Load Balance with CEF and 2 Ethernet WAN ports

randy · ‎07-29-2011

Not able to get load Balance out. Can you Please tell me what I am doing wrong? Thank you!!

version 12.4

resource policy

no network-clock-participate slot 1

ip cef

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

ip nat inside

speed auto

full-duplex

no mop enabled

interface FastEthernet0/1

ip address 24.49.X.X 255.255.255.0

ip nat outside

speed auto

full-duplex

interface FastEthernet1/0

ip address 24.54.X.X 255.255.255.0

ip nat outside

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 24.49.199.1

ip route 0.0.0.0 0.0.0.0 24.54.119.1 10

ip nat inside source list 120 interface FastEthernet0/1 overload

ip nat inside source list 121 interface FastEthernet1/0 overload

access-list 120 permit ip 192.168.1.0 0.0.0.255 any

access-list 121 permit ip 192.168.1.0 0.0.0.255 any

no cdp run

control-plane

Jon Marshall · ‎07-29-2011

Randy

If you want this to load-balance then you need both default-routes in the routing table but you have applied an AD of 10 to your second default-route so if you do a "sh ip ro" you will only see the default-route via 24.49.199.1.

If you want to load-balance then you need both in the routing table ie. change this is in your config, from -

ip route 0.0.0.0 0.0.0.0 24.54.119.1 10

to

ip route 0.0.0.0 0.0.0.0 24.54.119.1

Jon

randy · ‎07-29-2011

Jon,

That's what I was thinking but, when I remove the 10 nothing will route to the internet from 0/0. In other words it just stops working.

Any ideas?

more info.. I can shut either 0/1 or 1/0 and ping out so, i know the service on both ports is working. I can set 0/1 as default and reach the net but if I try to set 1/0 as default.. no go. it's like I have a routing problem between 0/0 and 1/0. 0/0 and 0/1 are on one card and 1/0 is on another.. is there a problem in the way I'm using the ports? should I be using 1/0 as my LAN and 0/0 and 0/1 as my WAN's? I did not think mattered

Thanks!

Randy

Jon Marshall · ‎07-29-2011

Randy

I'm not aware that there are problems with the order you use the cards.

If you could do this test -

1) set default-route via 0/1 and ping from a 192.168.1.x client to the internet. Then run "sh ip nat translations" and post here

2) set default-route to 1/0 and ping from same client. run "sh ip nat translations" again. If ping works let me know. If ping doesn't can you then "clear ip nat translation *" and then try ping again. If it works post "sh ip nat translations".

Note "clear ip nat translation *" will break any connections through the router so either test out of hours or you can be more specific and clear only the specific NAT translation.

Jon

Marwan ALshawi · ‎07-29-2011

Hi Randy,

as Jon mentioned above yo have to have two default routes each point to one of your ISPs

and those default routes have to be installed in the routing table then you can get CEF to load balance the traffic ( per session by default )

however, you need to updated your NATing config so that it mach the relevant exit interface of each NAT statement using a route-maps otherwise the IOS will keep use the first NATing regardless which interface is the exit point !

refer to the bellow document, i posted before on CSC which will gudie you step by step to achive what you looking for

and you might want to consider IPSLA and PBR ( optional ) for reliable fallback

https://supportforums.cisco.com/docs/DOC-8313

HTH

if helpful Rate

Jon Marshall · ‎07-30-2011

Marwan

Good point about the route-maps +5

Jon

Marwan ALshawi · ‎07-30-2011

Thanks Jon