Problema con Load Balancing

Unanswered Question
Mar 22nd, 2012

Buenos dias a todos, estoy queriendo implemantar un load-balancing con dos conexiones a internet en un mismo router cisco 2921. El escenario es que tengo en mi lan varias sub redes que necesito que las mismas salgan a internet por cada uno de los enlaces existentes(una red lan por una wan-ISP1 y la otra red lan por la otra wan que conecta al otro ISP) . He leido el siguiente documento http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml,

sin embargo no funciona lo que necesito..he realizado algunos cambios en la configuracion pero no tengo el resultado que necesito, les envio la configuracion:

Building configuration...

Current configuration : 3405 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

!

no aaa new-model

memory-size iomem 15

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

crypto pki trustpoint TP-self-signed-2109499766

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2109499766

revocation-check none

rsakeypair TP-self-signed-2109499766

!

!

crypto pki certificate chain TP-self-signed-2109499766

certificate self-signed 01

  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32313039 34393937 3636301E 170D3032 30333031 30343134

  33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31303934

  39393736 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100A693 A491E1D4 03659CB0 50D7B740 7C6E55B3 FACB4A93 C1169B69 E6C9DAB2

  BB2541A2 FF873F4C E17A7F4D 235D890E D9F9D913 BF71C86F E758A6BD 51C1298E

  B5BFB75D 6E013AAA 733BB729 652BE218 8D9851BC E51D37B5 3B078808 DE1D3C13

  65471D2C E5D448F8 31FBCA3E 99B48E3D 3A6433C5 F8C0CDE4 3E8F202F AFC9F554

  A2710203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603

  551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 CF7B5E82

  3543B88F 86BC4183 CD36068B 7B10B715 301D0603 551D0E04 160414CF 7B5E8235

  43B88F86 BC4183CD 36068B7B 10B71530 0D06092A 864886F7 0D010104 05000381

  81009E27 95B596C5 80B59BAE 92EF3551 56CB874F EB4F2281 FB50912F 6B67DB61

  50AAEE52 C3AD0B56 D4854CFA 9049C6F1 4C001708 6702D313 9F88A040 58538CAE

  6941FCF9 A8922A9F 96EFB361 E375155C 8EB6D0B8 9476D86F 752EBE24 D6CF9D8D

  88397B5B BF0D8181 5F10F509 1C1EA505 0DE5D4DE F2C066BC 5D5CD220 FC16C922 8147

  quit

!

!

!

!

!

!

interface Ethernet0/0

description WAN1

ip address 1.1.1.1 255.255.255.224 (ip de ejemplo,aca hay ip publicos)

ip nat outside

ip virtual-reassembly

no ip route-cache cef

full-duplex

!

interface FastEthernet0/0

no ip address

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.250.8 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 172.16.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Ethernet1/0

description Enlace WAN2

ip address 2.2.2.2 255.255.255.252 (ip de ejemplo,aca hay ip publicos)

ip nat outside

ip virtual-reassembly

no ip route-cache cef

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Ethernet1/0

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

!

ip http server

ip http secure-server

ip nat inside source route-map WAN1 interface Ethernet0/0 overload

ip nat inside source route-map WAN2 interface Ethernet1/0 overload

!

access-list 110 permit ip 192.168.250.0 0.0.0.255 any

access-list 120 permit ip 172.16.21.0 0.0.0.255 any

route-map WAN1 permit 10

match ip address 110

match interface Ethernet0/0

!

route-map WAN2 permit 20

match ip address 120

match interface Ethernet1/0

!

!        

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login

line vty 5 15

privilege level 15

login

!

end

Router#

Router#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 1 subnets

C       172.16.21.0 is directly connected, FastEthernet0/0.20

C    192.168.250.0/24 is directly connected, FastEthernet0/0.10

     165.98.0.0/16 is variably subnetted, 2 subnets, 2 masks

C       165.98.80.168/30 is directly connected, Ethernet1/0

C       165.98.80.64/27 is directly connected, Ethernet0/0

S*   0.0.0.0/0 is directly connected, Ethernet1/0

               is directly connected, Ethernet0/0

Router#sh ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

icmp 165.98.80.170:1   172.16.21.2:1      165.98.80.169:1    165.98.80.169:1

icmp 165.98.80.170:1   172.16.21.2:1      165.98.208.35:1    165.98.208.35:1

con ambas rutas estaticas, funciona inestablemente es decir puedo salir desde una lan a internet y desde la otra no, no me funciona lo que quiero....agradeceria su valiosa ayuda para resolver este problena....saludos cordiales....

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
marimuno Tue, 03/27/2012 - 09:34

Hola,

Tu configuración es correcta, solamente falta el indicarle por donde deben de salir los paquetes de cada subred usando otro route-map. Te dejo la configuración para esto, solo necesitas la dirección del siguiente salto en el ISP. O lo puedes intentar poniendo la interfaz de salida. Use las mismas access-list y se enruta con el route-map.

Interfaces:

interface FastEthernet0/0.20

encapsulation dot1Q 10

ip address 172.16.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map PBRWAN2

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.250.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip policy route-map PBRWAN1

Los nuevos route maps:

route-map PBRWAN1 permit 10

match ip address 110

set ip next-hop 1.1.1.2 (ip publica del ISP)

!

route-map PBRWAN2 permit 10

match ip address 120

set ip next-hop 2.2.2.1 (ip publica del ISP)

El resto sería igual. Te dejo esta documentación por si tienes dudas con los route-maps:

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr.html

Actions

Login or Register to take actions

This Discussion

Posted March 22, 2012 at 9:09 AM
Stats:
Replies:1 Avg. Rating:
Views:1378 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard