Thanks

Taran

Ganesh Hariharan Sun, 07/11/2010 - 22:22

Hi ALL,

I have tried this stuff with route-maps and  access-lists but there is one problem which I am getting that is I have  two different public IP pool and also different Name servers . It means I  have to create lot of route maps statements because I have done static  NAT previously , I can not do NAT with the total LAN pool.

What  you say ??

Thanks

Taran

Hi Taran,

Can you elobarate more what exactly is the issue are you facing.

Ganesh.H

tarnhundal Mon, 07/12/2010 - 00:10

HI Ganesh,

As you know I have 2 ISPs and connected to same router . Both ISP provide different public IP pool and DNS servers for internet connectivity , now my requirement is that half of traffic will go on one interface and half on other int and in present scenario I have implemented static NAT .plz help me to sort out this issue.

Thanks

Taran

Alen Danielyan Thu, 07/22/2010 - 02:48

Just add static routes to the DNS servers (to provide each DNS traffic to be sent via respective ext. interface), and everything will work fine.

Mohamed Sobair Thu, 07/22/2010 - 04:06

Taran,

For your Static Nat , I am afraid that you dont have the option of loadbalancing, with Static Nating it should only traverse the desired ISP link , if its down your static Nat wont work.

HTH

Mohamed

tarnhundal Fri, 07/23/2010 - 00:25

Hi

You are totally right ? I am also confuse about the exact solution . SO what you say about the right solution ? I am thinking to create two route-maps with matching LAN ACL and also the WAN int within the route-map then same will be to other route-maps  Now both route-maps will be called to NAT. But I am not sure about it !

Thanks

taran

Mohamed Sobair Fri, 07/23/2010 - 04:52

Taran,

what you are saying is correct, however, I would suggest you also to implement IP Sla for both ISPs, this will ensure you have redundancy and loadbalancing in place as well.

HTH

Mohamed

tarnhundal Fri, 07/23/2010 - 07:32

HI ,

I am also considering SLA but I am not implementing it because I am doubtful about it , will this work or not ?

Thanks

Taran

Actions

This Discussion