I have a scenario where there are users on two sites with thier own internet connectivity. Recently one of the ISPs had a significant outage, and therefore the users lost access.
Is there anyway to detect such an outage, and re-route traffic through a WAN link to make use of the alternative internet connection on another site?
The two internet connections are via different service providers, and have PA addressess, I am not and can not run BGP. There are no incomming services with these links, they are purely used for user access to the internet.
I have attached a simplified diagram, which may assist the explanation.
One option can be to implement Optimized Edge Routing. It can detect outages and reroute traffic.
The clients on the local lan should have the router as a default gateway, thet can reroute traffic over the WAN link when there is a problem.
I feel you can run routing protocol between the locations which can redistribute the default route to the neighbor which can be considered as a secondary route when compared to static pointing via the respective ISP.
Also once the ISP goes off you have the valid secondary route learned via the other location which can be used to go out and reach the external world.
But this is effective when you can do some kinda Natting on both the routers so that you can make use of your local ip pools which will be convinient while having internal routing protocol between ur locations..
I assume we're talking about firewalls here? Take a look at PIX/ASA 7.x Dual ISP.
Yes, Cisco PIX devices, the provided link looks good, but the example has two internet links to the same firewall/site. I'll read around the subject to see if there is a way to do what I want.
Mark, yes in that example both links are connected to the firewall. What is the site to site link connected to? Is there an inside router? If so you could run Static Routing Backup with Object Tracking.
This is essentially what Dual ISP is on the PIX/ASA.
The site link is a 100 Mbps Ethernet. At the moment inter site routing is actualy performed by the firewall. I am intending to change that to either a Layer3 switch, or a router, depending upon requirements for the soultion.
I understand would need to implement some form of dynamic routing. The issue as I see it is to inform the router when the link goes down, as the firewall itself has not failed.
As for the natting, that shouldn't be an issue, I would just NAT all inside addresses to the outside interface of the firewall.
"I understand would need to implement some form of dynamic routing."
-Dynamic routing is not needed in the link I posted.
"The issue as I see it is to inform the router when the link goes down, as the firewall itself has not failed."
-The ip sla process will ping a specified host, when the ping fails the track will go down. This is how the router is notified.
Sorry, I got mixed up with replies.
The diagram I posted is simplified, as there are a number of VLANs on each site, currently routed through the firewall. This is causing a number of management issues, therefore moving the routing onto a Layer 3 switch or similar is in plan.
The Object Tracking solution looks promising, do you know if it is supported on 3560/3750 devices?
3560 I know for sure it is not, as I also wanted to run it on there. Object tracking is supported on Cisco 3750 starting with 12.2SE. Why not just put the site to site router off of the pix?