cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1749
Views
0
Helpful
9
Replies

Two WAN uplinks and routing based on LAN source IP

Piotr Pawlowski
Level 1
Level 1

Dear all,

I have router with two WAN interfaces ('primary' and 'secondary') and one LAN. My LAN subnet is 10.0.0./23 .

For some reasons I need to configure router in such way, that most of the LAN users should go out via 'primary' WAN uplink, but few LAN ip address should use only 'secondary' WAN.

Which tools should I use? What is the best approach to achive above goal?

Thank you in advance for any tip.

BR

Piotr

3 Accepted Solutions

Accepted Solutions

Hello

You dont say how the uplinks are connected - ie dynamically or static routing however on the information you have provided initially this sounds like a job for PBR ( policy Based routing)

Something like this:

PBR with 2 wan links - static routing

==============================================

access-list 1 permit x.x.x.x

access-list 2 permit y.y.y.y

track 3 list boolean and

object 1

object 2

ip sla 1

icmp-echo (primary wan ip source-ip (Primary wan interface of router)

frequency 5

ip sla 2

icmp-echo (seconday wan ip source-ip (secondary wan interface of router)

frequency 5

ip sla schedule 1 start-time now  life forever

ip sla schedule 2 start-time now  life forever

track 1 ip sla 1 reach

track 2 ip sla 2 reach

route-map PBR permit 10

match ip address 1

set ip next-hop (prmary link) (seconady link)

set ip next-hop verify-availability (prmary link) 1 track 1

set ip next-hop verify-availability (secondary link) 2 track 2

route-map PBR permit 10

match ip address 2

set ip next-hop (secondary link) (prmary link)

set ip next-hop verify-availability (secondary link) 1 track 2

set ip next-hop verify-availability (prmary link) 2 track 1

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( prmary wan) 200 track 3

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( secondary wan) 250

int xx ( lan interace)

ip policy route-map PBR

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Hello

Any prefix matched in either acl 1 or 2 will be PBR'd to the first nexhop defined in the route-map associated with that acl (if it is reachable), if its not reachable it will try the secondary nexthop defined....

If no matches are made on either acl then the packet will NOT be PBR'd it WILL be routed as per the default routing table.....it isn't dropped.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Hi,

track 3 will be up if track 1 and track 2 are UP and will be down when either one is down or both are down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

9 Replies 9

Hello

You dont say how the uplinks are connected - ie dynamically or static routing however on the information you have provided initially this sounds like a job for PBR ( policy Based routing)

Something like this:

PBR with 2 wan links - static routing

==============================================

access-list 1 permit x.x.x.x

access-list 2 permit y.y.y.y

track 3 list boolean and

object 1

object 2

ip sla 1

icmp-echo (primary wan ip source-ip (Primary wan interface of router)

frequency 5

ip sla 2

icmp-echo (seconday wan ip source-ip (secondary wan interface of router)

frequency 5

ip sla schedule 1 start-time now  life forever

ip sla schedule 2 start-time now  life forever

track 1 ip sla 1 reach

track 2 ip sla 2 reach

route-map PBR permit 10

match ip address 1

set ip next-hop (prmary link) (seconady link)

set ip next-hop verify-availability (prmary link) 1 track 1

set ip next-hop verify-availability (secondary link) 2 track 2

route-map PBR permit 10

match ip address 2

set ip next-hop (secondary link) (prmary link)

set ip next-hop verify-availability (secondary link) 1 track 2

set ip next-hop verify-availability (prmary link) 2 track 1

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( prmary wan) 200 track 3

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( secondary wan) 250

int xx ( lan interace)

ip policy route-map PBR

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

That's great. pdriver, thanks!

Can you jest explain what statement below mean?

track 3 list boolean and

object 1

object 2

And why it is used in 'ip route'?

Thanks in advance.

Hi,

track 3 will be up if track 1 and track 2 are UP and will be down when either one is down or both are down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

pdriver,

I configured almost in same way as you wrote (I skipped SLA part, because right now I do not need it) and unfortunately something is not as I thought:

Router(config)#route-map RM-test permit 10

Router(config-route-map)#match ip add

Router(config-route-map)#match ip address ACL_all_computers_subnet

Router(config-route-map)#set ip next-hop GW_IP_of_primary_uplink

Router(config-route-map)#exit

Router(config)#route-map RM-test permit 10

Router(config-route-map)#match ip address ACL_internal_servers

Router(config-route-map)#set ip next-hop GW_IP_of_secondary_uplink

Router(config-route-map)#exit

Router(config)#do sh route-map RM-test

route-map RM-test, permit, sequence 10

  Match clauses:

    ip address (access-lists): ACL_all_computers_subnet ACL_internal_servers

  Set clauses:

    ip next-hop GW_IP_of_primary_uplink GW_IP_of_secondary_uplink

  Policy routing matches: 0 packets, 0 bytes

So, as far as I understand, both uplinks will be threated equally or GW_IP_of_primary_uplink will handle most of the traffic.

Please, let me know, where I made a mistake in configuration or in a way of thinking.

Thank you in advance.

Hello

I saw an config error in my OP relating to the route-map stanza's numbering  - which I amended, please check.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

It works like a charm.

Thank you all for sharing your knowledge.

Piotr Pawlowski
Level 1
Level 1

Yes, I was also thinking about PBR. However, I have one concern regarding access-list in this example (please correct me if I am wrong):

  • acl 1 should consist of sigle IP addresses which should go via 'secondary' link
  • acl 2 should be 'one-liner' which enables traffic for whole network via 'primary' link

With above conditions, first route-map entry should have set ip next-hop (secondary link) (prmary link) while second route-map should have set ip next-hop (prmary link) (secondary link).


Let's presume, that request comes from IP 10.0.0.2, which is not in acl 1. Because acl 1 cannot be applied on 10.0.0.2 , it will be 'transferred' to acl 2 and at the end request from 10.0.0.2 will go via 'primary' uplink. Request from 10.0.0.3 IP, which is mentioned in acl 1, will be 'cought' by acl1 so it wil go via 'secondary' uplink.

Do I understand it correctly?

Thanks.

Hi,

What you could do too is primary path with a default static route with AD of 1 and secondary path with a static route with AD of 10, then make an ACL for the few LAN users wanting to go via secondary path and match against it in a route-map that sets the next-hop to secondary next-hop.Then use this route-map for PBR on the lan interface.

of course there is no tracking involved here  so depending upon wan technology you may need to track the first static route so most users use secondary when secondary is down and track the next-hop in the PBR so few users will use primary in case secondary link is down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hello

Any prefix matched in either acl 1 or 2 will be PBR'd to the first nexhop defined in the route-map associated with that acl (if it is reachable), if its not reachable it will try the secondary nexthop defined....

If no matches are made on either acl then the packet will NOT be PBR'd it WILL be routed as per the default routing table.....it isn't dropped.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: