Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2344
Views
5
Helpful
10
Replies

Preferential Routing

cisco
Level 1
Level 1

‎08-11-2011 04:52 AM - edited ‎03-04-2019 01:15 PM

Hi,

I have two SPs on my network . From SP_A i am taking STM-1 and from SP_B its DS3. Now my company doesnt have Service Provider independent public addresses. 

I want to use STM-1 from SP_A as the primary link in case if this goes down then only traffic should come via SP_B.

I have 10 webserver which are being accessed by external internet users.

What i am planning to do static NAT for all these 10 webserver to both the SP's public addresses.

i.e.     LAN IPs              SP_A               SP_B

Server-1 10.0.0.1         X.X.X.1          Y.Y.Y.1

Server-2 10.0.0.2         X.X.X.2          Y.Y.Y.2

likewise for rest 8 servers.

Now i want preference via  SP_A link to access these 10 server , do i have to do something on DNS servers ? if yes then DNS server of my company or DNS server of SPs ?

regards

Neo

Labels:
0 Helpful
10 Replies 10

cisco
Level 1
Level 1

‎08-14-2011 04:14 AM

Hi ,

Any help will be apperciated.

regards

Neo    

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-14-2011 04:53 AM

Hi Neo,

first of all how do you exchange the routing with your ISPs is it BGP ?

and from my undestanding is that you have serverfarm and those servers have public IPs from ISPA and diffrent IPs from ISPB

with DNS it can be done but not very experieinced with it howevr have a look at the bellow  link, but the ISP DNS could do it in addition to your DNS

http://www.wight-hat.com/guides/hosting/load-balanced-and-redundant-server-network/

also when you do static nat with diffrent public IPs using same source IP over diffrent exit interfaces try to use a route-map that match the exit interface per NAT statment

Example:

route-map ISPA
match interface fa1/1

route-map ISPB
match interface fa2/1

ip nat inside source static 10.1.1.1 100.1.1.1 route-map ISPA
ip nat inside source static 10.1.1.1 200.1.1.1 route-map ISPB

HTH

if helpful Rate

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎08-14-2011 08:27 AM

Hello,

From what I understood and based on your description, those webservers will be assigned public IP's from ISP A segment.

In this case, its certainly not possible because when the primary link goes down, then a manual intervention is needed to change the DNS entry on the dns server (the A records).

All solutios talks about IOS NAT loadbalancing and redundancy when you have NAT , and this is certainly possibly. But the problem comes when you have static webservers or email server reside inside your network that needs DNS records.

I have one solution though, it's basically a device that do inbound/outbound redundancy and loadbalancing , it's also works as an authoritative dns server so all your mapping and dns records are configured on this device.

Are you willing to purchase a nother device?

Please see below link :

www.ecessa.com

Regards,

Mohamed

Sent from Cisco Technical Support iPhone App

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to Mohamed Sobair

‎08-14-2011 04:19 PM

Hi Mohamed

why it is not possible to have redundant DNS entry ( multiple IPs per DNS name ) ?

i beleive it is one of the loadbalancing and redundancy methods of haveing multiple Datacenters and servers which is geeogrphiucaly located for redundancy and load sharing

such as The Cisco ACE GSS 4400 Series Global Site Selector (GSS), or on the server or application level too

- Neo ,  

here is a gudie that might be useful to have a look at, and consider the NATing example provided above too

Configure ISP Redundancy— Step by Step

http://microsoftguru.com.au/2011/04/26/ff-tmg-2010-configure-isp-redundancy-step-by-step/

HTH

pls rate the helpful posts

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎08-14-2011 04:59 PM

Marwan,

If the traffic is normal Internet traffic, then iOS NAT loadbalancing and redundancy would suffice.

However, if you have Webservers that needs (a records) on the ISP Dns server, then its not possible. The reason is because only ONE a record (name to ip address mapping) can be created at a time. If the main ISP link goes

Sent from Cisco Technical Support iPhone App

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎08-14-2011 05:10 PM

Sorry to continue,

If it's down , then the outside world would still point to the same ISP resulting in a packet being eventually dropped.

Unlike MX records which is used for exchange servers, you can have multiple entries per ip address with different priorities. But with webservers ,this is not possible.

If you have setup or worked on DNS servers , it should be known. hence,I have proposed different approach.

Unfortunately,, your suggestion of using ACE is not applicable and wouldn't be a solution for him as he is not looking for application redundancy as much as DNS issue.

I hope this clarifies my point

Regards,

Mohamed

Sent from Cisco Technical Support iPhone App

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Mohamed Sobair

‎08-15-2011 03:57 AM

Hi Neo,

I would suggest you to have two DNS records for high availability purpose. I have the same kind of setup and working fine without any issues.
There is some kind of priority set in the DNS record like primary ISP_A and if primary down secondary ISP_B will take the path. This is like A record priority.


Please rate the helpfull posts.
Regards,
Naidu.

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to Latchum Naidu

‎08-15-2011 08:23 AM

Thanks Naidu 5+ to confirm this setup as i was thinking it can be done this way but never done this way before  thats why i was not sure 100%

in this case Neo you need to get you DNS setup in the right way first then have your NATing configured using the example above

good luck

pls rate the helpful posts

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Marwan ALshawi

‎08-15-2011 11:17 PM

Hi Marwan,

You are most welcome and Yes that should work for Neo.
He need to make sure the below things...

1. Nating needs to be done individually with two different public IP's (Say in my case I have two Firewalls active/standby and a DMZ server have nated with different IP's (ISP_1 & ISP_2) in two Firewalls like below...

static (inside,outside) 197.197.197.11 10.27.9.41 netmask 255.255.255.255 --->Firewall 1 --->ISP-1
static (inside,outside) 206.206.206.57 10.27.9.41 netmask 255.255.255.255 --->Firewall 2 --->ISP-2

2. Neo need to contact his ISP who managing his A records and ask them to creat redundant A record by giving priority to IP which learning from his ISP-1

So that if the priority IP which learning through ISP-1 is unreachable then the second one which learning through ISP-2 will start resolving and take path.


Neo, Hope the above will be understand and clear you...

Gud luck
Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

cisco
Level 1
Level 1
In response to Latchum Naidu

‎08-16-2011 11:29 PM

Hi Mohamed / Naidu / Marwan,

Thanks for your valuable time on replying. After going through your posts , i did my search as well and after going through this URL . Mohamed is some what right about publishing multiple IP address pointing to single Domain name that it may cause problem when the link is down.

                                        But then for how long that website will be down depends on the TTL configured , so

Naidu / Marwan are also right that it is somewhat workable solution but for small enterprises.

thanks again all for your valuable contribution .

regards

Neo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card