Hi,

Make sure, that your ISP has the route towards your router links for the incoming traffic.

In this set up I would suggest to use MLPPP to achieve the best throughput. In case if that's not possible use " Radware linkproof" to achieve this. just installed it at one of my customer premises and got the fine results.

HTH,

-amit singh

The static IP addresses that I got from the ISP are reachable over the Internet. So, there is a route.

Thanks about that Radware linkproof box. I will investigate this option.

Meanwhile, can you tell me if it is OK to use just one address of the two addresses I got from the ISP for the virtual-template interface when I use MLPPP?

Thanks,

Vasanth

Hi

If you are getting single valide ip from ur SPyou can logically bundle 2 different channels and make use of the resultant B/W available in each induvidual channels.

But here since u will be assiged 2 different ips for the respective channels i would suggest to check out for policy based routing based on either ur destination or based on ur source.

Match the particular destination networks or applications and route it via one link and the remaining applications/networks via other link.

By doing this u can have see some balance on both the links instead of choking a particular link..

Also do u have any framed ips configured for ur uid or for ur public ip which u may be using in ur internal network or for mapping ur internal servers to the outside world...

regds

Hi Prem,

Thanks for the reply.

I did not get much about your question on framed ips..Are you talking about NAT?

I have NAT configured on my internet router and the internal address (which is coming from ISA Server) is mapped to both public addresses. I am not sure if there are any issues with NAT and CEF.

Coming to your point on load sharing based on source or destination IP...To the internet router, it only appears as if the traffic is coming from only one source which is the External NIC of the ISA Server.

90% of the traffic is HTTP and this is what I want to load balance. So, there is no point sending email traffic on one link and http on the other as I would be effectively using only one link and choking it.

Load balancing on destination traffic..well, it is all going to the Internet..no specific address I can type in on the router and do policy based routing..

I am thinking if I should ask my ISP to give me "one username, password and static IP address" for both links so that I can implement MLPPP.

What is the general practice from SP when you have multiple ADSL lines? Do they give you two different addresses?

Any other thoughts?

Thanks,

Vasanth

Hi Vasanth

I was mentioning Framed ip as the ip assignment in static fashion whenever ur login with the uid u will get the same ip.

Again u will have the rules set to activate a static route for the local lan network if any towards the particular uid/ip so that the local lan reachability can be made thru..

AFAIK its 2 diff ips which will be provided to the customer if they are taking 2 diff connections..

regds

Hi Prem,

I am not negotiating any addresses from the ISP. ISP gave me two public addresses which I have configured on my dialer interfaces.

So, how is it that Multilink PPP possible if every ISP gives out one public address for each ADSL connection that you take?

regards,

Vasanth

Hi,

Since you're using ADSL (note the "A), you will most definitely be "pulling" data from Internet rather then sending and this is due to an asymetric nature of ADSL. For the reason activating CEF and stuff, will not really help you much, because it's intended for outbound traffic, which should be rather small.

MLP is not an option in this case. As a side note, MLP operates on the LCP level, which comes before you get an IP address (NCP), meaning that you're aggregating the channels before any IP is assigned. Since these are separate ISPs which have their own LCP/NCP sessions, you would need like another hierarchy of LCP/NCP over existing LCP/NCP to do MLP here and this is not supported on Cisco routers.

To cut it short, you mentioned that you're also doing NAT on those internet routers. In my opinion your only options are to configure Multi-group HSRP or GLBP on the LAN side and load-balance traffic as it exits your LAN. Returning traffic (the important one) will hit the router which performed NAT becuase it will have its public IP as an overload.

So in essence, balance on the exit from LAN to balance the returning traffic.

Hope that helped.

David

Hi David,

That was a pretty convincing explanation. Thanks.

-- Vasanth

Hi David,

I just happen to read your reply again..Got a few questions.

You are talking about HSRP..I just have one router here with two ADSL cards in it and both connecting to the same ISP. Is not HSRP for two or more routers?

Let me restate again..To my internet border router, it only appears that the traffic is coming in only from one LAN address..So, load balancing by source address is not possible until I change a few things.

I have nat configured so that I translate this address to two public addresses I got from the ISP, one each for the Dialer interfaces and I have two static default routes.

The issue I have right now:

When both ADSL lines are connected, up and running, the second line is never used. But, it works independently when the first ADSL line is removed. So, no issues with the line as such.

Any help?

Thanks,

Vasanth

Hi,

as you are connecting one internet router to the same ISP over two ADSL lines you could ask for MLPPP which would be the easiest solution for you. All you risk is getting a "No!" from your ISP.

In case of "No!": I think NAT could be the problem.

How do you configure this? Basically you configure NAT overload to the Dialer IP or interface. The NAT translation then determines the path out to the internet. And I believe you always take Dialer1 and never Dialer2, so only one line used. Can you verify this please with "show ip nat translation"? Could you post your NAT config?

On the other hand NAT order of operation inside to outside is first routing and then NAT.

So the suggestion for now is:

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2

ip nat inside source interface Dialer1 overload

ip nat inside source interface Dialer2 overload

And you HAVE to make sure per destination load sharing is activated with CEF (actually the default). Otherwise the packets to an internet host might arrive with different source addresses and will be dropped, which slows internet down.

Check with show IP cef interface

Hope this helps

Martin

What you say is correct. Only Dialer 1 is used and I found that using "sh ip nat trans".

But, I do not see any problem with my config - IOS 12.3(14)T5.

Here is the config snippet:

=========================================

interface Dialer1

ip address XX.XX.XX.XX/24

ip nat outside

encapsulation ppp

dialer pool 1

!

interface Dialer2

ip address YY.YY.YY.YY/24

ip nat outside

encapsulation ppp

dialer pool 2

!

ip route 0.0.0.0 0.0.0.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source list 2 interface Dialer2 overload

access-list 1 permit 10.1.0.0 0.0.255.255

access-list 2 permit 10.1.0.0 0.0.255.255

==============================================

ip cef is enabled and the default is per-destination load sharing. So, I have not changed that.

ROUTER#sh cef interface dialer 2

Dialer2 is up (if_number 18)

Corresponding hwidb fast_if_number 18

Corresponding hwidb firstsw->if_number 18

Internet address is YY.YY.YY.YY/24

ICMP redirects are always sent

Per packet load-sharing is disabled

IP unicast RPF check is disabled

Inbound access list is allowin-dialer2

Outbound access list is not set

Interface is marked as point to point interface

Packets switched to this interface are dropped to the next slow path: Dialer

Hardware idb is Dialer2

Fast switching type 15, interface type 87

IP CEF switching enabled

IP CEF Feature Fast switching turbo vector

Input fast flags 0x400061, Input fast flags2 0x0, Output fast flags 0x10100, O

utput fast flags2 0x0

ifindex 13(13)

Slot -1 Slot unit -1 Unit 2 VC -1

Transmit limit accumulator 0x0 (0x0)

IP MTU 1500

Hi Martin,

When I used access-list with NAT as below, only dialer 1 was used and NAT translations did not show dialer 2 interface..

ip route 0.0.0.0 0.0.0.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source list 2 interface Dialer2 overload

access-list 1 permit 10.1.0.0 0.0.255.255

access-list 2 permit 10.1.0.0 0.0.255.255

But, when I used route-map with NAT, translations for both are shown. "sh ip nat trans" shows both dialer interfaces with translations and both ADSL lines are being used now

ip route 0.0.0.0 0.0.0.0 Dialer2

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source route-map adsl1 interface Dialer1 overload

ip nat inside source route-map adsl2 interface Dialer2 overload

route-map adsl2 permit 10

match interface Dialer2

!

route-map adsl1 permit 10

match interface Dialer1

!

Though my problem is solved, I am really stumped by this behaviour.

Any thoughts?

-- Vasanth