05-17-2010 08:02 AM - edited 03-04-2019 08:30 AM
I would like to get a consensus about the best way to utilize 2 ISPs on the same Internet router. We currently have an Internet router that connects 1 ISP via a multi-link across our Serial interfaces. We now have a new ISP that we would like to begin utilizing for outbound connectivity from the trusted side of the firewall. The firewall currently has an outside interface (current ISP), DMZ interface and a trusted interface. Since we will have 2 ISP's for a short while, I'd like to go ahead and design the network to utilize both ISP's. Our external DNS resides on our current ISP for all inbound traffic, we will eventually move everything to the new ISP, but until we migrate everything over to this ISP, transitional is the key.
I've looked at PBR to do this, but not sure this will give me what I truly want. Does anyone have a suggestion for the best solution to implement this?
Thanks for all your assistance and guidance.
Current design
ISP1
|
|
|
Rtr_Inet
|
|
|
Firewall
|
|
Trusted
Desired design
ISP1 ISP2
| |
| |
| |
Rtr_Inet
|
|
|
Firewall
|
|
Trusted
05-17-2010 08:33 AM
I have read your post several times and am still not clear what you are asking for. It is clear that you want to utilize both ISPs and that at some point the new ISP will replace the old ISP. But beyond that there is not a clear description of what you really want. One of the things that you say is:"We now have a new ISP that we would like to begin utilizing for outbound connectivity from the trusted side of the firewall." But is it not clear whether this is different from what you do with the old ISP or is the same.
There are several alternatives that you could consider on the Internet facing router to use both ISP:
- you might run some dynamic routing protocol with the providers to learn some routes from each provider and achieve utilization of both providers. This might also provide the ability to fail over to the other provider if there were some problem with one of the providers.
- you might configure two static default routes, or perhaps a static default route to one and some specific static routes to the other, which would achieve utilization of both providers.
- you might configure Policy Based Routing to send certain types of traffic through one provider and the rest of the traffic through the other provider. (I have done that for a customer and it worked quite well for them.)
There is an aspect of this design which you have not mentioned and which will impact your options for using both providers. I assume that network address translation is being done. Is it done on the firewall or is it done on the router? If it is done on the firewall then you need to devise a way that the firewall will do one set of translations for traffic to one provider and a different set of translations for the other provider.
HTH
Rick