Preferential Routing

Unanswered Question


I have two SPs on my network . From SP_A i am taking STM-1 and from SP_B its DS3. Now my company doesnt have Service Provider independent public addresses. 

I want to use STM-1 from SP_A as the primary link in case if this goes down then only traffic should come via SP_B.

I have 10 webserver which are being accessed by external internet users.

What i am planning to do static NAT for all these 10 webserver to both the SP's public addresses.

i.e.     LAN IPs              SP_A               SP_B

Server-1         X.X.X.1          Y.Y.Y.1

Server-2         X.X.X.2          Y.Y.Y.2

likewise for rest 8 servers.

Now i want preference via  SP_A link to access these 10 server , do i have to do something on DNS servers ? if yes then DNS server of my company or DNS server of SPs ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Marwan ALshawi Sun, 08/14/2011 - 04:53

Hi Neo,

first of all how do you exchange the routing with your ISPs is it BGP ?

and from my undestanding is that you have serverfarm and those servers have public IPs from ISPA and diffrent IPs from ISPB

with DNS it can be done but not very experieinced with it howevr have a look at the bellow  link, but the ISP DNS could do it in addition to your DNS

also when you do static nat with diffrent public IPs using same source IP over diffrent exit interfaces try to use a route-map that match the exit interface per NAT statment


route-map ISPA
match interface fa1/1

route-map ISPB
match interface fa2/1

ip nat inside source static route-map ISPA
ip nat inside source static route-map ISPB


if helpful Rate

Mohamed Sobair Sun, 08/14/2011 - 08:27


From what I understood and based on your description, those webservers will be assigned public IP's from ISP A segment.

In this case, its certainly not possible because when the primary link goes down, then a manual intervention is needed to change the DNS entry on the dns server (the A records).

All solutios talks about IOS NAT loadbalancing and redundancy when you have NAT , and this is certainly possibly. But the problem comes when you have static webservers or email server reside inside your network that needs DNS records.

I have one solution though, it's basically a device that do inbound/outbound redundancy and loadbalancing , it's also works as an authoritative dns server so all your mapping and dns records are configured on this device.

Are you willing to purchase a nother device?

Please see below link :



Sent from Cisco Technical Support iPhone App

Marwan ALshawi Sun, 08/14/2011 - 16:19

Hi Mohamed

why it is not possible to have redundant DNS entry ( multiple IPs per DNS name ) ?

i beleive it is one of the loadbalancing and redundancy methods of haveing multiple Datacenters and servers which is geeogrphiucaly located for redundancy and load sharing

such as The Cisco ACE GSS 4400 Series Global Site Selector (GSS), or on the server or application level too

- Neo ,  

here is a gudie that might be useful to have a look at, and consider the NATing example provided above too

Configure ISP Redundancy— Step by Step


pls rate the helpful posts

Mohamed Sobair Sun, 08/14/2011 - 16:59


If the traffic is normal Internet traffic, then iOS NAT loadbalancing and redundancy would suffice.

However, if you have Webservers that needs (a records) on the ISP Dns server, then its not possible. The reason is because only ONE a record (name to ip address mapping) can be created at a time. If the main ISP link goes

Sent from Cisco Technical Support iPhone App

Mohamed Sobair Sun, 08/14/2011 - 17:10

Sorry to continue,

If it's down , then the outside world would still point to the same ISP resulting in a packet being eventually dropped.

Unlike MX records which is used for exchange servers, you can have multiple entries per ip address with different priorities. But with webservers ,this is not possible.

If you have setup or worked on DNS servers , it should be known. hence,I have proposed different approach.

Unfortunately,, your suggestion of using ACE is not applicable and wouldn't be a solution for him as he is not looking for application redundancy as much as DNS issue.

I hope this clarifies my point



Sent from Cisco Technical Support iPhone App

Latchum Naidu Mon, 08/15/2011 - 03:57

Hi Neo,

I would suggest you to have two DNS records for high availability purpose. I have the same kind of setup and working fine without any issues.
There is some kind of priority set in the DNS record like primary ISP_A and if primary down secondary ISP_B will take the path. This is like A record priority.

Please rate the helpfull posts.

Marwan ALshawi Mon, 08/15/2011 - 08:23

Thanks Naidu 5+ to confirm this setup as i was thinking it can be done this way but never done this way before  thats why i was not sure 100%

in this case Neo you need to get you DNS setup in the right way first then have your NATing configured using the example above

good luck

pls rate the helpful posts

Latchum Naidu Mon, 08/15/2011 - 23:17

Hi Marwan,

You are most welcome and Yes that should work for Neo.
He need to make sure the below things...

1. Nating needs to be done individually with two different public IP's (Say in my case I have two Firewalls active/standby and a DMZ server have nated with different IP's (ISP_1 & ISP_2) in two Firewalls like below...

static (inside,outside) netmask --->Firewall 1 --->ISP-1
static (inside,outside) netmask --->Firewall 2 --->ISP-2

2. Neo need to contact his ISP who managing his A records and ask them to creat redundant A record by giving priority to IP which learning from his ISP-1

So that if the priority IP which learning through ISP-1 is unreachable then the second one which learning through ISP-2 will start resolving and take path.

Neo, Hope the above will be understand and clear you...

Gud luck
Please rate the helpfull posts.

Hi Mohamed / Naidu / Marwan,

Thanks for your valuable time on replying. After going through your posts , i did my search as well and after going through this URL . Mohamed is some what right about publishing multiple IP address pointing to single Domain name that it may cause problem when the link is down.

                                        But then for how long that website will be down depends on the TTL configured , so

Naidu / Marwan are also right that it is somewhat workable solution but for small enterprises.

thanks again all for your valuable contribution .




This Discussion