02-06-2006 12:32 PM - edited 03-03-2019 11:40 AM
I'm in the process of gathering information on setting up redundant ineternet connectivity for my company. I currently have a 25MB internet connection being handed off via a Ethernet connection. I'll be adding a second 3MB internet connecion that will also be handed of by way of Ethernet. I have a Cisco 2821 router that I would like to use to take these two connections and then connect my PIX 525 up to this 2821 router. Can anyone give me some examples on how to do this?
Another note...I currently own a block of routable IPs from my existing ISP. I won't be getting any IPs from my secondary ISP.
02-06-2006 02:29 PM
Hello,
it depends on what you want to achieve, load balancing, or a primary and a backup link. In your case, the second would probably make more sense, since one of the connections has a much larger bandwidth capacity. The configuration for a primary and backup link would look like this:
interface FastEthernet0/0
ip address x.x.x.x y.y.y.y
ip nat inside
!
interface Ethernet0/0
description connection to ISP1
ip address x.x.x.x. y.y.y.y
!
interface Ethernet0/1
description connection to ISP2
ip address x.x.x.x. y.y.y.y
ip nat outside
!
ip nat inside source route-map ISP2 interface Ethernet0/1 overload
!
route-map ISP2 permit 10
match ip address 1
match interface Ethernet0/1
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 200
With this configuration, the second interface would only be used if the first one goes down. This might actually be a problem when the interface doesn´t go down, but you loose connectivity to your provider, so you might want to introduce the following in order to make using the secondary interface dependent on if you can reach a specific IP address through the first one. The IP address (x.x.x.x) must be a remote address that you can reach through ISP1.
ip sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x
timeout500
frequency 3
threshold 2
!
ip sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
!
ip local policy route-map Local_Traffic
!
access list 101 permit icmp any host x.x.x.x echo
!
route-map Local_Traffic permit 10
match ip address 101
set interface Ethernet0/0
set interface null0
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 track 100
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 200
Is that what you are looking for ?
Regards,
Nethelper
02-06-2006 02:31 PM
Hi,
I presume you would like to set this up as a primary/backup setup, seeing the difference in the size of your links.
Here's how I would so it:
- create a static default route pointing to the WAN IP of ISP1. Enable tracking on this route so that it goes down when the link goes down (reliable static routing)
- create a static default route pointing to the WAN IP of ISP2 with an admin distance of 250
- assuming that you are using NAT on the block of IPs you have got, configure your LAN interface as an inside NAT interface, and configure your 2 WAN interfaces as outside NAT interfaces
- use the 'ip nat inside source' command with a route-map to select the NAT'ed address/pool based on which interface the packet is routed of. For the primary interface, use a NAT pool with the block of public IPs you have,. For the backup interface, overload on the interface IP.
Hope that helps - pls rate the post if it does.
Paresh
02-06-2006 03:01 PM
Hello,
the previous posts focussed on static IP routing and gave some excellent advice on it. As you explicitly asked for BGP here is a sample configuration for your case with BGP to the two providers. I am assuming your IP addresses are from ISP1, network 1.1.0.0/16.
You should apply the proper inbound and outbound filters to be sure an ISP failure will not get you in trouble. An example configuration for ISP1 being primary and ISP2 being backup would look like this:
interface Ethernet0/1
description to ISP1
ip address 1.4.5.2 255.255.255.252
interface Ethernet0/2
description to ISP2
ip address 2.2.2.2 255.255.255.252
ip nat outside
router bgp 65000
network 1.1.0.0 mask 255.255.0.0
neighbor 1.4.5.1 remote-as 1 ! ISP1
neighbor 1.4.5.1 prefix-list NoTrash in
neighbor 1.4.5.1 filter-list 1 out
neighbor 1.4.5.1 weight 150
neighbor 2.2.2.1 remote-as 2 ! ISP2
neighbor 2.2.2.1 prefix-list NoTrash in
neighbor 2.2.2.1 filter-list 2 out
neighbor 2.2.2.1 weight 100
no auto-summary
ip as-path access-list 1 permit ^$
ip as-path access-list 2 deny .*
ip prefix-list NoTrash deny 192.168.0.0/16 le 32
ip prefix-list NoTrash deny 172.16.0.0/12 le 32
ip prefix-list NoTrash deny 10.0.0.0/8 le 32
ip prefix-list NoTrash deny 1.1.0.0/16 le 32
ip prefix-list NoTrash permit 0.0.0.0/0 le 32
ip route 1.1.0.0 255.255.0.0 Null 0 250
ip nat inside source route-map NATtoISP2 interface Ethernet0/2 overload
route-map NATtoISP2 permit 10
match interface Ethernet0/2
This would not announce any network to ISP2 and only the assigned IP addresses to ISP1, i.e. it prevents that you become transit AS between them. Also all RFC1918 routes are blocked. You could extend this and use the BOGON list for filtering, but this would require more maintainance, because you have to adjust the filters from time to time. For a customer it should be sufficient to block all routes you potentially have internally.
Hope this helps! Please rate all posts.
Regards, Martin
02-07-2006 08:55 AM
Hello Martin,
Thanks for the sample config. Since this is my very first experience with BGP, I'm probably going to need more help understanding what some of the neighbor IPs are for and where to plug my IP addresses into this configuration. I still need to apply for an AS number with ARIN. Thanks again.
Pete
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide