Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple Internet connections to provide redundancy - NO BGP

I have a scenerio where we have a network with two seperate Internet connections on different sides of a corporate WAN. Currently the connections are being used in isolation to save the internal corporate WAN bandwidth. We are interested in leveraging the fact that we have two Internet connections for redundancy to route users over the corporate WAN to the surviving Internet connection in the event that either one of them fails. Facts:

1) We are using Raptor (read - non cisco) firewalls between the EIGRP routed corporate net and the Internet connections

2) We are using Cisco routers at the very edge (screening router) to connect to the Internet WAN links - both of them

3) The internal routed network is Cisco based and we are running EIGRP here

4) The Raptor firewalls are not running routing protocols although it may be possible to enable RIP on them...

I've thought through this and the only thing I can come up with is running RIP from the screening routers to the NT based RAPTORS (which are NATing- not sure this is possible) and on in to the internal network. If I set up my default routes on the screening routers to point to the serial interface (or next hop IP address) and redistribute that route into RIP, the failure of either of the WAN Internet links or screening routers will flush the respective default route and send everyone running to the survivor... right? I know the metrics may need to be tickled to keep people on the correct Internet wire during normal ops but this might just work.... Any other thoughts???

(I understand that I would have to redistribute RIP->EIGRP to do this)

Any thoughts... anyone do anything like this before? Is there a simple solution that I am missing? Should I consider a career change?

Thanks in advance!


New Member

Re: Multiple Internet connections to provide redundancy - NO BGP


This would work, but why use RIP ? As you know, RIP broadcasts every 30 seconds. That's going to use up traffic over the firewall and will impact your Internet traffic.

A better way is to use BGP, but just between your Screen routers and the first router on the clean side of the firewall. On the firewall, allow TCP port 169 and set your static routes for NAT. On the the routers, set the next hop for your BGP neighbors to be the interface of the firewall.

This way any traffic for TCP 169 from a predefined IP Address will be statically NAT'd to the other side. No other traffic will have to pass thru the FW (especially not RIP broadcasts).

For the BGP config, just advertise after putting your static route on the screen router. If the link fails the router will not have a route to and then will not advertise it via BGP.

On the clean side, redistribute BGP into EIGRP with a standard default metric and let EIGRP decide the best route.

Hope this helps.

Michael J. Morris


CreatePlease to create content