07-24-2006 10:13 AM - edited 03-03-2019 01:26 PM
I'm attempting to configure a Cisco 2610 router to utilize 2 serial lines from separate providers on different subnets to interface through the same ethernet interface.
Currently, the router is configured to utilize one serial line and works beautifully. I'm attempting to configure the second line such that data originating from within our internal network can be load balanced out the two serial lines.
As far as I can tell, both serial lines are configured properly, however I'm not sure what routing rules or other settings need to be modified to allow the router to make use of both serial interfaces.
We currently have one static route defined:
ip route 0.0.0.0 0.0.0.0 Serial0/0
I've tried adding the identical route for Serial0/1, but that does not seem to work (I'm unable to access machines outside our network at all when I do that).
Any insight or help would be greatly appreciated!
07-24-2006 10:32 AM
the two serial links...
are these to the internet?
are they to another company/branch?
how fast are they?
do these both terminate at the remote end on a single router?
do you have access to the other end router?
can you supply the config of the router(s) so we can better assist?
07-24-2006 11:02 AM
Sorry for not having that info in the original post.
The two serial lines are T1s, from separate ISPs (QWEST & AT&T) that connect to the internet.
The running-config I currently have is:
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname boygeorge
!
!
ip subnet-zero
!
partition flash 2 8 8
!
gateway
!
interface Ethernet0/0
ip address QWEST.EXTERNAL.ADDY.HERE 255.255.255.224 secondary
ip address ATT.EXTERNAL.ADDY.HERE 255.255.255.224
no ip directed-broadcast
no ip mroute-cache
full-duplex
!
interface Serial0/0
description AT&T
ip address ATT.SERIAL.ADDY.HERE 255.255.255.252
no ip directed-broadcast
encapsulation ppp
no ip mroute-cache
no keepalive
service-module t1 timeslots 1-24
!
interface Serial0/1
description QWEST
ip address QEST.SERIAL.ADDY.HERE 255.255.255.252
no ip directed-broadcast
no keepalive
service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
!
!
no scheduler allocate
end
The above currently seems to work, however when I attempt to add a second static route:
ip route 0.0.0.0 0.0.0.0 Serial0/1
nothing seems to work.
07-24-2006 01:57 PM
I suspect it is because your ISP quest has something that prevents traffic from att addresses which are your primary from entering their network via the serial line. This will appear to them as a ip spoofing attack.
This limiatation is not a uncommon thing. It is very suprising that att will allow you to send traffic that has a source address from the quest network to them.
In you current configuation that works the traffic will go out ATT and if the source address is from att it will come back on s0/0 and if it is from quest it will come back on s0/1.
There is little you can do with this type of internet connection to load balance traffic. Traffic from att should always use att and traffic from quest should always use quest. You are just lucky it works as it does.
This design does not even allow for failover unless all your machines have both att and quest addresses.
You can fix the failover by building multiple nat pools and you to a point can load balance the output traffic with policy routing.
These problems are why large companies use BGP and AS numbers and even then you cannot really get true load balancing.
07-25-2006 05:47 AM
If I wanted to load balance outgoing traffic via NAT and policy routing, how would I go about doing that?
I don't believe any data coming over the QWEST serial line (0/1) is reaching our internal network at all with the current configuration on the router.
07-25-2006 12:24 PM
I have a similiar design at the moment in my network, as I am in the process of switching from 1 ISP to using two (although I have seperate routers to handle the 2 lines).
I used policy based routing in my scenario and it works fine. Just set up you nat statement on you firewall as you would normally and then create a route map on the router.
For example
Ip access-list stan 5
permit 10.x.x.x
Route-map ATTSource permit 10
match ip address 5
set ip next-hop
On inbound int
ip policy route-map ATTSource
HTH,
Ryan
07-25-2006 12:36 PM
Hello,
in addition to the other posts, and I am not sure if you might have already tried that, but turn on cef globally, and then use both default routes:
ip cef
!
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 Serial0/1
and check if that makes a difference...
Regards,
GNT
07-26-2006 05:51 AM
I enabled CEF, and re-added the Serial0/1 static route, and data seems to be sent out over that serial line, but data isn't being received. Is this because QWEST is ignoring packets because they come from my ATT address (ethernet0/0's primary address is the one from ATT)?
I also still don't understand how I'd set up NAT on the router. Do I just set it up on serial0/1 and ethernet0/0, and map the entire QWEST IP block to the ethernet0/0 primary address? Our gateway (openBSD server) handles NAT for our internal network.
07-27-2006 12:34 AM
enable ip cef globally
enter ip load sharing per-packet on both serial interfaces.
HTH
09-12-2006 05:24 AM
I think your ISP does not have route to your network by using new link. They only know how to route to your network using existing link.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide