Re: Load Sharing over 3 ISPs with NAT

rlewau · ‎03-22-2002

Hi

We would like to load share over the three different ISPs and NAT outgoing traffic on the basis of what interface the packets are routed through. This is a our config to show you how we tried to solve this.

interface FastEthernet0/0

description inside

ip address 172.16.11.15 255.255.252.0

ip nat inside

speed 100

full-duplex

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.2

description ISP1

encapsulation dot1Q 2

ip address 212.247.91.225 255.255.255.240

ip nat outside

!

interface FastEthernet0/1.3

description ISP2

encapsulation dot1Q 3

ip address 62.119.74.130 255.255.255.192

ip nat outside

!

interface FastEthernet0/1.4

description ISP3

encapsulation dot1Q 4

ip address 62.119.74.194 255.255.255.192

ip nat outside

!

ip nat inside source route-map Feed1-ISP1 interface FastEthernet0/1.2 overload

ip nat inside source route-map Feed1-ISP2 interface FastEthernet0/1.3 overload

ip nat inside source route-map Feed1-ISP3 interface FastEthernet0/1.4 overload

!

ip classless

ip route 0.0.0.0 0.0.0.0 212.247.91.238

ip route 0.0.0.0 0.0.0.0 62.119.74.129

ip route 0.0.0.0 0.0.0.0 62.119.74.193

ip route 172.16.12.0 255.255.252.0 172.16.8.1

!

route-map Feed1-ISP1 permit 10

match interface fastethernet0/1.2

!

route-map Feed2-ISP2 permit 10

match interface fastethernet0/1.3

!

route-map Feed3-ISP3 permit 10

match interface fastethernet0/1.4

!

So far the only thing that happens are that all traffic are routed through ISP1. Ideas?

We have a cisco 2651 together with a Catalyst 2950 that connects to three different ISPs over VLANS. Our internal network consists of unregistered ip addresses.

ruwhite · ‎03-23-2002

I'm fairly certain match interface doesn't work with NAT--you'll need to specify destination address ranges using extended access lists in your route maps.

Russ

rlewau · ‎03-24-2002

Actually the NAT part is working fine. The problem is that the traffic only gets routed through the first interface and do not load share. When we verify that load sharing is enabled, everything looks as is should. On hint perhaps is that when we do "show ip route xxx.xxx.xxx.xxx" the reply is "Not in table" but there are three equal cost paths to all networks.

srittenberg · ‎03-24-2002

I have similar case, but two ISP. I have to seperate the routes or they will take the primary route, I even add the admin distance to see if I could forth the traffic to one from the other, doesn't work. you may think about seperating the routes, it doesn't look good, but it should work.

mberrocal · ‎03-24-2002

I think your configuration is ok, and it should work. So let's make some changes as workaround.

Try changing the static routes to:

ip route 1.1.1.1 255.255.255.255 212.247.91.238

ip route 1.1.1.1 255.255.255.255 62.119.74.129

ip route 1.1.1.1 255.255.255.255 62.119.74.193

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 172.16.12.0 255.255.252.0 172.16.8.1

or also:

upgrade IOS

just some thoughts

srittenberg · ‎03-24-2002

Roger

If this works for you, please post it. I'll try it on one of my remote sites too. I have few remote sites that have two default routes, they all seams to pick one of the route over the other, not doing load balance, even though both route show up in teh routing table it seams like they are.

thanks