Load balancing and nat

nekko · ‎09-29-2004

Hi.

I have the following scenario: a router with an (1) inside private network (172.16.0.0 /24) and two outside public networks, each provided from an ISP. Both ISPs installed a router to terminate their network legs and give me the Ethernet port to connect to and 1 public IP to assign to each interface. Packets from inside network are

nat-transalted (overloaded) and default-routed to one of the two interfaces. I'd like to configure the router (C2611XM) in a way that allow to load-balance the traffic when both interfaces are available, and to use only one interface when the other is down.

In particular I'd like to understand:

1) How can the router manage this 'parallel' nat on two differnet outside interfaces for packets coming from the same inside interface? Can I write more than one nat instruction or exists a finest way to manage this situation?

2) How can the router realize that one ethernet interface is not available (not actually 'down', because the Ethernet interface will probably stay up) and force the traffic to other interface?

Thanks in advance for help

nekko

nihal.akbulut · ‎09-30-2004

Hi,

for load balancing you can use 2 default routes each pointing a different ISP as next-hop. Because of their admin distances will be same so your outgoing traffic will be load balanced between two ISP. After that you can use nat with route maps. This makes router to decide which "nat overload" statement will be used based on next-hop.

here is an example;

ip nat pool provider1-space ...

ip nat pool provider2-space ...

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool provider2-space

!

route-map provider1-map permit 10

match ip address 1

match interface E1 -> your int. that goes to ISP1

!

route-map provider2-map permit 10

match ip address 1

match interface E2 -> your int. that goes to ISP2

hope this helps..

nekko · ‎09-30-2004

Thank you very much: remarkable description!

I will try and let you know.

Thanks again

nekko

aiyappa · ‎10-13-2004

Hi

The explanation given is defintely impressive but i was wondering when you need to connect to a site where will the name resolution be done. ok you can have a DNS server inside your side, but the two ISP will be advertising differrent costs to the same destination and that would mean that the packets will reach the destination in a different sequence, thus you would need to assemble the packets and sequence them at the destination. This could cause problems if the data is delay sensitive.

The alternative to this is to run BGP (or protocol run by the ISP) between the ISP router and your router. this way the best path to any site will be known by your router and traffic will choose the best path. you would obtain load sharing and not balancing but your applicatins will not be affected and both the links will be utilised.

tekha · ‎10-14-2004

Once you've got the loadsharing to work.

This might answer your second question on reachability. Remember it is only available from IOS 12.3(8)T

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html#wp1071672

r.seetharam · ‎10-20-2004

i am having 1711 xm Router and we are connected to two different ISPs (1711 is having 4 LAN ethernet port and 1 wan ethernet port),

i want to configure ISP1 as primary Interface and ISP 2 as backup Interface , Now ISP1 has provided 1600 Router i am connecting LAN ethernet port of 1600 to LAN eTHERNET PORT OF 1711xm ,

and ISP2 will be connected directly to 1711 WAN Ethernet port,

now i want to make ISP1 as primary and ISP2 as backup and i also want to configure NAT between 2 ISPs.

CAN U PLEASE GUIDE ME IN GIVING A SAMPLE CONFIGURATION FOR MY REQUIRED SETUP.

Thnaks in Advance

raghu

carlosv · ‎10-20-2004

Nekko,

This document describes in detail exactly what you want to know.

http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/tech/emios_wp.htm

I've made this lab and it works very well. Altough it focuses on using BGP you could get the same results using another internal routing protocol.

It also depends a bit on DNS updates and sometimes external clients would get stuck if caught in the middle of an event because of local DNS caching.

Hope this helps

Carlos

vcjones · ‎10-25-2004

1) How can the router manage this 'parallel' nat on two differnet outside interfaces for packets coming from the same inside interface? Can I write more than one nat instruction or exists a finest way to manage this situation?

Cisco routers handle this very poorly. You can use route maps to assign a NAT based on which interface is used, but that NAT, once assigned, will continue to be used until the NAT times out, regardless of which outbound interface is used to actually send the traffic. The result is that even if you get the router to send the traffic out an alternate route, the original NAT (which is only good on the original path) will continue to be used.

This limitation requires either that only one of the outbound links be an "outside" interface, or that you use some fancy TCL programing in the ESM facility available only on selected routers (8xx & 17xx).

2) How can the router realize that one ethernet interface is not available (not actually 'down', because the Ethernet interface will probably stay up) and force the traffic to other interface?

This requires "ping based routing" another new feature introduced in the 12.3T series. This works, but still has some interesting foibles, so test carefully before putting into serious production. In particular, there are a wide range of conditions under which a path, once down, will not get detected when it comes back up.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com