cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
773
Views
10
Helpful
6
Replies

PBR on WAN Link

Hi All.

I have a router with two internet links that is used for tunnel connection. I am trying to peer with an external party that has only one public ip. For now, I configure two static routes to that spesific ip with different next hop, I believe this causing load balance between my two ISPs. I am trying to create a PBR to make sure traffic coming from ISP A is getting returned to ISP A, instead of ISP B. Is it posible to accomplish this?

6 Replies 6

Do you use NAT to link to ISP ?

Hi MHM. 

I dont use NAT to link ISP. 

the traffic is INBOUND and OUTBOUND 
when config two static route toward other site you and even using PBR you control the traffic outbound 
still the missing pieces which is inbound 
inbound in other side must also config with PBR.

Richard Burts
Hall of Fame
Hall of Fame

The topology is not clear to me. Is the external party that you want to peer with associated with one of the ISP? Or are both ISP just forwarding on to the external party? Am I correct in understanding that there are 2 tunnels? Do the tunnels terminate at the external party? Or do the tunnels terminate at the ISP?

For traffic to the external party that your network originates you could use PBR to prefer one ISP and to use the other ISP if there are problems with the first ISP. And you really do not need PBR to do that. You could simply configure one regular static route and configure the second static route as a floating static route (configure Administrative Distance higher than the default). And then configure some tracking to detect any problem with the first ISP, remove the normal static route and allow the floating static to be the active route.

Traffic originated from the external party to you is problematic. As you get ready to send a response packet I do not know how you could determine which ISP (which tunnel) the original packet used.

HTH

Rick

Hi Richards.

Both ISP just forwarding to the external party, there are 2 tunnels. The tunnels are terminated on the external party device. 

I just want to explore whether there is some concept that I can use so I can establish 2 tunnels with different ISP on my side and only 1 ISP (1 public ip) on the external party side. 

Thanks for the additional information. We need to clarify when you describe 2 tunnels are these just simple GRE tunnels or are they perhaps some type of IPSec encrypted tunnels? It would also be helpful if we knew whether the router that has the tunnel interfaces is also the router that connects to the ISPs or is there one router for the tunnels and a different router for the ISP connections?
If the tunnels are just GRE and tunnels and ISP are on the same router then 2 tunnels is pretty simple. I assume that the router has 2 interfaces for connecting to ISPs and that each of these interfaces has a Public IP address. Both tunnels would have the same tunnel destination address and each tunnel would use one of the two interfaces with Public IP as the tunnel source.

HTH

Rick
Review Cisco Networking for a $25 gift card