02-14-2005 08:23 AM - edited 03-02-2019 09:39 PM
I have a customer who has two offices, both have two Internet feeds. The problem is, both Internet feeds are from the same ISP, on the same subnet. My customer wants to load balance traffic out both Internet links, but, i'm a little stuck how I can do this since they are on the same subnet.
Both branches are connected currently with IPSEC vpn, however, i'm wondering when I implement the Cisco 1841's if I can have internet traffic go out one link, and IPSEC traffic go to the other gateway out the same interface on the router.
Router has two interfaces.. F0/0 and F0/1. F0/1 will go into a switch, and both ISP links will also go into that switch. I know I can't add an additional interface, as F0/1 and F0/2 can't be plugged into the same subnet as I will get routing overlaps :( Anyone have any thoughts? I'm quite stuck on this one.
Thanks!!!
Jamie
02-14-2005 09:32 AM
I am not sure that I understand clearly what problem you are trying to solve. I think you are saying that the office(s) have two Internet links, which come from the same provider, that both links are in the same subnet, and both connections will come into a switch at the office location.
Assuming that there are separate IP addresses for the provider end of the connections I think the most simple and reliable solution is to define two default routes and point one at each of the provider addresses. If the provider end points were 200.200.200.1 and 200.200.200.2 then the routes would look like this:
ip route 0.0.0.0 0.0.0.0 200.200.200.1
ip route 0.0.0.0 0.0.0.0 200.200.200.2
HTH
Rick
02-14-2005 03:21 PM
Hi Rick,
I can do this? How does the router know which default route to send to? Will it load-share across both? Can I direct my VPN tunnel to take say 200.2 and all other internet traffic to go to 200.1??
Thks
02-14-2005 06:20 PM
First lets start with a clarification: when you say the Internet links are in the same subnet I am assuming that you mean that the IP address of the provider end of the links are in the same subnet. Is this correct?
Then yes you can do what I suggested and define two default routes with the provider address as the next hop in the default route. The router will load share in this environment. Exactly how it does that will depend on some things such as whether you have cef enabled or not, whether there is something to cause process switching, etc.
You could direct VPN tunnel traffic on one and all other internet traffic on the other. I would probably not want to do that because the way I have suggested it will provide redundancy - if there is a problem on one link all traffic will go on the surviving link. If you have VPN on one and all other Internet on the other and one of the links has a problem there would not be redundancy.
There is something very odd about getting two Internet connections from the same provider, having them both arrive as an Ethernet handoff, and having them both in the same subnet. Your router will see all traffic through the same interface and only the MAC address to which it is forwarding will distinguish the two links as far as your router is concerned.
I would suggest that you have a talk with the technical staff of your provider and ask for their suggestions and their input about how other customers of theirs have done this.
HTH
Rick
02-15-2005 02:41 PM
Hi Rick,
So, say I enable cef, and use:
ip default-gateway 0.0.0.0 0.0.0.0 x.x.x.a
ip default-gateway 0.0.0.0 0.0.0.0 x.x.x.b
This will load share over both? Would this configure the links in a fail-over fashion? If it does load balance, how does it handle IPSEC traffic over both links? I'm waiting to hear back from their ISP, hopeuflly they can give me some more insight. I appreciate your help.
02-15-2005 06:57 PM
You have significantly changed the question. And I am not sure if you did it on purpose or through a misunderstanding.
I have been talking about default routes using ip route 0.0.0.0 0.0.0.0. And now your latest post is using ip default-gateway. It suggests that you think that they are equivalent. But they are not equivalent. ip route 0.0.0.0 0.0.0.0 will establish a route in the routing table which the router will use to forward packets. ip default-gateway does not establish a route in the routing table. And it can not be used when the router is forwarding packets. The default-gateway command in IOS is pretty much exactly the same as the default-gateway definition on a PC. The default-gateway command is used by the IOS when the box is acting as an end station not as a router. There are at least two circumstances where a router might need a default-gateway definition: if someone configures "no ip routing" or if the router boots into rommon.
I usually do configure default-gateway on routers that I configure for production. But I do it as insurance in case there is a serious problem on the router. But not as a way to define a default route.
HTH
Rick
02-16-2005 07:41 AM
Hi Rick,
Sorry about that, I had myself confused with another issue I am working on. Ignore the default-gateway command all together ;). I appreciate your help, thanks!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide