Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Load Balance multiple ISPs

Hello, can anyone point me in the direction where I can add more ISPs to my infrastructure (I am not a AS, so no BGP) and have some sort of load balance ?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: Load Balance multiple ISPs

Well, should work. In that case remove nat statements for the interface where you have connected the PIX. Leave the two static routes in place.

The thing is that the router with right SW and configuration is able to do NAT, FW, and VPN just like the PIX if not better.

Good luck.

13 REPLIES

Re: Load Balance multiple ISPs

Hi there,

You can use an internet load balancer, you can find many, but here is a one that i've heard about, but i strongly recommend going to the BGP alternative as it is the most optimum solution.

http://www.rad-direct.com/Product-LinkProof-Multihoming-Load-Balance-Multiple-ISP-Links.htm

HTH, please rate if it does help,

Mohammed Mahmoud.

Hall of Fame Super Gold

Re: Load Balance multiple ISPs

For once I do not quite agree with Mohammed.

Today, to work with multiple ISP is not said that you need BGP or expensive appliances.

For examples, in most case when using NAT, it is enough to set multiple static routes to the interfaces doing NAT, and the traffic will load balance nicely and provide fail-over at the same time.

Hope this helps, please rate post if it does

New Member

Re: Load Balance multiple ISPs

Can you provide some sort of details/directions ? I have a c2801 and a PIX 515e. The PIX does my NAT. I have 2 ISPs plugged on the c2801, but right now I only use one with the PIX, I pretty much would like load balance and fail over...thanks!

Hall of Fame Super Gold

Re: Load Balance multiple ISPs

Hi Alvaro,

Best design if you move the pix behind the router, that is, the router faces both ISP and does NAT. The PIX, if you want, does firewall only. You could have PIX do NAT for one ISP and router for the other, but things gets more complicated.

Then:

int

ip nat outside

int

ip nat outside

int

ip nat inside

ip nat inside source list 1 interface overload

ip nat inside source list 1 interface overload

ip route 0.0.0.0 0.0.0.0

ip route 0.0.0.0 0.0.0.0

access-list 1 permit 192.168.0.0 0.0.255.255

That's it. If you want one ISP to handle moret raffic than the other, you add specific routes to one ISP (e.g. youtube IP address, or whatever)

As a courtesy to those providing answers, please rate all useful posts!

New Member

Re: Load Balance multiple ISPs

Sounds great... can I keep the PIX facing the internet ? I do VPN and NAT with it... will that work the same way?

Hall of Fame Super Gold

Re: Load Balance multiple ISPs

Well, should work. In that case remove nat statements for the interface where you have connected the PIX. Leave the two static routes in place.

The thing is that the router with right SW and configuration is able to do NAT, FW, and VPN just like the PIX if not better.

Good luck.

New Member

Re: Load Balance multiple ISPs

Thanks a lot, I will give it a try... also I just found about a new feature on PIX 7.x using SLA commands at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

which might do it for me. I will try both options. Thanks a lot for the input!

Cisco Employee

Re: Load Balance multiple ISPs

Hi Paolo,

I have a clarification here. Suppose my ISP 1 goes down then what will be the sequence of operation?

As NAT oder of operation says it will check routing entry first so it will see the second static route but how will it take the second NAT statement when first NAT statement matches fine. Don't you think it will match take the second static route but will take first NAT statement whcih may create some kind of problem at ISP end?

I believe if I call a policy in my NAT statement to match the interface first and if interface is found up then only trigger the first NAT statement or else move to second NAT statement.

Regards,

Ankur

Re: Load Balance multiple ISPs

Hi Paolo,

Thank you for criticizing my opinion, we are all here to gain more experience and knowledge by interacting with each other :)

You are right, doing NAT as you explained is the most simple solution, but don't you agree with me that BGP would be the most scalable and optimum solution?

BR,

Mohammed Mahmoud.

Hall of Fame Super Gold

Re: Load Balance multiple ISPs

Hi Mohammed,

it's a matter of size. If we were talking about a large organization with high speed circuits and the competence to maintain it, yes I would recommend BGP. But here we mostly deal with small business with at most T1s and broadband. These speeds were justifying BGP ten years ago, not anymore today, as someone else pointed out, it is not just the technical side, but also the administrative one - AS numbers are not given easily and much less provider independent space.

So radware found a market by solving the problem for all customers that cannot run BGP - they are the vast majority.

Cisco doesn't have such an "out of the box" solution, but luckily a simple NAT configuration on the router or PIX does it anyway.

Thank your for your continued support and keep up the good work!

best, Paolo

Re: Load Balance multiple ISPs

Hi Paolo,

I do agree with you, but don't you think that simple NATing might introduce a couple of issues, especially that the customer will have 2 classes from 2 different ISPs (we need to control both the upload and the download), ok lets try to put the optimum model out there for people to use NAT regarding this issue.

BR,

Mohammed Mahmoud.

Hall of Fame Super Gold

Re: Load Balance multiple ISPs

Actually I don't see much of a problem.

Most people don't get many addresses anyway, perhaps one static and many times, only dynamic. If they have servers inside they can either use the most reliable ISP for that, or set two A records in DNS and have a pseudo form of redundancy. Also many people like to have dual ISP just to harden VPN, and this is not a problem neither, just set up two tunnels.

I think that NAT has really revolutionated IP, mostly for good overall.

New Member

Re: Load Balance multiple ISPs

pretty expensive to get AS. And a lot of paper work too. Several acquaintances tried and got denied. Also, BGP doesn't do automatic load balance... am I mistaken ?

thanks

208
Views
10
Helpful
13
Replies