Load balancing in this scenario will probably require quite a bit more than just adding another static route. However, there are two key determinants: what link protocol is running on the T1 link and does your DSL link use the same public IP(s) for you as your T1 link.

I am assuming your T1 is Cisco HDLC or PPP, but if it is frame relay you will need to add a mechanism to detect when your PVC goes down and the LMI stays up (hint, you can use whatever technique you use to detect network down on the DSL link, see next below).

I am also assuming you have a standard DSL and your DSL "modem" is doing NAT (implied by your original statement of the problem, but not explicitly called out).

In this case, you have several issues to deal with before you even consider load balancing. The first is detecting when one of your links is down so that you do not continue sending outbound traffic down a dead line. On a point-to-point T1, this is trivial, as the interface will go down any time the link has problems. On the DSL link (and sometimes your T1 if frame relay), the router interface will stay up even when the link is down. This makes for bad surfing...

You might be able to get Verizon to run a routing protocol with you on your T1, but this alternative is probably not available on your DSL line. For your DSL line, you have three choices - you can ignore the problem and lose communications for whatever services you allocate to use the DSL line, you can forego load balancing and only use the DSL line when the T1 fails (and hope it is functional when you need it), or you can use ping based routing (search for the "RTR" acronym on CCO).

Once you can reliably detect which links are up, you can use policy routing to select which interface is the preferred route for which traffic. You just need to make sure that all traffic on a particular connection (such as a TCP connection or sequence of UDP transactions) will always use the same link, otherwise the other end will see two different IP addresses for your box and fail to communicate.

Finally, you will need to make sure that the correct NAT is done regardless of path, so that the NAT is correct for the path taken. This should not be a problem for you, as you state that the router is not doing NAT at all. Cisco routers have a problem with NAT when the same address pair needs a different NAT depending upon which outside interface is used.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

T1 is Frame Relay , and DSL does not use same public IP's I have a small block of Ip's for both the T1 and the DSL.....and the DSL is not doing NAT The IP I have on both of interfaces are Valid Routable IP's..

Please Advise...

Thanks

James

Not needing NAT makes it much easier. Just use response time recorder to test the lines and set the available default routes accordingly. Use a high admin distance on the DSL so that it is only used when the T1 is down. Set up NAT so only the DSL link is outside and your T1 public IPs are translated to DSL public IPs when the T1 is down. (Make sure the T1 interface is also configured as an inside interface.)

This assumes that all your inside users can be assigned IP addresses from your T1 public block and that all use of Internet access is driven by inside systems initiating connection to Internet services. Note that when a failover occurs, service will be lost on any open connections until the connection is torn down/times out and is reestablished.

If you are also providing services to the public Internet, you have to deal with your T1 IPs going away. Playing games with DNS is not a good general purpose solution, although it can limit your downtime to a typical worst case of 24 hours. However, multiple MX records in your DNS can allow mail to use either path (SMTP is smart enough to understand alternate mail servers, define one on your T1 public and one on your DSL public).

Good luck and have fun! And be careful, it is really easy to shoot yourself in the foot getting too fancy with redundancy...

Vincent C Jones

www.networkingunlimited.com

any thing the Public See's is off site in a colo .....

your response is a little confusing...."This assumes that all your inside users can be assigned IP addresses from your T1 public block "

This is incorrect..I have a PIX firewall that does NAT..... so the users reside in 10.0.0.x /24 Ip range.. the Pix is the only Devise that has a valid routable IP.....it's a 506E so it only has one untrusted interface........ should I be doing the failover in the PIX or the Router?

Thanks

James

Maby..I need to buy your book......

Now that it is out of print, everyone needs to buy my book... but you'll find it an excellent investment. The technical details will put you to sleep, the implications will keep you awake at night :-) But there is an example of using NAT for failover in chapter 8 which you may be able to adapt to your situation (the listings are on my web site, the documentation for the listings are in my book).

As for your NAT in the PIX. That is good. Where Cisco falls flat on its face is NAT to the same destination from the same source through two different outside interfaces which require different NATs. You don't have that problem (and believe me, it is a nasty problem).

Enjoy!

Vincent C Jones

www.networkingunlimited.com

....So if it's out of print what do I do?

to cut to the chase...I can cut a check to get your help.....

James

Buy a "used" (aka remaindered) copy off Amazon.com. Last time I checked its going for anywhere between $8 and $15. Or if you want an autographed copy, send me a check for $50 and I'll send you one from my private stash :-)

If you want serious help (aka consulting), full contact info is on my website (along with a pointer to my book on Amazon). Please follow up outside this forum, as anything smacking of commercial solicitation is against forum rules.

Vincent C Jones

http://www.networkingunlimited.com