Dual ISP setup on Cisco ISR4351

anthonysmills · ‎08-13-2020

I just started my first Network Admin job at a new company and am trying to get implemented a second ISP connection that have been at a remote site for a few months but not in use. They wanted to set up load balancing over there but all there is out there is the ISR router and the 2 routers from the ISPs. We use this site as DR and I am comfortable having the traffic between sites going through the second connection (ISP2) and letting ISP1 do everything else. So without trying to disrupt connection too much I went in and just added and ip route for 0.0.0.0/0 to the new ISP, but this did not put the route in the ip cef/ip routing table. Now we are not directly connected to either. We currently have ISP1 and 2 running into a cisco switch and then a single connection into the ISR router.

I have tried to change the metric of the ip route that is from ISP1 to higher than ISP2 with no luck as well. I have attached our config(with important info changed and unimportant removed) if anyone thinks they could help. I would like these to be load balanced if the ISR can handle true load balancing. Otherwise I want ISP1 to run all traffic except traffic to our main site running through ISP2.

Thank you in advanced.

Georg Pauwen · ‎08-13-2020

Hello,

you can try the below.

First, create two static routes using fake default gateways. Make sure the IP addresses you use as fake default gateways, 192.168.1.2 and 192.168.2.2 in the example below, are not actually in use.

ip route ip.of.isp1.router. 255.255.255.255 192.168.1.2 --> ISP1
ip route ip.of.isp2.router 255.255.255.255 192.168.2.2 --> ISP2

Now, since the gateways are different you can create two routes to the same destination, but using different gateways:

ip route 0.0.0.0 0.0.0.0 ip.of.isp1.router
ip route 0.0.0.0 0.0.0.0 ip.of.isp2.router

This will result in 50/50 load balancing. Both default routes will show up in the routing table.

anthonysmills · ‎08-14-2020

So putting the ISP IPs on route to non used gateways will kind of reset them? And then adding both back in to last resort gateways will result in CEF working as intended? Do I have that correct?

Also I am confused as to why me putting 10.100.30.0/24 on the second ISP didn't override the first since it is the more detailed route instead of just 10.100.0.0/16 that was in the routing table.

Could any of this be due to the fact that the last guy had the ISP router plugged into a switch and then that switch plugged into our router? Because that is also how I had to set up the second ISP because the router had no free ports.

Sounds like something I'll need to be on site for since I'm guessing this will stop flow until I get the second set of commands put in.

Georg Pauwen · ‎08-14-2020

Hello,

basically, you are 'tricking' the router into believing there are actually different default gateways.

ip route 1.1.1.1 255.255.255.255 192.168.1.1
ip route 2.2.2.2 255.255.255.255 192.168.2.1

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2

will result in:

Router#sh ip route

S* 0.0.0.0/0 [1/0] via 2.2.2.2
[1/0] via 1.1.1.1

anthonysmills · ‎08-14-2020

Will this cause a connection drop? Do I need to be in front of the device to do this or can I do it remotely? I am about an hour or so from that site, so if I can do it without any chance of dropping service I would like to do it from here. But dont want them to be without internet for bare minimum an hour if this drops it.

Georg Pauwen · ‎08-14-2020

Hello,

I think you can do this remotely. The static routes you currently have provide connectivity. Just leave them in there, add the two default routes, make sure they are both in the routing table, then remove the other static routes. Be aware though that this will provide for 50/50 load balancing, if this is what you want.

Also, before you start, save the current configuration to memory (wr mem), and use the exec command 'reload in' or 'reload at' to make sure that when you make a mistake, the router will reload and you will have connectivity back. To cancel the reload, if everything goes well, use the 'reload cancel' exec command...

e.ciollaro · ‎08-15-2020

Hi

an alternative to what George wrote is to use Policy Base Routing: for example you could load balance using ISP1 for certain type of traffic (let me say http) and ISP2 for some other kind of traffic (ftp, SMTP,...) or, if you prefer, you could route some internal LAN on ISP1 and some other on ISP2 (or, if have just one network, differentiating the first half and the second half)

Enrico

PS: Please rate if useful

anthonysmills · ‎08-18-2020

I thought of this. Having site to site traffic go through isp2 for zerto and then having all external traffic going to isp1. I think I would do this as having 0.0.0.0 point to isp1 and then our 10.0.0.0/8 go through isp2. Does that seem like it would work?

paul driver · ‎08-16-2020

Hello
First I would advise caution on changing anything on any production rtr if you are not 100% sure the outcome of those changes especially if your performing those changes remotely and risk possible outage to the client and also losing remote access to revert the changes you apply.
I see you have MLPP applied but you then mention dual or multiple ISP's connection, So its not clear what the design is truly running here.

For the Multi-link connection if you do have dual links to a single ISP then LB would be already running via the MLPP virutal link over its related physical links, be it default per-destination load sharing>

Can you confirm if you have dual physical connectivity to a single isp and also additional single physical connectivity to additional ISP's

Lastly your static routing is very convoluted you have currently 3 default static routes and then multiple specific routes mostly pointing to ISP1 which has on of these default routes, So I would say those specific statics may not be really required, Plus they either have no administrative distances or tracking which may not work due to having multiple default static thatcould make the tracking incomplete or not work.
I would suggest you at first tidy up the static routing before you preceded with any LB project..

ip route 0.0.0.0 0.0.0.0 ip.of.isp1.router track 2
ip route 0.0.0.0 0.0.0.0 ip.of.isp2.router
ip route 0.0.0.0 0.0.0.0 172.16.213.1 100 <isp ???>

ip route 10.150.100.0 255.255.255.0 ip.of.isp1.router track 100
ip route 10.150.211.0 255.255.255.0 ip.of.isp1.router track 211
ip route 10.150.212.0 255.255.255.0 ip.of.isp1.router track 212

ip route 10.211.0.0 255.255.0.0 ip.of.isp1.router track 211
ip route 10.211.0.254 255.255.255.255 ip.of.isp1.router
ip route 10.212.0.254 255.255.255.255 ip.of.isp1.router
ip route 10.212.0.0 255.255.0.0 ip.of.isp1.router track 212

ip route 172.21.100.0 255.255.255.0 ip.of.isp1.router track 100
ip route 172.21.211.0 255.255.255.0 ip.of.isp1.router track 211

ip route 172.21.212.0 255.255.255.0 ip.of.isp1.router track 212

ip route 10.100.0.1 255.255.255.255 ip.of.isp1.router
ip route 10.100.0.0 255.255.0.0 ip.of.isp1.router 2
ip route 10.100.0.0 255.255.0.0 ip.of.isp1.router track 100

ip route 10.100.0.0 255.255.0.0 ip.of.isp2.router
ip route 10.100.30.0 255.255.255.0 ip.of.isp2.router

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

anthonysmills · ‎08-18-2020

So I just took over this network from someone that built all this over the last 10 or so years. So I'm sure why it looks like it does, or what all is running or why. But traffic is working currently and I am not wanting to break it middle of the workday. As far as physical connections. The isp1 has 2 connections to the switch which then plugs a single connection into this router. Isp2 has just one connection to the switch as I plugged it up.

I think the routing table could be reduced to 0.0.0.0, then out subsites 10.100.0.0/16, 10.213.0.0/16, etc, and then our voice traffic going on 172.0.0.0. I am not sure what the rest of it is. I may save a config and then start removing stuff and reload if something breaks. I may have to just make a Saturday of it once we get done with some other projects going right now. Can you explain the mlpp you see and any suggestions to try and clean up?