Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

policy base routing and IP SLA tracking to load-sharing

reza_spid4@yahoo.com
Level 1
Level 1

‎07-07-2021 09:50 PM

What I would like to achieve is policy base routing and IP SLA tracking to load-sharing default route with fail-over
Could you please help ?

 

my config :

 

track 1 ip sla 1 reachability
delay down 3 up 3
!
track 2 ip sla 2 reachability
delay down 3 up 3
!
track 3 ip sla 3 reachability
delay down 3 up 3
!

interface Port-channel1
no ip address
hold-queue 150 in
!
interface Port-channel1.10
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip policy route-map MM
!
interface Port-channel1.20
encapsulation dot1Q 20
ip address 172.16.20.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip policy route-map MM
!
interface Port-channel1.230
description ISP1-internet
encapsulation dot1Q 230
ip address 1.1.1.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Port-channel1.231
description ISP2-nointernet
encapsulation dot1Q 231
ip address 2.2.2.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0
description EtherChannel To Lan
no ip address
ip virtual-reassembly in
duplex auto
speed auto
channel-group 1
no mop enabled
!
interface GigabitEthernet0/1
description EtherChannel To Lan
no ip address
duplex auto
speed auto
channel-group 1

interface FastEthernet0/2/1
description link2-nointernet
bandwidth 100000
ip address 11.11.11.1 255.255.255.248 secondary
ip address 172.16.201.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/3/0
description link1-internet
bandwidth 100000
ip address 12.12.12.1 255.255.255.224 secondary
ip address 172.16.200.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto

router ospf 100
router-id 5.5.5.5
log-adjacency-changes detail
network 11.11.11.0 0.0.0.7 area 0
network 12.12.12.0 0.0.0.31 area 0

 


ip nat pool Link2 12.12.12.6 12.12.12.6 prefix-length 28
ip nat pool Link1 12.12.12.5 12.12.12.5 prefix-length 27
ip nat pool ISP2-noint 2.2.2.5 2.2.2.5 prefix-length 29
ip nat pool ISP1-int 1.1.1.5 1.1.1.5 prefix-length 29

ip nat inside source route-map ISP1 pool ISP1-int overload
ip nat inside source route-map L1 pool Link1 overload
ip nat inside source route-map L2 pool Link2 overload
ip nat inside source route-map ISP2 pool ISP2-noint overload

 

ip route 0.0.0.0 0.0.0.0 172.16.200.2 225 track 1

ip route 0.0.0.0 0.0.0.0 1.1.1.2 225 track 2

ip route 0.0.0.0 0.0.0.0 172.16.201.2 225 track 3

 

ip sla 1

icmp-echo 172.16.200.2 source-ip 172.16.200.1

frequency 5

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo 1.1.1.2 source-ip 1.1.1.1

frequency 5

ip sla schedule 2 life forever start-time now

ip sla 3

icmp-echo 172.16.201.2 source-ip 172.16.201.1

frequency 5

ip sla schedule 3 life forever start-time now

 

access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 2 permit 192.168.20.90
access-list 2 permit 192.168.20.121
access-list 14 permit 192.168.10.32
access-list 14 permit 192.168.10.56
access-list 15 permit 192.168.20.69
access-list 15 permit 192.168.20.223

route-map MM permit 10
match ip address 15
set ip next-hop 2.2.2.2
!
route-map MM permit 11
match ip address 14
set ip next-hop 1.1.1.2
!
route-map ISP2 permit 20
match ip address 1
match interface Port-channel1.231
set ip next-hop 2.2.2.2
!
route-map L2 permit 10
match ip address 1
match interface FastEthernet0/2/1
set ip next-hop 172.16.201.2
!
route-map L1 permit 10
match ip address 1
match interface FastEthernet0/3/0
set ip next-hop 172.16.200.2
!


route-map RM-NAT permit 5
match ip address 2
set ip next-hop 172.16.200.2
!

route-map ISP1 permit 20
match ip address 1
match interface Port-channel1.230
set ip next-hop 1.1.1.2
!

route-map Loadsharing permit 10
match ip address 1
set ip next-hop verify-availability 172.16.201.2 10 track 3
set ip next-hop verify-availability 172.16.200.2 11 track 1
set ip next-hop verify-availability 1.1.1.2 12 track 2
!


show ip route

O*E1 0.0.0.0/0 [110/221] via 172.16.201.2, 1d16h, FastEthernet0/2/1
[110/221] via 172.16.200.2, 1d16h, FastEthernet0/3/0

 

Labels:
0 Helpful
1 Reply 1

Elliot Dierksen
VIP
VIP

‎07-08-2021 05:58 AM

I see a problem with this because this device is doing the NAT. What you are talking about could load balance things between ISP's in the middle of a connection. That would cause the client to get its public address changed which would break the connection. This is theoretically possible IF the client maintains a consistent NAT address AND both ISP's accept the addresses to which the clients are NAT'd. Otherwise I can't see how you would accomplish this.

0 Helpful
Customers Also Viewed These Support Documents