Dual WANs and your own Class C

kenpaul · ‎05-01-2022

Hello,

Looking for help in setting up ISR 4351. We have two locations. Each location has:

1. An ISR with 3 physical interfaces

2. Have /30 from ISP1 (x.x.x.x/30) and ISP2 (y.y.y.y/30)

3. Have /24 Class (z.z.z.z/24) from ARIN that we are dividing in half to use at each location (z.z.z.1/25 and z.z.z.128/25)

4. Have an UTM firewall behind each ISR that does NATing, filtering, etc. So that everything going to z.z.z.z should be sent to the UTM.

5. BGP session with ISP 1 and 2. ISPs are only sending their customer and default routes. We are advertising z.z.z.z/25 to them from each location.

I was going to use Interface 1 and 2 for each ISP. Would you recommend using 3rd interface for class C with z.z.z.1 and z.z.z.129 as IP on each ISR? Connect the 3rd interface to UTM and put z.z.z.2 and z.z.z.130 as WAN IP on the UTM. Or is another/better way of doing this?

Thanks,

Ken.

balaji.bandi · ‎05-01-2022

If your UTM FW (since you did not mentioned what that is) can able to do that, its good to go,

Only that one not mentioned here, Failover? ISP1 Fail you like to move to ISP2 ? or there is no requirement?

that need to look what UTM FW do the work for you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kenpaul · ‎05-01-2022

Thanks BB! The UTM is Zyxel ATP. Yes, we would like failover solution. Here is the config I have on one of the ISRs:

interface GigabitEthernet0/0/0
description ISP1
ip address x.x.x.x 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/1
description ISP2
ip address y.y.y.y 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/2

description ClassC
ip address z.z.z.129 255.255.255.128
negotiation auto
!

ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 0.0.0.0 0.0.0.0 y.y.y.y

Jon Marshall · ‎05-01-2022

Have your ISPs agreed to accept /25s from you as most ISPs will only accept a /24 as a minimum.

Jon

kenpaul · ‎05-01-2022

Hi Jon— yes they are accepting /24 and /25. They are passing /24 out from their network and keeping /25 within their network that clarifies which location is advertising /25. It worked great when we only had one ISP. It should work the same with two.

Joseph W. Doherty · ‎05-02-2022

You cannot split a /24 (between ISPs- as each, to the rest of the Internet, needs to advertise not less than a /24 [as also noted by @Jon Marshall and yourself]).

"It worked great when we only had one ISP. It should work the same with two."

Only, I believe, if the two ISPs have a private peering setup, each to advertises your /24, and routes one /25 (of your /24) to the other ISP and one /25 to their link to you. (For redundancy, if their /25 path fails, you want them to pass all your /24 to the other ISP,)

kenpaul · ‎05-02-2022

Hi Joseph,

If ISP1 and ISP2 are sending us their regional routes, is it possible to use that data to route outbound traffic and then default to default route?

Joseph W. Doherty · ‎05-03-2022

It should be. Often that's a technique to (often) conserve needing to deal with large Internet route tables.

However, personally, what I prefer is to just use ECMP defaults to both providers because best Internet BGP generally only means least AS hop count which really tells us what about end-to-end performance between the two paths?

On top of an ECMP default, to optimize outbound traffic, I've used Cisco's OER (now PfR, I believe) to find the actual (constantly monitored) best performing path to a destination. Further, OER/PfR also can dynamically load balance links, including proportionally, if they aren't physically the same bandwidth.

BTW OER/PfR can do the forgoing for outbound and/or inbound, but inbound is complicated.

The forgoing also means you just advertise your /24 to/via all your ISPs.

Georg Pauwen · ‎05-01-2022

Hello,

a simple failover config involving an IP SLA would look like this:

track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0/0
description ISP1
ip address x.x.x.x 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/1
description ISP2
ip address y.y.y.y 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/2
description ClassC
ip address z.z.z.129 255.255.255.128
negotiation auto
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
!
sla 1 schedule start-time now life forever
!
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y 250

kenpaul · ‎05-01-2022

Thank you Georg!

For the UTM, would I do set it up like this:

Plug one of the WAN ports from UTM to GigabitEthernet0/0/2. Use IP address z.z.z.130/25 on UTM port with gateway IP of GigabitEthernet0/0/2?

Thanks,

Ken