ā08-24-2022 08:22 AM
Hi All.
I have a router with two internet links that is used for tunnel connection. I am trying to peer with an external party that has only one public ip. For now, I configure two static routes to that spesific ip with different next hop, I believe this causing load balance between my two ISPs. I am trying to create a PBR to make sure traffic coming from ISP A is getting returned to ISP A, instead of ISP B. Is it posible to accomplish this?
ā08-24-2022 08:30 AM
Do you use NAT to link to ISP ?
ā08-24-2022 08:31 AM
Hi MHM.
I dont use NAT to link ISP.
ā08-25-2022 05:47 AM
the traffic is INBOUND and OUTBOUND
when config two static route toward other site you and even using PBR you control the traffic outbound
still the missing pieces which is inbound
inbound in other side must also config with PBR.
ā08-24-2022 08:43 AM
The topology is not clear to me. Is the external party that you want to peer with associated with one of the ISP? Or are both ISP just forwarding on to the external party? Am I correct in understanding that there are 2 tunnels? Do the tunnels terminate at the external party? Or do the tunnels terminate at the ISP?
For traffic to the external party that your network originates you could use PBR to prefer one ISP and to use the other ISP if there are problems with the first ISP. And you really do not need PBR to do that. You could simply configure one regular static route and configure the second static route as a floating static route (configure Administrative Distance higher than the default). And then configure some tracking to detect any problem with the first ISP, remove the normal static route and allow the floating static to be the active route.
Traffic originated from the external party to you is problematic. As you get ready to send a response packet I do not know how you could determine which ISP (which tunnel) the original packet used.
ā08-24-2022 09:02 AM
Hi Richards.
Both ISP just forwarding to the external party, there are 2 tunnels. The tunnels are terminated on the external party device.
I just want to explore whether there is some concept that I can use so I can establish 2 tunnels with different ISP on my side and only 1 ISP (1 public ip) on the external party side.
ā08-24-2022 02:53 PM
Thanks for the additional information. We need to clarify when you describe 2 tunnels are these just simple GRE tunnels or are they perhaps some type of IPSec encrypted tunnels? It would also be helpful if we knew whether the router that has the tunnel interfaces is also the router that connects to the ISPs or is there one router for the tunnels and a different router for the ISP connections?
If the tunnels are just GRE and tunnels and ISP are on the same router then 2 tunnels is pretty simple. I assume that the router has 2 interfaces for connecting to ISPs and that each of these interfaces has a Public IP address. Both tunnels would have the same tunnel destination address and each tunnel would use one of the two interfaces with Public IP as the tunnel source.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide