cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1807
Views
0
Helpful
5
Replies

Multi ISP internet Connection

superlubis
Level 1
Level 1

Hi, 

 

Need advice from senior senior, :). 

I'm looking for solution for doing multihoming internet connection.

The Situation:

1. We have internet connection to 3 ISP.

2. 2 ISP use eBGP, and 1 ISP use static route.

3. We have our own ASN and 2 /24 public IP address.

4. For static route we use /28 ISP provided address.

5. We have 3 internet faced router for connect to isp, for each ISP we provide  dedicated router

6. All(3) internet faced router connect with ibgp.

7. In eBGP routing, we publish all the 2 /24 ip to each ISP with some priority(as path). we expect x.x.x.x/24 must through/going back from isp1 and y.y.y.y/24 must through and going back from isp2.

8. And Below the router we have 2 ha load balancer (f5).

9. The f5 is the device doing NAT, the boundaries between public and private ip.

10. So far with f5 I can config which private ip going to isp1 or isp2. 

11. Because f5 can do a cluster/ha I don't need doing config on both devices, except interface config.

12. If one ISP down/cable disconnected/bgp not establish, f5 automatically use another ISP base on weight.

13. And last below f5 we have firewall.

I have suspicious that this f5 slowing down my internet connection or I can improve my internet with change f5 to router. But with router we have some drawback like config twice and it cannot automatically failover to another ISP if one ISP unavailable.

And also I don't sure with router pbr I can't config which private ip out to what ISP.

The Question : Can I change my f5 with router? Can you give me a point where can I dig some knowledge more?

Thx

 

 

 

5 Replies 5

vinod.agrahari
Level 1
Level 1
My recommendation -Keep F5 in DMZ and will surely improve the performance.

L3 ---FW ---F5 in DMZ --- lan segment..... whatever traffic which need policies and filter ,will go via DMZ only

Hi vinod thx for the reply,

The f5/load balancer is not for balancing traffic from internet to our sites, but f5 mainnly use for balancing/control traffic from inside to outside.

jmperlewitz
Level 1
Level 1

Have you setup N-path routing on the F5?  This will increase throughput by bypassing the F5 for outbound traffic.  It will go directly to the router instead.  You might want to also move the NAT function to your routers.

Hi @jmperlewitz thx

 

From f5 doc I read it npath is asymmetrical routing or direct server return, it work if the inside ip have direct access to outside routing pool, for my case the internal ip/client ip far below the internet router. 

Moving the nat to router, let me think this first, I not sure.

 

Thx

Franko1
Level 1
Level 1

@superlubis  were you able to improve performance? Can you update this thread on how you solved this problem?

 
Review Cisco Networking for a $25 gift card