cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1829
Views
0
Helpful
4
Replies

Redundant WAN routers - separate ISP links

boxhallbr
Level 1
Level 1

Hi,

I have an issue with an upcoming project.

Currently we have two routers where both the LAN and WAN interfaces (see attached diagram) are configured using HSRP for failover (see below for config details) with both interfaces being in their own subnet ranges.

In the near future the WAN interfaces on the two routers will be connecting to two separate ISP links that have different IP ranges.  There is a choice of using static routing or BGP with the ISP however, for simplicity, it would be prefered to use static routing.  Also BGP takes 30 seconds to reconverge and it would be preferable if the failover could be quicker.

The idea is to have the links in an active/passive configuration.

Not too sure how the new WAN links should be configured.

If you can point me to a document that would be great.

Thanks in advance.

Bryce

Router

interface GigabitEthernet0/0
description ISP Link
ip address 20.xxx.xxx.21 255.255.255.248
duplex full
speed 100
no cdp enable
standby 1 ip 20.xxx.xxx.20
standby 1 timers 5 15
standby 1 preempt
!
interface GigabitEthernet0/1
description link to firewall via switch
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.5 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 preempt
!
interface GigabitEthernet0/1.403
description management Vlan
encapsulation dot1Q 403
ip address 10.yyy.yyy.7 255.255.255.0
no cdp enable
!

Router 2

interface GigabitEthernet0/0
description ISP Link
ip address 20.xxx.xxx.22 255.255.255.248
duplex full
speed 100
no cdp enable
standby 1 ip 20.xxx.xxx.20
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
standby 1 track GigabitEthernet0/1.201 50
!
interface GigabitEthernet0/1
description link to firewall via switch
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.6 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
standby 1 track GigabitEthernet0/0 50
!
interface GigabitEthernet0/1.403
description management Vlan
encapsulation dot1Q 403
ip address 10.yyy.yyy.8 255.255.255.0
no cdp enable
!

4 Replies 4

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

With your future setup what i can see is you will be running HSRP in your local LAN with Active/Passive config,If that so then at single point of time only one ISP will be forwarding traffic.

As stated you want to use ISP in Active/Passive mode,Then what i will suggest try config. HSRP track on your router if link goes down pirority will be decrement and traffic will be shofted to second router to second ISP link.

Hope this Helps !!

Regads

Ganesh.H

saurabh_knl
Level 1
Level 1

Hi,

If I understand your question correctly, your setup will be something like this

ISP A                         ISP B

   |                                   I

   |                                   I

   |                                   I

   |                                   I

Router 2                    Router 1

   |                                   |

   |                                   |

   |                                   |    

   -------------------------------------

                   LAN

Routers can continue to work as active/passive for LAN, as it is. So, say your Router 2 is active for LAN, and you want ISP A to be primary for all the traffic. If ISP A fails, you want Router 1 to be active, and start sending the packets towards ISP B. In this case, all you need to do is configure your LAN for HSRP as below, and do not need to configure HSRP on WAN. Just have WAN conifgured with IP address for reachability with ISP.

Router 2

interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.6 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
standby 1 track GigabitEthernet0/1.201 15
standby 1 track 123 decrement 15

ip sla 1
icmp-echo source-interface GigabitEthernet0/0
timeout 3000
frequency 3
ip sla schedule 1 life forever start-time now

track 123 rtr 1 reachability

Router 1

interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.5 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 preempt

HTH

Saurabh

saurabh_knl wrote:

Hi,

If I understand your question correctly, your setup will be something like this

ISP A                         ISP B

   |                                   I

   |                                   I

   |                                   I

   |                                   I

Router 2                    Router 1

   |                                   |

   |                                   |

   |                                   |    

   -------------------------------------

                   LAN

Routers can continue to work as active/passive for LAN, as it is. So, say your Router 2 is active for LAN, and you want ISP A to be primary for all the traffic. If ISP A fails, you want Router 1 to be active, and start sending the packets towards ISP B. In this case, all you need to do is configure your LAN for HSRP as below, and do not need to configure HSRP on WAN. Just have WAN conifgured with IP address for reachability with ISP.

Router 2

interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.6 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
standby 1 track GigabitEthernet0/1.201 15
standby 1 track 123 decrement 15

ip sla 1
icmp-echo source-interface GigabitEthernet0/0
timeout 3000
frequency 3
ip sla schedule 1 life forever start-time now

track 123 rtr 1 reachability

Router 1

interface GigabitEthernet0/1.201
description link to firewall via switch
encapsulation dot1Q 201 native
ip address 192.168.0.5 255.255.255.0
no cdp enable
standby 1 ip 192.168.0.4
standby 1 timers 5 15
standby 1 preempt

HTH

Saurabh

Hi Saurabh,

I believe you might have intended to put the G0/0 interface which connects to the ISP in the track command. Could you please confirm? Thx

Coming back to the original posters scenario it is not mentioned however you might want to consider the return path for your traffic as well. Unless you get one of the ISP's to be the secondary and they manipulate your route for you when they advertise it to the rest of the internet you will end up using both links for return traffic. If you do not want the ISP to manipulate your route and would like to manipulate it yourself than I would strongly suggest looking into running BGP with the ISP. Thx

Saurabh,

Thanks for the help.

To clarify a couple of things.

The diagram is correct however both links connect to the same IPS.  A single /24 public IP address range will be advertised by the ISP.

As per the last posting I am concerned with the return traffic and would like to ensure that it is only coming in one link.  We would also like to be able to manipulate the traffic as well when doing maintenance, etc.  My one concern with BGP is the delay in switching links in the case of a failure.  With HSRP the links could be swapped with no dropout.  With BGP there is a long delay.

Any suggestions as to how I can get around this?

I will be talking to the ISP later today for their ideas and will update the thread accordingly.

Thanks once again.

Bryce.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: