Re: Multiple ISP connections with fault tolerance

TalonKarrde · ‎04-11-2005

Hi All,

We have a customer who would like to have three seperate ISP's providing internet services to a single office for extreme fault tolerance. I am assuming these are all going to be DSL connections with ethernet handoff to the router.

Load balancing is not requested, and the key goal is to keep local users on the Internet at all times, I dont know if NAT is to be used in this scenario.

I would like to find out is there an automatic way to fail over to the various connections in this setup. I understand that BGP could be implemented in co-operation with the ISP's involved, but something tells me it will be messy and complex to do this.

Perhaps object tracking is a solution as was suggested in another post I have going at the moment.

If we were to use BGP, what sort of router would be required to handle this?

Comments and suggestions would be greatly appreciated..

Cheers

s.jankowski · ‎04-18-2005

It all depends on your requirment, Like number of users, hours they are using and how many bytes you need to download and upload the datas. Make it short and check with cisco product support page depends on your requirment.

matthiaskoehler · ‎04-19-2005

Hello,

i have implentented a similar config not too far ago. This config uses 2 Dialer (i this case a DSL and ISDN interface). If for any reason one specific IP (for example your main ISP Gate) is reachable anymore all the traffic will be routed through the 2nd Dialer.

I sould be very easy for you to make the needed changes.

Regards

Matthias Köhler

ip dhcp excluded-address 192.168.0.1 192.168.0.199

!

ip dhcp pool prod1

import all

network 192.168.0.0 255.255.255.0

dns-server 145.x.x.x.195.20.13

default-router 192.168.0.1

!

ip tcp synwait-time 10

ip domain name yourdom.de

ip name-server 145.x.x.81

ip name-server 132.x.x.13

no ip bootp server

ip cef

ip ips sdf location flash://attack-drop.sdf

ip ips notify SDEE

ip ips po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

isdn switch-type basic-net3

!

track 1 rtr 1 reachability

!

interface Ethernet0

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

no cdp enable

!

interface BRI0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

dialer pool-member 2

isdn switch-type basic-net3

no cdp enable

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 1/32

pppoe-client dial-pool-number 1

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer persistent

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxxxxx

ppp chap password 7 xxxxxxxxxxxxx

ppp pap sent-username xxxxxxxx password 7 xxxxxxxxxxxxxxxxx

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer string 0192076

dialer load-threshold 1 either

dialer-group 2

no cdp enable

ppp authentication chap pap callin

ppp chap hostname test

ppp chap password 7 xxxxxxxxxxxxxx

ppp pap sent-username test password 7 xxxxxxxx

ppp multilink

!

ip local policy route-map ROUTEMAP_1

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0 track 1

ip route 0.0.0.0 0.0.0.0 Dialer1 2

ip route 62.x.x.x.255.255.255 Dialer0

!

ip http server

ip http authentication local

ip http secure-server

ip nat translation timeout 7200

ip nat inside source static udp 192.168.0.10 9077 interface Dialer0 9077

ip nat inside source route-map main interface Dialer0 overload

ip nat inside source route-map secondary interface Dialer1 overload

!

logging trap debugging

access-list 10 permit 192.168.0.0 0.0.0.255

access-list 102 permit icmp any host 62.x.x.62 echo

access-list 110 permit ip 192.168.0.0 0.0.0.255 any

access-list 111 permit ip 192.168.0.0 0.0.0.255 any

access-list 112 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

route-map main permit 10

match ip address 111

match interface Dialer0

!

route-map ROUTEMAP_1 permit 1

match ip address 102

set interface Dialer0 Null0

!

route-map secondary permit 10

match ip address 112

match interface Dialer1

!

control-plane

!

rtr 1

type echo protocol ipIcmpEcho 62.x.x.62

timeout 1000

threshold 2

frequency 3

rtr schedule 1 life forever start-time now

vm612 · ‎04-25-2005

If you are going to have multiple ISPs, why use one primarily and the others on a need be basis, take advantage of all the bandwidth and the redundancy is still built in to your setup. Forget about BGP, it would require a lot of participation from all ISPs and accomplish nothing needed here.

Use equal cost "anything" routes, conversations should be set up to round robin.

r.bhupathi · ‎04-25-2005

Hi,

We can implement HSRP to provie Fault tolerance. NAT can be used in this Scenario. We can look at BGP but slightly complicated process.

Regards

Rajendra