05-12-2010 12:20 PM - edited 03-04-2019 08:27 AM
Friends,
Please find the attached,
I want redundancy for internet connection , corporate bought new internet router 2800 series of 2 fastethernet interfaces & 1 No's Layer 3 switch, My existing setup was with cisco 1841 old Internet router having a lease line pointing to ISP router and a ISA with 2 NIC cards,1 for the outside pointing to OLD internet router and 1 NIC internal to core.
How i can achieve redundancy & if possible loadsharing between the 2 ISP links, The 2 links are from 1 ISP.
Thanks
Solved! Go to Solution.
05-13-2010 12:00 AM
Hello Estela,
as a minimum you need to connect new internet router to the core switch in order to take advantage of it.
the core switch needs to see two exit point to the internet and this can be achieved by two default static routes one pointing to old internet router and one pointing to new internet router.
Other designs are possible if core switch acts only at OSI layer2 putting the new link in the same vlan as old internet router you could implement GLBP to provide load balancing.
if end users have the core switch or other internal device as their default gateway GLBP will not be effective and the internal device(s) should point to both internet routers
for example:
ip route 0.0.0.0 0.0.0.0 internet_router_1
ip route 0.0.0.0 0.0.0.0 internet_router_2
both internet routers need to perform NAT of private addresses
see
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml
note:
to achieve a true fault tolerant design you would need a second core switch
Hope to help
Giuseppe
05-13-2010 03:52 AM
Hi Estela,
You got the one of the best guy answering your post i.e.Giuseppe and I donnt know him in person or worked with him but the respect he has gained as Netpro Champ with his knowledgeable posts.
I am just want to add my two cents and request Giuseppe to correct me if I am wrong.
As you have ISA server's outside NIC which is getting connected to Old router should be moved to Core switch to achieve Internet router level redundancy.
Option 1
Core switch will have a default route to both the Internet routers and default cef based load balancing will be achieved. In case of any failure at WAN interface of router , you will face packet drop until unless you configure some tracking method.
or if you are ok with routing protocol, run a routing protocol between Internet routers (only on LAN interfaces) & core switch, distribute static route on Internet routers, so your core switch will see two static route, one from each router. if any of Internet router WAN interface is down or next hop is not reachable, router will withdraw the static route and core switch will not see the static route from the affected router.
Option 2
On your core switch, you will have two VLANs e.g. vlan A for ISA & vlan B will have both the Internet routers. Run HSRP between both the routers LAN interface (with tracking of WAN ).
core switch will point towards virtual IP address of LAN and redundancy will achieve but with this you will not be able to achieve load balancing, not sure if GLBP (donnt have much knowledge on this) will help you here.
* Also you connect branch router to core switch rather than on old internet router
Hope to help.
** Its better to have two core switch for redundancy.
Kind regards,
05-13-2010 06:46 AM
Hi All,
Please see the below actions points can help...
1. Connect your routers to Core-switch.
2. Configure HSRP on routers.
3. Configure deafult route to virtual IP in core switch.
In this case, say if active router (1 ISP) fails still you can reach to internet on standby router (2 ISP) as you have a default route to VIP in core switch.
Giuseppe, please correct me if i am wrong.
Regards,
Naidu.
05-13-2010 12:00 AM
Hello Estela,
as a minimum you need to connect new internet router to the core switch in order to take advantage of it.
the core switch needs to see two exit point to the internet and this can be achieved by two default static routes one pointing to old internet router and one pointing to new internet router.
Other designs are possible if core switch acts only at OSI layer2 putting the new link in the same vlan as old internet router you could implement GLBP to provide load balancing.
if end users have the core switch or other internal device as their default gateway GLBP will not be effective and the internal device(s) should point to both internet routers
for example:
ip route 0.0.0.0 0.0.0.0 internet_router_1
ip route 0.0.0.0 0.0.0.0 internet_router_2
both internet routers need to perform NAT of private addresses
see
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml
note:
to achieve a true fault tolerant design you would need a second core switch
Hope to help
Giuseppe
05-13-2010 03:52 AM
Hi Estela,
You got the one of the best guy answering your post i.e.Giuseppe and I donnt know him in person or worked with him but the respect he has gained as Netpro Champ with his knowledgeable posts.
I am just want to add my two cents and request Giuseppe to correct me if I am wrong.
As you have ISA server's outside NIC which is getting connected to Old router should be moved to Core switch to achieve Internet router level redundancy.
Option 1
Core switch will have a default route to both the Internet routers and default cef based load balancing will be achieved. In case of any failure at WAN interface of router , you will face packet drop until unless you configure some tracking method.
or if you are ok with routing protocol, run a routing protocol between Internet routers (only on LAN interfaces) & core switch, distribute static route on Internet routers, so your core switch will see two static route, one from each router. if any of Internet router WAN interface is down or next hop is not reachable, router will withdraw the static route and core switch will not see the static route from the affected router.
Option 2
On your core switch, you will have two VLANs e.g. vlan A for ISA & vlan B will have both the Internet routers. Run HSRP between both the routers LAN interface (with tracking of WAN ).
core switch will point towards virtual IP address of LAN and redundancy will achieve but with this you will not be able to achieve load balancing, not sure if GLBP (donnt have much knowledge on this) will help you here.
* Also you connect branch router to core switch rather than on old internet router
Hope to help.
** Its better to have two core switch for redundancy.
Kind regards,
05-13-2010 06:46 AM
Hi All,
Please see the below actions points can help...
1. Connect your routers to Core-switch.
2. Configure HSRP on routers.
3. Configure deafult route to virtual IP in core switch.
In this case, say if active router (1 ISP) fails still you can reach to internet on standby router (2 ISP) as you have a default route to VIP in core switch.
Giuseppe, please correct me if i am wrong.
Regards,
Naidu.
05-15-2010 12:10 PM
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide