Load Balance and Redundency in 2 ISPs

qasimkhans · ‎01-30-2013

Hi all,

Please see the attached file of my network. I have 2 routers with 3 FastEthernet. Both Routers are directly connected through Fastehernet 0/1

on both end using EIGRP .Both Routers have 2 ISP links on FastEthernet 0/2 and 0/3. I used EIGRP on Fastehernet 0/1

on both routers and i am using Fastehernet 0/2 for VPN connection on both Routers. I have hosting services on my Network A like Web Server, Citrix etc.. and user can access these service (HTTP, Citrix) through 50.45.1.2/26 ISP 1. My LAN users are also using internet through 50.45.1.2/26 ISP 1.

now i want to setup 2nd ISP link on Fastehernet 0/3 as a redundant with 1st ISP link on Fastehernet 0/2. so that if ISP 1 on Fastehernet 0/2 goes down then 70.90.1.2/29 ISP 2 on Fastehernet 0/3 take its place and provide all serivces which 50.45.1.2/26 ISP 1 on Fastehernet 0/2 providing to users. i also want to setup 70.90.1.2/29 ISP 2 on Fastehernet 0/3 to provide internet to my LAN users while 50.45.1.2/26 ISP 1 on Fastehernet 0/2 is up and running.

Please let me know how i can do this.

Thanks,

blau grana · ‎01-31-2013

Hi

You can accomplish this by configuring policy based routing.

Syntax is simple:

interface Fa0/0.10

description LAN

encapsulation dotq1 10

ip address 10.10.10.1 255.255.255.0

ip policy route-map POLICY_MAP_LAN

interface Fa0/0.20

description SERVERs

encapsulation dotq1 20

ip address 10.20.20.1 255.255.255.0

interface Fa0/1.10

description ISP1

encapsulation dotq1 10

ip address 100.0.0.2 255.255.255.252

interface Fa0/1.20

description ISP2

encapsulation dotq1 20

ip address 200.0.0.2 255.255.255.252

ip access-list extended ACL_POLICY_LAN

permit ip 10.10.10.0 0.0.0.255 any

deny ip any any

route-map POLICY_MAP_LAN

match ip address ACL_POLICY_LAN

set ip next-hop 200.0.0.1

ip route 0.0.0.0 0.0.0.0 Fa0/1.10 100.0.0.1

I wrote it just from my memory so maybe there will be some typos, but logic should be right. Also Interfaces and IP addresses are made up.

But, you are using default route toward ISP1, so everything is routed that way. On LAN interface you configured policy based(PBR) routing so everything what is matched with acl ACL_POLICY_LAN is sent to configured next-hop 200.0.0.1.

Logic of PBR is that everything is sent to 200.0.0.1, but if connection to ISP2 is down, IP 200.0.0.1 is not in routing table, traffic is routed according default routing table, in this case toward ISP1.

This could make some problems if you have some networks which should be accessible from LAN, cause everything (according to ACL) is sent to ISP2 (200.0.0.1). So you should customize ACL to your exact needs.

Or you can instead "set ip next-hop 200.0.0.1" use "set ip default next-hop 200.0.0.1". -> now logic of PBR is changed. Traffic match by ACL is routed by rules in routing table as usual but default route is ignored (some entry mathing destination must be in routing table). If any match is found, PBR next hop is used if accessible, if not default route is used. This should work for you if you do not run BGP and have public addresses in routing table.

Last thing, by this solution you can influence outgoing traffic, incoming traffic will be treated by rules of ISPs BGP table. If you run BGP with them, there are some ways to influence inbound traffic.

Best Regards Please rate all helpful posts and close solved questions

qasimkhans · ‎01-31-2013

I got it, but this solution seems like only for LAN users. I have hosting servers (HTTP, Citrix etc.. ) and Users from internet can access them through ISP1. i want to setup these 2 ISPs link as fail-over if ISP1 goes down then my Internet Users can access my hosting servers (HTTP, Citrix etc..) from ISP 2 and my LAN User can also access Internet through ISP 2.

Thanks,

blau grana · ‎01-31-2013

First of, you have 4 different link to intenet. Do you run BGP with all ISPs and between R1 & R2? If not, do you use just static routing toward internet?

From example which I gave you earlier:

You can use two static routes, second with higher admin distance because it is less prefered.

ip route 0.0.0.0 0.0.0.0 Fa0/1.10 100.0.0.1

ip route 0.0.0.0 0.0.0.0 Fa0/1.20 200.0.0.1 240

If you use PBR with combination of theese static routes. All traffic will be routed toward ISP1 using first connection, and LAN users will use ISP2 because of PBR. If link to ISP2 fails, all traffic will go via ISP1. And if link to ISP1 fails, all traffic will go via ISP2 thanks to default route with higher distance.

This is all I can help you because I do not know any details about your topology, but this should suit your requirements.

Best Regards Please rate all helpful posts and close solved questions

qasimkhans · ‎01-31-2013

i got you completely. but i am concerning about incomeing traffic for my hosting servers. will your configuration work with incoming traffic?

blau grana · ‎01-31-2013

no, it will not. All provided configuration will only affect outgoing traffic. Only way you can influence incomming traffic is run BGP with ISPs. That way you have some power to influence incomming traffic (by modifying MED, AS prepending).

Maybe you can try to work this out with your ISPs, if they will be willing to help you.

Best Regards Please rate all helpful posts and close solved questions

qasimkhans · ‎01-31-2013

Thank you so much. i will talk to my ISP.