cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
673
Views
0
Helpful
1
Replies

2 Routers, 2 BGP routers, 1 NAT entry...

Ok this is a dousey of a question...

I am trying to split traffic entering from the web for servers so everything goes over the ADSL link but time sensitive information such as Sharepoint (TCP80) go direct over the ESHDSL link, now the problem is traffic that enters through the ESHDSL hits the server, the server replies out of its default gateway which is the ADSL which doesnt know what to do since it does not have a NAT entry for its return path.

How can I make it so traffic can enter one router and exit the other?

The two routers have HSRP to provide fail over between the two, and BGP is setup so one BGP route goes ESHDSL-ADSL and the other ADSL-ESHDSL

The routers are a 877M-SEC-K9 and a 881-SEC-K9

Any ideas?

Andrew

1 REPLY 1
jahetrick
Beginner

Andrew,

I don’t have a direct answer for you, but check out these two posts if you haven’t already.  Not exactly the same, but similar enough they might provide some insight.

https://supportforums.cisco.com/thread/150843

https://supportforums.cisco.com/thread/2090941

I’ll share my setup incase it sparks something for you.  I have two edge routers, each with their own BGP connection to the same ISP.  The two edge routers each connect to their own switch via an 802.1Q trunk; the switches also have an 802.1.Q trunk between them, allowing the routers to talk on the “inside”.  Instead of HSRP, the routers run GLBP on the inside, taking turns as the default gateway and routing traffic out to the ISP.  This creates an outbound load sharing that has worked well. 

Inbound is a different story.  I’m lucky enough to have two public IP blocks. I’ve engineered things is such a way that specific systems live on a specifics blocks.  I have two high traffic systems, system A is on block 1 and system B is on block 2.  Through the use of pre-pending my BGP updates to the ISP, the ISP prefers to send all inbound traffic to system A’s block through Router1 and all inbound traffic to system B’s block through Router2. It doesn't create a precise load balancing, but atleast traffic is comming in both circuits and not just bogging down one of the circuits.  If a router/circuit would fail, BGP will just send all inbound traffic through the remaining router/circuit

The biggest difference however is that I don’t do NAT on my edge routers. They are basically dedicated to BGP/routing and that’s it.  We have a firewall cluster (non Cisco) connected to each switch behind our edge routers that does the NATing.

               ISP

               /    \

     Router1    Router2

             |           |

     Switch1---Switch2