Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Service publishing with static Multihoming.

I was browsing hundreds of topics on the Net and Cisco and found some great ideas in professionals' comments. Unfortunately, I didn't catch one may be simple, but quite important for our configuration question.

Famous configuration: one router, 2 independent ISPs. No routing protocols provided by ISPs. Load sharing, balanced traffic through CEF, PBR, Reliable Static Routing are doing their job for traffic from internal network to Public Internet perfectly.

Another matter for incoming traffic. Static NAT entry for published service has been created for both interfaces as follow:

ip nat inside source static tcp <internal> 25 <external> 25 extendable

If packet is arriving through interface ISP1, passing NAT and making an entry to NAT table Outside-Inside, accessing internal host. Host replies, packet is going to internal interface on the Router and (according to Cisco's "NAT order of operations") first checks Routing table. Because table has only static entries and they are in specific order (for example ISP2 IP address has precedence) than packet will be formed with ISP2's next hop, than proper NAT translation inside-outside occurs, but packet is forwarding to ISP2 instead of being sent to ISP1, which is wrong and session terminated.

Making long story short: how to use PBR (if this is proper tool) or any other IOS feature to make an entry to some kind of routing cache when packet is traveling from outside to inside via ISP1 and than use this entry to send packet via the same ISP1 on the route from inside to outside.

Thank you in advance,

5 REPLIES
Silver

Re: Service publishing with static Multihoming.

New Member

Re: Service publishing with static Multihoming.

Hi Brian,

Thank you for your attention.

The article is interesting and we have been read it before. And it points to BGP usage.

The problem in topic is: "No routing protocols provided by ISPs.". Router may use only static or policy-based routing.

It looks like the whole community doesn't know how to configure single router with 2 WAN interfaces and 2 independent ISPs to handle incoming requests with simple load balancing (at least Round Robin). This feature (if it's possible to implement at all, or Cisco will finally create ability for router to "remember" the interface through which incoming packet has come and use this entry for outbound packet to exit via exactly same interface through which it came) will create tremendous possibility for all small/medium/large enterprises to use Cisco hardware for mission critical applications, which requires load sharing and reliability for remote access to internal resources.

Thank all for participation and possible help.

New Member
New Member

Re: Service publishing with static Multihoming.

The solution from Besim should fix the routing.

As this is a mail server, you will need some DNS configuration to ensure that outside traffic flows as intended. Two ways to do this.

Option 1, incoming mail primarily from ISP1 unless down, then isp2:

mail1 IN A 1.1.1.1

mail2 IN A 2.2.2.2

MX 10 mail1

MX 20 mail2

Option 2, balance incoming mail among both ISPs:

mail1 IN A 1.1.1.1

mail2 IN A 2.2.2.2

MX 10 mail1

MX 10 mail2

This only works for SMTP. To balance other outside-in traffic (Web, FTP, etc.) and ensure against a failure of one ISP, you need to run two authoritative name servers and have each reachable via one ISP. Each name server lists the IP address of the NATted host on its respective ISP. Use a short TTL on the order of five minutes. If one ISP link goes down, then the name server on its network won't be reachable and the only reachable one will return an address that is also reachable. If both are up inbound traffic will balance.

New Member

Re: Service publishing with static Multihoming.

We have tested web site in this scenario. For this site on DNS server were specified two IP addresses. When one link was down, outside users were able to reach the site through the other line by second IP address.

For protocols with multiple connections in one 'session' this would work if all connections initiate from the same side.

146
Views
0
Helpful
5
Replies