Multi ISP connections

msaeed · ‎02-28-2022

HI,,

I have multi ISP internet connections. i need to set up a load balancing using these multi ISP connections.

i am not searching for failover

i have the below devices.

ISR 4331 router
2 core switch C9470
2 cisco firewall 1150
servers for LAN and servers will be accessed from the internet
around 20 VLAN

balaji.bandi · ‎02-28-2022

Where is these connections ISP terminated into Cisco Routers?

You can do static routing towards both ISP so it LB, but we suggest to do failover rather blackhole the traffic.

are you looking config here or design ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

msaeed · ‎03-01-2022

@balaji.bandi

Where is these connections ISP terminated into Cisco Routers?

yes, the connections ISP connected to the router ....ISPs Modem--->router--->firewall--->Core and lan

are you looking config here or design ?

i am looking for both Config and design

Georg Pauwen · ‎03-01-2022

Hello,

here is what the configuration could look like. You basically have both ISPs active, and if one goes down, the respective static route will be removed through a series of EEM scripts:

track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
!
interface GigabitEthernet0/0/0
description Uplink to ISP 1
ip address x.x.x.x x.x.x.x
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description Uplink to ISP 2
ip address y.y.y.y y.y.y.y
ip nat outside
negotiation auto
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
!
ip sla 2
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
!
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 0.0.0.0 0.0.0.0 y.y.y.y
!
event manager applet ISP_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 x.x.x.x"
action 4.0 cli command "end"
action 5.0 cli command "clear ip nat translation *"
!
event manager applet ISP_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 x.x.x.x"
action 4.0 cli command "end"
action 5.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_DOWN
event track 2 state down
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 y.y.y.y"
action 4.0 cli command "end"
action 5.0 cli command "clear ip nat translation *"
!
event manager applet ISP_2_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 y.y.y.y"
action 4.0 cli command "end"
action 5.0 cli command "clear ip nat translation *"

Georg Pauwen · ‎03-01-2022

Hello,

I don't know if the 1150s can do active/active, but either way, you could either use dual static routes for load balancing, or policy based routing, in order to direct traffic to either firewall. You would need an IP SLA to monitor the availability of both routes, and in case one goes down, the respective static route would be removed. That way, you can leverage what you have (and pay for, which is two ISP connections).