Re: Configuring 2610 to use 2 Serial T1 lines

adamormond · ‎07-24-2006

I'm attempting to configure a Cisco 2610 router to utilize 2 serial lines from separate providers on different subnets to interface through the same ethernet interface.

Currently, the router is configured to utilize one serial line and works beautifully. I'm attempting to configure the second line such that data originating from within our internal network can be load balanced out the two serial lines.

As far as I can tell, both serial lines are configured properly, however I'm not sure what routing rules or other settings need to be modified to allow the router to make use of both serial interfaces.

We currently have one static route defined:

ip route 0.0.0.0 0.0.0.0 Serial0/0

I've tried adding the identical route for Serial0/1, but that does not seem to work (I'm unable to access machines outside our network at all when I do that).

Any insight or help would be greatly appreciated!

gpulos · ‎07-24-2006

the two serial links...

are these to the internet?

are they to another company/branch?

how fast are they?

do these both terminate at the remote end on a single router?

do you have access to the other end router?

can you supply the config of the router(s) so we can better assist?

adamormond · ‎07-24-2006

Sorry for not having that info in the original post.

The two serial lines are T1s, from separate ISPs (QWEST & AT&T) that connect to the internet.

The running-config I currently have is:

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname boygeorge

!

ip subnet-zero

!

partition flash 2 8 8

!

gateway

!

interface Ethernet0/0

ip address QWEST.EXTERNAL.ADDY.HERE 255.255.255.224 secondary

ip address ATT.EXTERNAL.ADDY.HERE 255.255.255.224

no ip directed-broadcast

no ip mroute-cache

full-duplex

!

interface Serial0/0

description AT&T

ip address ATT.SERIAL.ADDY.HERE 255.255.255.252

no ip directed-broadcast

encapsulation ppp

no ip mroute-cache

no keepalive

service-module t1 timeslots 1-24

!

interface Serial0/1

description QWEST

ip address QEST.SERIAL.ADDY.HERE 255.255.255.252

no ip directed-broadcast

no keepalive

service-module t1 timeslots 1-24

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

!

no scheduler allocate

end

The above currently seems to work, however when I attempt to add a second static route:

ip route 0.0.0.0 0.0.0.0 Serial0/1

nothing seems to work.

tdrais · ‎07-24-2006

I suspect it is because your ISP quest has something that prevents traffic from att addresses which are your primary from entering their network via the serial line. This will appear to them as a ip spoofing attack.

This limiatation is not a uncommon thing. It is very suprising that att will allow you to send traffic that has a source address from the quest network to them.

In you current configuation that works the traffic will go out ATT and if the source address is from att it will come back on s0/0 and if it is from quest it will come back on s0/1.

There is little you can do with this type of internet connection to load balance traffic. Traffic from att should always use att and traffic from quest should always use quest. You are just lucky it works as it does.

This design does not even allow for failover unless all your machines have both att and quest addresses.

You can fix the failover by building multiple nat pools and you to a point can load balance the output traffic with policy routing.

These problems are why large companies use BGP and AS numbers and even then you cannot really get true load balancing.

adamormond · ‎07-25-2006

If I wanted to load balance outgoing traffic via NAT and policy routing, how would I go about doing that?

I don't believe any data coming over the QWEST serial line (0/1) is reaching our internal network at all with the current configuration on the router.

ryan.bachman · ‎07-25-2006

I have a similiar design at the moment in my network, as I am in the process of switching from 1 ISP to using two (although I have seperate routers to handle the 2 lines).

I used policy based routing in my scenario and it works fine. Just set up you nat statement on you firewall as you would normally and then create a route map on the router.

For example

Ip access-list stan 5

permit 10.x.x.x

Route-map ATTSource permit 10

match ip address 5

set ip next-hop

On inbound int

ip policy route-map ATTSource

HTH,

Ryan

globalnettech · ‎07-25-2006

Hello,

in addition to the other posts, and I am not sure if you might have already tried that, but turn on cef globally, and then use both default routes:

ip cef

!

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/1

and check if that makes a difference...

Regards,

GNT

adamormond · ‎07-26-2006

I enabled CEF, and re-added the Serial0/1 static route, and data seems to be sent out over that serial line, but data isn't being received. Is this because QWEST is ignoring packets because they come from my ATT address (ethernet0/0's primary address is the one from ATT)?

I also still don't understand how I'd set up NAT on the router. Do I just set it up on serial0/1 and ethernet0/0, and map the entire QWEST IP block to the ethernet0/0 primary address? Our gateway (openBSD server) handles NAT for our internal network.

chintu_punjabi · ‎07-27-2006

enable ip cef globally

enter ip load sharing per-packet on both serial interfaces.

HTH

altaf007 · ‎09-12-2006

I think your ISP does not have route to your network by using new link. They only know how to route to your network using existing link.