I'm in the process of gathering information on setting up redundant ineternet connectivity for my company. I currently have a 25MB internet connection being handed off via a Ethernet connection. I'll be adding a second 3MB internet connecion that will also be handed of by way of Ethernet. I have a Cisco 2821 router that I would like to use to take these two connections and then connect my PIX 525 up to this 2821 router. Can anyone give me some examples on how to do this?
Another note...I currently own a block of routable IPs from my existing ISP. I won't be getting any IPs from my secondary ISP.
it depends on what you want to achieve, load balancing, or a primary and a backup link. In your case, the second would probably make more sense, since one of the connections has a much larger bandwidth capacity. The configuration for a primary and backup link would look like this:
ip address x.x.x.x y.y.y.y
ip nat inside
description connection to ISP1
ip address x.x.x.x. y.y.y.y
description connection to ISP2
ip address x.x.x.x. y.y.y.y
ip nat outside
ip nat inside source route-map ISP2 interface Ethernet0/1 overload
route-map ISP2 permit 10
match ip address 1
match interface Ethernet0/1
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 200
With this configuration, the second interface would only be used if the first one goes down. This might actually be a problem when the interface doesn´t go down, but you loose connectivity to your provider, so you might want to introduce the following in order to make using the secondary interface dependent on if you can reach a specific IP address through the first one. The IP address (x.x.x.x) must be a remote address that you can reach through ISP1.
ip sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x
ip sla monitor schedule 1 life forever start-time now
I presume you would like to set this up as a primary/backup setup, seeing the difference in the size of your links.
Here's how I would so it:
- create a static default route pointing to the WAN IP of ISP1. Enable tracking on this route so that it goes down when the link goes down (reliable static routing)
- create a static default route pointing to the WAN IP of ISP2 with an admin distance of 250
- assuming that you are using NAT on the block of IPs you have got, configure your LAN interface as an inside NAT interface, and configure your 2 WAN interfaces as outside NAT interfaces
- use the 'ip nat inside source' command with a route-map to select the NAT'ed address/pool based on which interface the packet is routed of. For the primary interface, use a NAT pool with the block of public IPs you have,. For the backup interface, overload on the interface IP.
the previous posts focussed on static IP routing and gave some excellent advice on it. As you explicitly asked for BGP here is a sample configuration for your case with BGP to the two providers. I am assuming your IP addresses are from ISP1, network 22.214.171.124/16.
You should apply the proper inbound and outbound filters to be sure an ISP failure will not get you in trouble. An example configuration for ISP1 being primary and ISP2 being backup would look like this:
description to ISP1
ip address 126.96.36.199 255.255.255.252
description to ISP2
ip address 188.8.131.52 255.255.255.252
ip nat outside
router bgp 65000
network 184.108.40.206 mask 255.255.0.0
neighbor 220.127.116.11 remote-as 1 ! ISP1
neighbor 18.104.22.168 prefix-list NoTrash in
neighbor 22.214.171.124 filter-list 1 out
neighbor 126.96.36.199 weight 150
neighbor 188.8.131.52 remote-as 2 ! ISP2
neighbor 184.108.40.206 prefix-list NoTrash in
neighbor 220.127.116.11 filter-list 2 out
neighbor 18.104.22.168 weight 100
ip as-path access-list 1 permit ^$
ip as-path access-list 2 deny .*
ip prefix-list NoTrash deny 192.168.0.0/16 le 32
ip prefix-list NoTrash deny 172.16.0.0/12 le 32
ip prefix-list NoTrash deny 10.0.0.0/8 le 32
ip prefix-list NoTrash deny 22.214.171.124/16 le 32
ip prefix-list NoTrash permit 0.0.0.0/0 le 32
ip route 126.96.36.199 255.255.0.0 Null 0 250
ip nat inside source route-map NATtoISP2 interface Ethernet0/2 overload
route-map NATtoISP2 permit 10
match interface Ethernet0/2
This would not announce any network to ISP2 and only the assigned IP addresses to ISP1, i.e. it prevents that you become transit AS between them. Also all RFC1918 routes are blocked. You could extend this and use the BOGON list for filtering, but this would require more maintainance, because you have to adjust the filters from time to time. For a customer it should be sufficient to block all routes you potentially have internally.
Thanks for the sample config. Since this is my very first experience with BGP, I'm probably going to need more help understanding what some of the neighbor IPs are for and where to plug my IP addresses into this configuration. I still need to apply for an AS number with ARIN. Thanks again.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...