Solved: CEF Load Balancing

arkardaniels · ‎06-01-2018

I would like to setup CEF Per-Destination Load Balancing and could anyone explain to me that the steps I'm taking are going towards the right direction please?

CEF is enabled by default.

Received ip address from 2x Edge soho routers on 2x FastEthernet (0-1) WAN links.

Both 192.168.x.x /24 different Subnets.

Created Access-List 10 to allow 10.x.x.x /24 LAN Subnet on FastEthernet(2)

2x ip nat outside on WAN, ip nat inside on LAN

route-map One permit 20
match ip address 10
match interface FastEthernet1/0
!
route-map Two permit 20
match ip address 10
match interface FastEthernet1/1

!

ip nat inside source route-map One interface FastEthernet1/0 overload
ip nat inside source route-map Two interface FastEthernet1/1 overload

-----------------------------------------------------------------

Result

------

All nodes from Subnet 10.x.x.x /24 LAN can go online.

ip nat translation shows it's working properly.

BUT I can not ping to internet from LAN default-router address (Fa1/2) and sometime I can.

I really would like to know why.

kind regards,

AD

paul driver · ‎06-03-2018

Hello

Given you current setup you may need to apply some additional configuration to get this to work as you have requested?

For LB per destination, well it does that by default you should be able to see that with this command, if you continually apply it you see the cef path it will take

sh ip cef exact-route 10.0.0.150 8.8.8.8

Now given you have dhcp enabled wan links your two default static routes I don't think will be able to have any sla tracking applied them so you would need a way to conditional route and nat between the two wan links.

Embedded event manager ( EEM) should be able assist here?

ip route 0.0.0.0 0.0.0.0 VLAN3 dhcp
ip route 0.0.0.0 0.0.0.0 VLAN7 dhcp 250

event manager applet VLAN3-DOWN
event track 1 state down
action 5.0 cli command "enable"
action 5.1 cli command "conf t"
action 5.2 cli command "no ip route 0.0.0.0 0.0.0.0 VLAN3 dhcp"
action 5.3 cli command "exit"
action 5.4 cli command "clear ip nat translation *"
action 5.5 cli command "end"

event manager applet VLAN3-UP
event track 1 state up
action 5.5 cli command "enable"
action 5.6 cli command "conf t"
action 5.7 cli command "ip route 0.0.0.0 0.0.0.0 VLAN3 dhcp"
action 5.8 cli command "exit"
action 5.9 cli command "clear ip nat translation *"
action 6.0 cli command "end"

ip sla 10
icmp-echo X.X.X.X source-interface VLAN3
frequency 5
ip sla schedule 10 life forever start-time now

track 1 rtr 10

sh ip route
sh ip nat translations
sh track

Try the above configuration and test again

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎06-01-2018

Hello,

which routes do you have installed ? Post the full config of your router...

arkardaniels · ‎06-03-2018

Thanks so much for reply mate.

Cisco 887VA-W

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname example
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$8M.G$JoDaY8Fx5frE/.LSaWVxb.
!
no aaa new-model
ethernet lmi ce
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.0.0.1 10.0.0.160
ip dhcp excluded-address 10.0.0.191 10.0.0.254
!
ip dhcp pool local-pool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.150
dns-server 208.67.222.222
lease 7
!
!
!
ip domain name example.home
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
username Bob privilege 15 secret 5 $1$dtjq$TMFkDEnBhitoMTLmvF2eN0
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
switchport access vlan 3
no ip address
!
interface FastEthernet1
switchport access vlan 7
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Wlan-GigabitEthernet0
no ip address
!
interface wlan-ap0
no ip address
!
interface Vlan1
ip address 10.0.0.150 255.255.255.0
ip access-group DNS-Blocker in
ip nat inside
ip virtual-reassembly in
!
interface Vlan3
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface Vlan7
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map Conn-1 interface Vlan3 overload
ip nat inside source route-map Conn-2 interface Vlan7 overload
ip ssh version 2
!
ip access-list extended DNS-Blocker
permit udp 10.0.0.0 0.0.0.255 host 208.67.222.222 eq domain
permit tcp 10.0.0.0 0.0.0.255 host 208.67.222.222 eq domain
deny udp any any eq domain
deny tcp any any eq domain
permit ip any any
!
!
route-map Conn-1 permit 10
match ip address 10
match interface Vlan3
!
route-map Conn-2 permit 10
match ip address 10
match interface Vlan7
!
access-list 10 permit 10.0.0.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
no vstack
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
exec-timeout 5 0
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

Georg Pauwen · ‎06-03-2018