Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multihomed 2620, dual ISPs, 2 address blocks, no BGP

In have a dual homed 2620 router with two different isp connections, each with its own address block. I probably cannot do BGP. I will be doing NAT over each outbound interface using addresses from that particular ISPs address block.

What degree of failover will we be able to achieve? I will set up two default routes and turn ip route cache off. Hopefully if one link goes down, it will detect it and switch over. One link is a T1 with integrated CSU/DSU. The other link is a DSL link with integrated WIC ADSL card.

What degree of load sharing can we achieve without using BGP?

Thanks

4 REPLIES
New Member

Re: Multihomed 2620, dual ISPs, 2 address blocks, no BGP

You might have some strange traffic flows if you turn off ip route cache. I believe that load balancing will then be done on a per-packet basis. So for each network flow (ftp session, http session, etc), You'll have half the packets going over each line. If one connection is faster to the destination than the other, the packets will arrive out of order and might cause some abnormal slowdowns / retransmits, depending on the application. I'd leave route cache on and let it do a per-session load balance.

I'm not sure how you would configure the router to tie a nat pool to a specific interface. You could send translations to ISP1's address range out of the port for ISP2. However, this is not going to give you any kind of automatic failover, as NAT has no way of knowing to clear out all translations and stop using a particular IP pool just because and interface went down.

So you might get some outbound and inbound load balancing with the scenario you have above, but I don't believe you will be able to get any kind of failover with it.

You could run BGP and just receive a default route from each provider, and then announce out your 2 blocks. The 2620 is more than capable of doing that. However, I am not sure how many providers would be willing to do that through a DSL link.

New Member

Re: Multihomed 2620, dual ISPs, 2 address blocks, no BGP

Understand about the ip route cache - per session LB makes much more sense. The dual NAT is still a mind bender. I'm still working on that issue. The customer is not expecting perfect failover - e.g. if sessions have to be restarted due to link loss, that is acceptable.

I can't get any definitive info from PacBell/SBC regarding BGP. So far the 5 or 6 people I've talked to say "what is BGP? Is that web hosting?" Anyone out there have any luck with these issues with Pacbell/SBC DSL?

Gold

Re: Multihomed 2620, dual ISPs, 2 address blocks, no BGP

Okay, this is a little difficult to explain, so bear with me.... If you're at networkers, please drop by the design clinic and ask to have this explained further. If it's in the US, I'll be hanging around there some (between speaking).

So.... You're biggest issue here is that you are running two NAT boxes, and you need to run with symmetrical routing, both inbound and outbound. That means that if you send the first packet of a transaction towards a given server through one of your two nat routers, you need to send them all that way. This sounds complicated, but it really isn't. Since you aren't running bgp, the easier thing to do is this:

-- Split the ip address space up into some managable sections. Say you use these 8 routes to represent the entire ip address space:

0.0.0.0/3

32.0.0.0/3

64.0.0.0/3

96.0.0.0/3

128.0.0.0/3

160.0.0.0/3

192.0.0.0/3

224.0.0.0/3

-- Set up a static default route on each of the two nat routers, and redistribute this into your routing protocol. Don't forget the default metric.

-- Set up static routes for 4 of these routes on one of the two nat routers. Redistribute them.

-- Set up statics for the other 4 routes listed above on the other nat router. Redistributed them.

-- If one link is loaded more than the other, move one of these 8 routes from the more heavily loaded router to the less heavily loaded router.

With some playing around, you can probably get your outbound and inbound load to be about equal on the two routers. If one fails, you will lose your sessions through that router, but the default will allow new sessions to be built.

I hope this makes sense.

:-)

Russ

New Member

Re: Multihomed 2620, dual ISPs, 2 address blocks, no BGP

hi Russ

I won't be at networkers though I wish I could be. I pretty much get what you are saying, except the point about "2 NAT boxes" - when in fact I have 1 router with two interfaces.

Each ISP won't advertise routes for the other, so a stream of packets in a transaction must going over one interface and so therefore must be NATed correctly for that interface.

But routing and NAT should be separate. The routing decision determines an egress interface. Once an interface is decided, the NAT commands on each interface should therefore do the right thing.

If a link goes down, then the translations for the sessions on that interface will be lost.

I understand the point about breaking up the address space into chunks and building a route table accordingly. I don't understand what you mean by "redistribute them" unless you were referring to two different routers in a dynamic routing partnership - which I don't have.

I was also contemplating setting up a policy based routing scheme where the protocol and its origin determined a route taken, primarily because one of the links is asymmetrical - the DSL is 384kbps upstream and 6mbps downstream (PacBell/SBC Enhanced DSL). It would not be the preferred route for intensive data flow upstream. FTPing large files into the LAN from an outside source could use the DSL link, but FTP large files into an outside host from a LAN server would be better off using the other link (a T1). But this could get complicated...

What is tricky here also is that there is also a PIX firewall behind the edge (2620) router. I can simply address everything (LAN, DMZ, and PIX to Edge router) using a private network scheme, and NAT only at the interfaces. Or I can assume most traffic uses one provider, and only NAT if it goes down the other provider. This I could really use some help with.

122
Views
0
Helpful
4
Replies
CreatePlease to create content