cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5847
Views
5
Helpful
5
Replies

load balancing cisco 2901

smailag00
Level 1
Level 1

i have a cisco router 2901 /ipbasek9 with 3 adsl interfaces .i tried  to do a load balancing and bonding the 3 adsl lines without success.

this is my current configuration :

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

no ipv6 cef

ipv6 spd queue min-threshold 62

ipv6 spd queue max-threshold 63

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 172.20.1.1

!

ip dhcp pool client

import all

network 172.20.0.0 255.255.0.0

dns-server 212.217.0.1 212.217.1.1

default-router 172.20.1.1

!

!

ip domain name yourdomain.com

ip name-server 212.217.0.1

ip name-server 212.217.1.1

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1607540217

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1607540217

revocation-check none

rsakeypair TP-self-signed-1607540217

!

!

crypto pki certificate chain TP-self-signed-1607540217

certificate self-signed 01

  !..............................!

            quit

license udi pid CISCO2901/K9 sn *******

!

!

username ***** privilege 15 password 0 *****

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 172.20.1.1 255.255.0.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

ip load-sharing per-packet

no atm ilmi-keepalive

!

interface ATM0/0/0.1 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 1

!

!

interface ATM0/1/0

no ip address

ip load-sharing per-packet

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 2

!

!

interface ATM0/2/0

no ip address

ip load-sharing per-packet

no atm ilmi-keepalive

!

interface ATM0/2/0.1 point-to-point

pvc 8/35

  pppoe-client dial-pool-number 3

!

!

interface ATM0/3/0

no ip address

shutdown

no atm ilmi-keepalive

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname *****

ppp chap password 0 ******

ppp pap sent-username ***** password 0 *****

!

interface Dialer1

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 2

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname *****

ppp chap password 0 *****

ppp pap sent-username ***** password 0 *****

!

interface Dialer2

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 3

dialer-group 3

ppp authentication chap pap callin

ppp chap hostname *****

ppp chap password 0 *****

ppp pap sent-username ***** password 0 *****

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list ADSL2 interface Dialer2 overload

ip nat inside source list adsl2 interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 Dialer2

!

ip access-list standard ADSL2

remark CCP_ACL Category=2

permit 172.20.0.0 0.0.255.255

ip access-list standard adsl2

remark CCP_ACL Category=2

permit 172.20.0.0 0.0.255.255

!

access-list 1 remark INSIDE_IF=GigabitEthernet0/0

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 172.20.0.0 0.0.255.255

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

dialer-list 3 protocol ip permit

!

!

!

control-plane

!

thanks

1 Accepted Solution

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

To achieve per flow load-sharing do this:

no ip access-list standard ADSL2

no ip access-list standard adsl2

route-map DIAL0 p 10

match ip add 1

match int Dialer0

route-map DIAL1 p 10

match ip add 1

match int Dialer1

route-map DIAL2 p 10

match ip add 1

match int Dialer2

no ip nat inside source list 1 interface Dialer0 overload

no ip nat inside source list ADSL2 interface Dialer2 overload

no ip nat inside source list adsl2 interface Dialer1 overload

ip nat inside source route-map DIAL0 interface Dialer0 overload

ip nat inside source route-map DIAL2 interface Dialer2 overload

ip nat inside source route-map DIAL1 interface Dialer1 overload

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

Hi,

To achieve per flow load-sharing do this:

no ip access-list standard ADSL2

no ip access-list standard adsl2

route-map DIAL0 p 10

match ip add 1

match int Dialer0

route-map DIAL1 p 10

match ip add 1

match int Dialer1

route-map DIAL2 p 10

match ip add 1

match int Dialer2

no ip nat inside source list 1 interface Dialer0 overload

no ip nat inside source list ADSL2 interface Dialer2 overload

no ip nat inside source list adsl2 interface Dialer1 overload

ip nat inside source route-map DIAL0 interface Dialer0 overload

ip nat inside source route-map DIAL2 interface Dialer2 overload

ip nat inside source route-map DIAL1 interface Dialer1 overload

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Thank you very much,this solution works fine .

I tested with 'show ip  nat translation ' ,'show ip cef ',and i found that the tree lines works .

In a few days I have to add a new isp connection to the gigabitEthernet 0/1 interface which is connected to another router 10.0.0.1(a specialized line). i think i have to do this :

interface gigabitEthernet 0/1

ip address 10.0.0.2 255.255.255.248

no sh

ip nat outside

ip load-sharring peer paquet

route-map DIAL3 p 10

match ip add 1

match int gigabitEthernet 0/1

ip nat inside source route-map DIAL3 interface gigabitEthernet 0/1 overload

ip route 0.0.0.0 0.0.0.0 gigabitEthernet0/1 10.0.0.1

is this a good configuration ?

Hi,

yes that's corrrect, but i highly encourage you not to do per-packet load-sharing but let the per flow load-sharing( which is default) by doing  no ip cef load-sharing per-packet under the interfaces.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Can someone, tell if this configuration is ok


Building configuration...

 
Current configuration : 11248 bytes
!
! Last configuration change at 05:20:04 UTC Mon Aug 15 2016 by Shawn
!
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
!
!
!
!
!
!
no ip source-route
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool DHCP-POOl1
 import all
 network 192.168.1.0 255.255.255.0
 dns-server 139.130.4.4 203.50.2.71
 default-router 192.168.1.1
!
!
!
no ip bootp server
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint TP-self-signed-1982477479
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1982477479
 revocation-check none
 rsakeypair TP-self-signed-1982477479
!
!
license udi pid CISCO2901/K9 sn FTX172481TB
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
!
!
username noone privilege 15 secret 5
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
 operating mode adsl2+
!
controller VDSL 0/1/0
 operating mode adsl2+
no cdp run
!
track 1 interface Dialer0 ip routing
!
track 2 interface Dialer1 ip routing
!
ip tcp synwait-time 10
!
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 101
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
class-map type inspect match-any CCP_PPTP
 match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
!
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect ccp-sip-inspect
  inspect
 class type inspect ccp-h323-inspect
  inspect
 class type inspect ccp-h323annexe-inspect
  inspect
 class type inspect ccp-h225ras-inspect
  inspect
 class type inspect ccp-h323nxg-inspect
  inspect
 class type inspect ccp-skinny-inspect
  inspect
policy-map type inspect ccp-permit
 class class-default
  drop
policy-map type inspect ccp-pol-outToIn
 class type inspect CCP_PPTP
  pass
 class class-default
  drop log
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone
 service-policy type inspect ccp-pol-outToIn
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!
!
!
!
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface Embedded-Service-Engine0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface Ethernet0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 no mop enabled
!
interface ATM0/1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0/1/0.1 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface Ethernet0/1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 shutdown
 no mop enabled
!
interface GigabitEthernet0/3/0
 no ip address
!
interface GigabitEthernet0/3/1
 no ip address
!
interface GigabitEthernet0/3/2
 no ip address
!
interface GigabitEthernet0/3/3
 no ip address
!
interface GigabitEthernet0/3/4
 no ip address
!
interface GigabitEthernet0/3/5
 no ip address
!
interface GigabitEthernet0/3/6
 no ip address
!
interface GigabitEthernet0/3/7
 no ip address
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname noone1@ers.com
 ppp chap password 7
 ppp pap sent-username noone1@ers.com password 7
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 zone-member security out-zone
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 ppp authentication chap pap callin
 ppp chap hostname noone2@ers.com
 ppp chap password 7
 ppp pap sent-username noone1@ers.com password 7
!
!
ip forward-protocol nd
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
!
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.35 3391 144.139.8.20 3391 extendable
ip nat inside source static udp 192.168.1.35 3391 144.139.8.20 3391 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 10 track 2
!
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended NAT-DENY-VPN
ip access-list extended PBR
 permit tcp host 192.168.1.35 eq 3391 any
 permit udp host 192.168.1.35 eq 3391 any
ip access-list extended SDM_GRE
 remark CCP_ACL Category=1
 permit gre any any
!
logging trap debugging
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map ADSL0 permit 10
 match ip address NAT
 match interface Dialer0
!
route-map ADSL1 permit 10
 match ip address NAT
 match interface Dialer1
!
route-map PBR permit 10
 description **RDP
 match ip address access-list PBR
 set interface Dialer0
!
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
!
!
!
control-plane
!
!
banner login ^CERS^C
!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
line vty 5 15
 authorization exec local_author
 login authentication local_authen
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Is there any another way to make loadbalance more efficient ,dynamically based on total internet traffic 

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: