Re: Multiple Internet connections

durhamcs · ‎04-10-2003

We cuurently have two connections to the internet one in Los Angeles and one in Huntsville, Al. Each internal router goes through a pix fw than to the prospective ISP routers. I would like to set up the internal routers to act as a failover to each other. that way if LA goes down routes will go to Huntsville and the same in reverse. I thought about using static routes at each router i.e

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2

1111 to the internet and 2222 being the route to the other site. Would this work? Suggestions?

rwiesmann · ‎04-10-2003

Hi

This way you would load balance between the two isp connections.

You have to setup a higher administrative distance for the "backup" route.

Like:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2 200

This way the first goes right away into the routing table and the second will kick in when the network of 1.1.1.1 is not there anymore.

Hope that helps

Roger

durhamcs · ‎04-10-2003

Thanks. I will give it a try

vcjones · ‎04-10-2003

Hate to burst your bubble, but unless 1.1.1.1 is on the other end of point-to-point link terminating on this router, this approach will not work. In particular, if 1.1.1.1 is the Ethernet IP of the PIX leading to the ISP router, unless the Ethernet LAN fails, your router will always think that 1.1.1.1 is reachable and will continue sending packets to the PIX even though the PIX no longer has a working route to the Internet.

What you want to do is use BGP between the outside routers and your inside routers so that your inside routers can detect when a path to the Internet has failed. This can be done with minimal impact on security, but it does take some care. If you're not sure how to do it, you may get some ideas from the Redundant Firewalls white paper on my web site (or Chapter 9 of my book).

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com