03-23-2006 03:39 AM - edited 03-03-2019 12:09 PM
Hi,
We are planning to have multiple ISP for load sharing and redundancy. We do not have the flexibility of BGP.
ideally it would be a firewall and 2 diff routers for each ISP.
Can anyone help me with various options that can be used to achieve it?
-Sai.
03-23-2006 03:42 AM
Hi Sai,
If you have LAN segment connecting the 2 routers and the firewall, a great option would be to enable HSRP or GLBP on the routers' LAN-facing interfaces and pointing the default route on the firewall to the virtual IP address for HSRP/GLBP... GLBP is the better option since it gives you the ability to load-share between the two routers.
Here's a link to configuring GLBP:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_glbp.htm
Hope that helps - pls rate the post if it does.
Paresh
03-23-2006 03:45 AM
Hi Paresh,
Thank for a super fast response.
The router interface would have public IP's that would terminate on a switch. If i use GLBP, what would the IP of the virtual Gateway be? IP from ISP1 or ISP2?
NOTE:- We do not have any own spare public IP space.
Sai.
03-23-2006 03:48 AM
A better solution is to use private IP address space on the router LAN interfaces and then use NAT on each of the routers to NAT the traffic to the public IPs from the appropriate ISP.
Pls do rate posts that help.
Paresh
03-23-2006 03:56 AM
If i use private IP on LAN, how will the ISP route incoming traffic to the particular router??
Sai
03-23-2006 04:03 AM
That's why I said that you have to use NAT on the routers to translate the private space to public space so that the ISP can route it back correctly...
Paresh
03-23-2006 04:54 AM
Hi Paresh,
Can I get a sample conf please???
-Sai.
03-23-2006 06:08 PM
03-24-2006 09:37 AM
Hi,
I cant use BGP. My Q is can I use 2 routers for the 2 ISP's and use PBR to achieve load sharing and make the links redundant to each other?
-Sai.
03-27-2006 10:32 AM
I recommend you to use only one router (to simplify), and use two little cheap routers (the ones that your ISP gives for almost free) for sending the Internet IPs to your Cisco router (firewall). (Maybe it's the configuration you'r telling about...)
Although I believe OER is the solution to all of our problems, I haven't tested it, and haven't seen it working well, maybe it's a rock to use it just for a two ISP load-sharing configuration...
My very simple recomendation is:
int F0
description Local interface
ip address 192.168.0.1 255.255.255.0
ip nat inside
int F1
description Outside interface
ip address
ip address
ip nat outside
ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0
ip nat pool POOL1
ip nat pool POOL2
ip nat inside source route-map LAN-ISP1 pool POOL1 overload
ip nat inside source route-map LAN-ISP2 pool POOL2 overload
!
access-list 1 remark Gateway for ISP1
access-list 1 permit
access-list 2 remark Gateway for ISP2
access-list 2 permit
access-list 100 remark LAN 192.168.0.x to outside
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
route-map LAN-ISP1 permit 10
match ip address 100
match ip next-hop 1
route-map LAN-ISP2 permit 10
match ip address 100
match ip next-hop 2
This configuration can be more complex using sla to ensure lines are up before bringing up the default routes, but maybe these few lines are easier to understand and deploy. (With this working you can improve it later, the only problem is that with this configuration when a ISP fails all your connection fails)
One recomendation is not using load-sharing per-packet, use per-destination (the default issue), maybe it won't load-share 50%/50%, but it really works with two different ISPs without BGP (I think it's the real thing here).
Good routing, see U on Internet:
Fazerbcn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide