Re: Load sharing multiple ISP

saimbt · ‎03-23-2006

Hi,

We are planning to have multiple ISP for load sharing and redundancy. We do not have the flexibility of BGP.

ideally it would be a firewall and 2 diff routers for each ISP.

Can anyone help me with various options that can be used to achieve it?

-Sai.

pkhatri · ‎03-23-2006

Hi Sai,

If you have LAN segment connecting the 2 routers and the firewall, a great option would be to enable HSRP or GLBP on the routers' LAN-facing interfaces and pointing the default route on the firewall to the virtual IP address for HSRP/GLBP... GLBP is the better option since it gives you the ability to load-share between the two routers.

Here's a link to configuring GLBP:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_glbp.htm

Hope that helps - pls rate the post if it does.

Paresh

saimbt · ‎03-23-2006

Hi Paresh,

Thank for a super fast response.

The router interface would have public IP's that would terminate on a switch. If i use GLBP, what would the IP of the virtual Gateway be? IP from ISP1 or ISP2?

NOTE:- We do not have any own spare public IP space.

Sai.

pkhatri · ‎03-23-2006

A better solution is to use private IP address space on the router LAN interfaces and then use NAT on each of the routers to NAT the traffic to the public IPs from the appropriate ISP.

Pls do rate posts that help.

Paresh

saimbt · ‎03-23-2006

If i use private IP on LAN, how will the ISP route incoming traffic to the particular router??

Sai

pkhatri · ‎03-23-2006

That's why I said that you have to use NAT on the routers to translate the private space to public space so that the ISP can route it back correctly...

Paresh

saimbt · ‎03-23-2006

Hi Paresh,

Can I get a sample conf please???

-Sai.

sinhaniraj29 · ‎03-23-2006

Hi Sai,

This link will help you

http://www.ciscopress.com/articles/article.asp?p=25273&seqNum=4&rl=1

saimbt · ‎03-24-2006

Hi,

I cant use BGP. My Q is can I use 2 routers for the 2 ISP's and use PBR to achieve load sharing and make the links redundant to each other?

-Sai.

pauruizperez · ‎03-27-2006

I recommend you to use only one router (to simplify), and use two little cheap routers (the ones that your ISP gives for almost free) for sending the Internet IPs to your Cisco router (firewall). (Maybe it's the configuration you'r telling about...)

Although I believe OER is the solution to all of our problems, I haven't tested it, and haven't seen it working well, maybe it's a rock to use it just for a two ISP load-sharing configuration...

My very simple recomendation is:

int F0

description Local interface

ip address 192.168.0.1 255.255.255.0

ip nat inside

int F1

description Outside interface

ip address

ip address secondary

ip nat outside

ip route 0.0.0.0 0.0.0.0

ip nat pool POOL1 prefix-length 24

ip nat pool POOL2 prefix-length 24

ip nat inside source route-map LAN-ISP1 pool POOL1 overload

ip nat inside source route-map LAN-ISP2 pool POOL2 overload

!

access-list 1 remark Gateway for ISP1

access-list 1 permit

access-list 2 remark Gateway for ISP2

access-list 2 permit

access-list 100 remark LAN 192.168.0.x to outside

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

!

route-map LAN-ISP1 permit 10

match ip address 100

match ip next-hop 1

route-map LAN-ISP2 permit 10

match ip address 100

match ip next-hop 2

This configuration can be more complex using sla to ensure lines are up before bringing up the default routes, but maybe these few lines are easier to understand and deploy. (With this working you can improve it later, the only problem is that with this configuration when a ISP fails all your connection fails)

One recomendation is not using load-sharing per-packet, use per-destination (the default issue), maybe it won't load-share 50%/50%, but it really works with two different ISPs without BGP (I think it's the real thing here).

Good routing, see U on Internet:

Fazerbcn