cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
273
Views
5
Helpful
2
Replies

WAN load balancing

cornelc
Level 1
Level 1

Hello

 

 I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing

so I add two route : 0.0.0.0 0.0.0.0 dialer1 and 0.0.0.0 0.0.0.0 fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN 

from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : 0.0.0.0 0.0.0.0 dialer 150

0.0.0.0 0.0.0.0 fa1. Any idea.

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

My first idea is that having the default route point just to the physical interface is not a good thing to do. There are multiple problems starting with the fact that doing this requires that the next hop device support proxy arp. And the trend is increasingly that organizations are disabling proxy arp because of the security implications. Beyond that is the problem that it requires your router to arp for every remote destination. And to maintain the ARP table with all of the arp responses, which increases your memory consumption and the CPU processing of the router to do all of the arp processing.

 

There are also complications of how to do NAT when you have two active Internet connections.

 

And if you are using both a fiber connection and an ADSL connection you are trying to balance with a higher speed and a lower speed connection and there are issues with this.

 

HTH

 

Rick

HTH

Rick

Hi Richard

I come back with more details:

First I try to setup router with WAN failover like this:

route-map SDM_RMAP_1 permit 1
 match ip address 101
 match interface FastEthernet0/0

route-map SDM_RMAP_2 permit 1
 match ip address 102
 match interface Dialer1


access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.26.60.0 0.0.0.255 any

access-list 102 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 102 protocol ip permit


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload

ip nat inside source static tcp 10.0.0.1 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable


ip route 0.0.0.0 0.0.0.0 x.x.x.x 150
ip route 0.0.0.0 0.0.0.0 y.y.y.y track 1 

interface FastEthernet0/0
 ip address x.x.x.x 
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
 crypto map SDM_CMAP_1

interface FastEthernet0/1
 no ip address
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1

interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname ...............
 ppp chap password 7 010109085702121F33434A0014524343
 ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
 no cdp enable
 crypto map SDM_CMAP_1


track timer interface 5

track 1 ip sla 1 reachability
 delay down 15 up 10

ip sla 1
 icmp-echo a.b.c.d source-interface y.y.y.y
 timeout 5000
 threshold 40
 frequency 6000
ip sla schedule 1 life forever start-time now

 

And I want to achive the following results:

All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.

And I have one server with few services ( DNS, WWW, MAIL...)  which must use just x.x.x.x connection if this failed dosen't matter if this services not working.

 

But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW  with x.x.x.x connection ( IP ) if I change default route like :

ip route 0.0.0.0 0.0.0.0 x.x.x.x  track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y  150

it's working

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: