Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5817
Views
10
Helpful
17
Replies

How can I route certain internet based traffic to secondary ISP?

nasolsi1
Level 1
Level 1

‎11-13-2017 05:32 AM - edited ‎03-05-2019 09:28 AM

Hi Support,

 

I need your advise on how best to design our network infrastructure at China to meet our CEO's requirement. Our main aim is to give China's users access to Google Suite Apps and banned websites in China, so based on that we are looking to find a possible way to route certain internet based traffic (traffic to Google apps and banned China websites) through our secondary ISP (for example ISP2) and all other internet traffic to get routed through our primary ISP (ISP1).

Is there any way to route or split the Internet traffic based on certain applications or whitelisted sites?- if yes, then:

What model of cisco router/firewall will help us implementing that?

What would be the possible network diagram and configuration to accomplish that?

 

More info:

1 LAN network - 1 Cisco router/firewall- 2 ISPs (Google Suite Apps and China's banned websites traffic goes through ISP2 and all other Internet traffic remains routed through ISP1)

 

Thank you in advance.

 

Labels:
0 Helpful
17 Replies 17

whitegrape
Level 1
Level 1
In response to nasolsi1

‎11-21-2017 07:28 AM - edited ‎11-21-2017 07:30 AM

Most of the reason it is not working due to facebook, google, they are running on running on multiple ip. You cant control the ip changes.
so by hostname it is not feasible. You will need to get the commonly use Facebook/google ip range.

If you're using full bgp routing table, normally you can set byAS-PATH and set higher preferences to 2nd ISP for Facebook & google ASN. it will be better and lesser headache from using PBR as you dont need to monitor the ip changes constantly.

0 Helpful

nasolsi1
Level 1
Level 1
In response to whitegrape

‎11-21-2017 11:40 PM

Hi whitegrape,

 

Thank you for your response.

 

Could you please provide me with possible BGP configuration matching our requirements as per your suggestion.

 

Thank you in advance.

0 Helpful

whitegrape
Level 1
Level 1
In response to nasolsi1

‎11-22-2017 02:13 AM

Hi,

Do note that this will only works when you have a full global routing table with ASN.
Currently the global route should be around 680K.

ip as-path access-list 1 permit _32934$
ip as-path access-list 1 permit _15169$
ip as-path access-list 1 permit _43515$
ip as-path access-list 1 permit _36040$

route-map HIGH-PREFERENCE permit 10
match as-path 1
set local-preference 300
!

router bgp xxxxx
address-family ipv4
neighbor x.x.x.x route-map HIGH-PREFERENCE in

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card