Re: License for load balance

Rodolfo Schiavon · ‎07-27-2012

hello,

I would like know, what license is necessary to employ a load-balance in a 2911 router. I have these licenses bellow, can i configure an load balance?In this cenario we have two links with an ISP.

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)

Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.

Processor board ID FTX1613AH8D

1 FastEthernet interface

3 Gigabit Ethernet interfaces

1 terminal line

2 Channelized (E1 or T1)/PRI ports

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA System CompactFlash 0 (Read/Write)

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------

Technology Technology-package Technology-package

Current Type Next reboot

------------------------------------------------------------------

ipbase ipbasek9 Permanent ipbasek9

security securityk9 Permanent securityk9

uc uck9 Permanent uck9

data None None None

Thanks!

Giuseppe Larosa · ‎07-27-2012

Hello Rodolfo,

load balancing traffic over multiple links does not require any special license you are covered by ipbasek9 license for this

It is part of CEF switching features the support for equal cost multi path (ECMP)

Hope to help

Giuseppe

Rodolfo Schiavon · ‎07-27-2012

Do you have any example or doc that refers it ?

I need this load balance with dynamic NAT and routes, because i'm behind of a cable- modem.

my topology is attached.

Giuseppe Larosa · ‎07-27-2012

Hello Rodolfo,

read the following whitepaper about enterprise multihoming with NAT.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml

Hope to help

Giuseppe

Rodolfo Schiavon · ‎07-27-2012

Thanks for help!

I was checking this doc, but my problem is that the ISP is the cable-modem(illustrated as a wireless router) owner's, so my responsibility start in the router 2911, that receive two interfaces from ISP on it G0/1 and G0/2.

The ISP cale-modem does not support a dynamic protocol. Now i'm using a NAT and route with SLA and route-map. What dou you think about this configuration ? it usually works?

i'm having some problems with this topology.

Giuseppe Larosa · ‎07-31-2012

Hello Rodolfo,

I understand you are behind the cable modems.

A configuration with NAT using route-maps and reliable static routing with IP SLA is probably the best you can do.

For reliable static routing follow

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

the targets to be used for IP SLA should be well known IP addresses so that the IP SLA failure can be seen as a failure of the service on that specific cable modem line,

Feel free to describe your issues and/or to attach your configurations ( after having removed username/pwd pairs and changed public IP addresses for your safety).

Hope to help

Giuseppe

Rodolfo Schiavon · ‎08-01-2012

Hello,

There is my configuration.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.26 16:57:33 =~=~=~=~=~=~=~=~=~=~=~=

sh run

Building configuration...

Current configuration : 10493 bytes

!

! Last configuration change at 11:28:55 UTC Thu Jul 26 2012 by teleinfo

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname XXXXXXXXXXXX

!

boot-start-marker

boot-end-marker

!

! card type command needed for slot/vwic-slot 0/0

logging buffered 51200 warnings

enable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXX

!

no aaa new-model

!

no ipv6 cef

--More-- ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

ip dhcp excluded-address 172.27.50.30

ip dhcp excluded-address 172.27.50.65

ip dhcp excluded-address 172.27.50.94

ip dhcp excluded-address 172.27.50.97

ip dhcp excluded-address 172.27.50.126

ip dhcp excluded-address 172.27.50.190

ip dhcp excluded-address 10.0.0.1 10.0.0.99

ip dhcp excluded-address 172.27.50.33

ip dhcp excluded-address 172.27.50.35

ip dhcp excluded-address 172.27.50.5

!

ip dhcp pool WORKSTATIONS

import all

network 172.27.50.0 255.255.255.224

default-router 172.27.50.30

dns-server 200.189.88.39

lease 20

!

--More-- ip dhcp pool WLAN-CORP

import all

network 172.27.50.64 255.255.255.224

default-router 172.27.50.94

option 43 ip 172.27.50.35

dns-server 200.189.88.39

lease 20

!

ip dhcp pool VOZ

import all

network 172.27.50.160 255.255.255.224

default-router 172.27.50.190

option 150 ip 172.27.50.190

dns-server 200.189.88.39

lease 20

!

ip dhcp pool GERENCIA

import all

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 200.189.88.39

lease 20

!

--More-- !

ip domain name XXXXXXXXXXXXX

ip cef

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3279805705

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3279805705

revocation-check none

rsakeypair TP-self-signed-3279805705

!

crypto pki certificate chain TP-self-signed-3279805705

certificate self-signed 01

3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

--More-- 69666963 6174652D 33323739 38303537 3035301E 170D3132 30333236 31363035

31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32373938

30353730 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

81008739 CAC54128 77B5D838 3D7985E5 78D5E398 987B0A39 E3CC7D54 F01C042B

4095ACB7 AC72493F 716D8DC9 00918136 73CBB954 A604868E A161E5AA DF2C5351

6BF24FA8 9C4FFDE3 26F38EB4 E1CB8106 C3784FB5 8CADC4B1 F3D69085 5A1B847C

BB0AFEEB AF2A854D C446FFA1 C8D3CA06 20179095 3687C534 72EC600F 94B76210

E5230203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 145AC4FE F418A5F0 5A2BB0E3 5C18C96A 33BF9673 83301D06

03551D0E 04160414 5AC4FEF4 18A5F05A 2BB0E35C 18C96A33 BF967383 300D0609

2A864886 F70D0101 05050003 81810066 404C4ADF E7E2FABE A60C7987 39BFCCEA

635EC88A 927E0045 FDA0D3DE D68B5031 565ECBB9 C1350CD6 5400004A 44B6C8BE

AA4052F1 54D681B1 2C7D1B85 84DA6E84 12A91E7A 01C124BF A2B6BCD5 6EFBE403

E5EFF3B9 DC5CD7AC 31D5C26D 8D24D5D2 4CCBC3DD 3BFE23E5 0B149969 58C8B92E

1DB75CFD E9219687 C173DAD5 915703

quit

voice-card 0

!

--More-- !

!

license udi pid CISCO2911/K9 sn FTX1613AH8D

license accept end user agreement

license boot module c2900 technology-package securityk9

hw-module pvdm 0/0

!

object-group network Redes_QoS

description Redes que utilizam as Policies de QoS-MS_Lync

172.27.50.0 255.255.255.224

172.27.50.64 255.255.255.224

!

object-group service Servicos_MS-Lync

description Servios do MS Lync

udp eq 3478

tcp eq 3478

tcp range 50000 59999

udp range 50000 59999

tcp range 5061 5062

udp range 5061 5062

--More-- tcp eq 8057

udp eq 8057

!

username XXXXXX privilege 15 password 7 XXXXXXXXXXXXXX

!

redundancy

!

track 10 ip sla 1 reachability

delay down 1 up 1

!

track 20 ip sla 2 reachability

delay down 1 up 1

!

class-map match-any CCP-Transactional-1

match dscp af21

match dscp af22

match dscp af23

--More-- class-map match-any CCP-Voice-1

match dscp ef

class-map match-any CCP-Routing-1

match dscp cs6

class-map match-any CCP-Signaling-1

match dscp cs3

match dscp af31

class-map match-any CCP-Management-1

match dscp cs2

class-map match-any MS-Lyncc

match dscp 29

match access-group name Rule_QoS_MS-Lync

!

policy-map CCP-QoS-Policy-1

class CCP-Voice-1

priority percent 1

class CCP-Signaling-1

bandwidth percent 1

class CCP-Routing-1

bandwidth percent 5

class CCP-Management-1

bandwidth percent 5

--More-- class CCP-Transactional-1

bandwidth percent 5

class MS-Lyncc

priority percent 33

class class-default

fair-queue

random-detect

policy-map sdm-qos-test-123

class class-default

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

--More-- interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.1

description DEFAULT

encapsulation dot1Q 1 native

ip address 10.0.0.1 255.255.255.0

!

interface GigabitEthernet0/0.10

description WORKSTATIONS

encapsulation dot1Q 10

ip address 172.27.50.30 255.255.255.224

ip nat inside

ip virtual-reassembly in

ip policy route-map PBR

!

interface GigabitEthernet0/0.11

description SERVIDORES

encapsulation dot1Q 11

ip address 172.27.50.62 255.255.255.224

--More-- ip nat inside

ip virtual-reassembly in

ip policy route-map PBR

!

interface GigabitEthernet0/0.12

description WLAN-CORP

encapsulation dot1Q 12

ip address 172.27.50.94 255.255.255.224

ip nat inside

no ip virtual-reassembly in

ip policy route-map PBR

!

interface GigabitEthernet0/0.13

description WLAN-GUEST

encapsulation dot1Q 13

ip virtual-reassembly in

!

interface GigabitEthernet0/0.14

description CFTV

encapsulation dot1Q 14

ip nat inside

ip virtual-reassembly in

!

--More-- interface GigabitEthernet0/0.15

description VOZ

encapsulation dot1Q 15

ip address 172.27.50.190 255.255.255.224

ip nat inside

ip virtual-reassembly in

ip policy route-map PBR

!

interface GigabitEthernet0/0.16

description TV-IMPRESSAO

encapsulation dot1Q 16

ip address 172.27.50.222 255.255.255.224

ip nat inside

ip virtual-reassembly in

ip policy route-map PBR

!

interface GigabitEthernet0/1

description OPERADORA NET-01

ip address 192.168.0.2 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

--More-- service-policy output CCP-QoS-Policy-1

!

interface GigabitEthernet0/2

description OPERADORA NET-02

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

service-policy output CCP-QoS-Policy-1

!

interface FastEthernet0/1/0

description INATIVA

no ip address

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

--More-- !

ip nat translation port-timeout tcp 443 32400

ip nat inside source route-map ISP1 interface GigabitEthernet0/1 overload

ip nat inside source route-map ISP2 interface GigabitEthernet0/2 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 10

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 20

!

ip access-list extended Regra_QoS_MS_Lync

remark Regra de acesso para QoS

remark CCP_ACL Category=256

permit tcp object-group Redes_QoS any eq pop3

!

ip sla 1

icmp-echo 192.168.0.1

threshold 40

timeout 500

frequency 1

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 192.168.1.1

threshold 40

timeout 500

frequency 1

--More-- ip sla schedule 2 life forever start-time now

access-list 10 permit 172.27.50.0 0.0.0.31

access-list 10 permit 172.27.50.32 0.0.0.31

access-list 10 permit 172.27.50.64 0.0.0.31

access-list 10 permit 172.27.50.160 0.0.0.31

access-list 10 permit 172.27.50.192 0.0.0.31

access-list 11 permit 172.27.50.96 0.0.0.31

access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq telnet

access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq www

access-list 100 permit tcp 172.27.50.0 0.0.0.31 any eq 443

access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq telnet

access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq www

access-list 100 permit tcp 172.27.50.32 0.0.0.31 any eq 443

access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq telnet

access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq www

access-list 100 permit tcp 172.27.50.64 0.0.0.31 any eq 443

access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq telnet

access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq www

access-list 100 permit tcp 172.27.50.160 0.0.0.31 any eq 443

access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq telnet

access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq www

access-list 100 permit tcp 172.27.50.192 0.0.0.31 any eq 443

access-list 101 permit ip 172.27.50.0 0.0.0.31 any

--More-- access-list 101 permit ip 172.27.50.32 0.0.0.31 any

access-list 101 permit ip 172.27.50.64 0.0.0.31 any

access-list 101 permit ip 172.27.50.160 0.0.0.31 any

access-list 101 permit ip 172.27.50.192 0.0.0.31 any

access-list 105 permit ip 172.27.50.0 0.0.0.255 172.27.50.0 0.0.0.255

!

route-map PBR permit 5

match ip address 105

!

route-map PBR permit 10

match ip address 100

set ip next-hop verify-availability 192.168.1.1 1 track 20

!

route-map PBR permit 30

match ip address 101

set ip next-hop verify-availability 192.168.0.1 2 track 10

!

route-map ISP2 permit 10

match ip address 10

match interface GigabitEthernet0/2

!

route-map ISP1 permit 10

match ip address 10

--More-- match interface GigabitEthernet0/1

!

snmp-server community public RW

snmp-server enable traps entity-sensor threshold

!

control-plane

!

mgcp profile default

!

gatekeeper

shutdown

!

--More-- !

telephony-service

max-ephones 58

max-dn 58

ip source-address 172.27.50.190 port 2000

auto assign 1 to 1

time-zone 17

time-format 24

date-format dd-mm-yy

max-conferences 4 gain -6

transfer-system full-consult

transfer-pattern .T

transfer-pattern 0.T

!

ephone-dn 1

number 2000

pickup-group 2

label teste

name teste

!

ephone 1

--More-- device-security-mode none

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

login local

length 0

transport input ssh

!

scheduler allocate 20000 1000

!

--More-- end