Re: Terminating 3 ISP & GRE Tunnel

keven.jones · ‎01-11-2011

Dear all,

ISP on each circuit cannot provide more than 3MB, so soon will get three circuit each of 3MB. ISP recommends to terminate all the links on Layer2 switch and have a trunk to the Router. I need all experts opinion on this proposed setup. We currently got 2811 with two GigaEthernet ports. We plan to have three GRE over IPSEC Tunnels (One tunnel for each circuit) to load balance/load Share/redundancy.

Please help

thanks

Keven

Richard Burts · ‎01-11-2011

Keven

Using 3 separate ISPs makes good sense to get the amount of bandwidth if all of your network traffic originates inside and your network and goes out to the Internet. If some traffic is originated in the Internet and needs to get into your network (if you had servers that need to be reachable from the Internet or something like that) then 3 separate ISPs is problematic.

I mostly agree with the suggestion about terminating the ISP circuits on a layer 2 switch and trunking to the router. If you do not use the router then you need at least 4 high speed Ethernet interfaces on the router. On a 2811 that could be a stretch. And the 2 Gig interfaces that you currently have would be adequate if you use the switch.

I am puzzled about the part where you plan to have 3 GRE tunnels for load balancing/load sharing. If one end of the GRE tunnel is on your router, then where is the other end of the tunnels? Would it be on the ISP? Would it be somewhere beyond the ISP?

HTH

Rick

HTH

Rick

keven.jones · ‎01-11-2011

Thanks Rick

Will only have Outlook Web Access Server to be accessed from outside to inside and for now we are not looking at redundancy for this service.

The 3 GRE over IPSEC tunnels will connect to our HQ office. On LAN segment we got OSPF running in single area, not sure if I can use the same area for GRE. I also need support in config

thanks

Keven

Richard Burts · ‎01-15-2011

Keven

If you have only one server that is accessible from the Internet and if you are not concerned about redundancy in connection for that server then circuits from 3 ISPs should work ok.

I think I understand that one end of the GRE tunnels will be on your HQ office. I do not understand where the other end of the tunnel will be?

It is difficult to give you good advice about OSPF without knowing more about your network environment. But I will say that many networks successfully use an OSPF area on the LAN and on GRE tunnels.

HTH

Rick

HTH

Rick

keven.jones · ‎01-15-2011

Hi Rick

All 3 GRE tunnel end will be at HQ, if one ISP is down still reachability is there.I need help on configuring three ISP on Layer2 Switch and trunking to a router.

thanks

Keven

MNBE_Cisco · ‎01-16-2011

I would not take the advice from the sales rep in terminating 3 circuits into a L2 switch and then trunk to the router. The best configuration for the serineo that you describe would be to add 2 more routers and use GLBP to load balance/ and have real redundancy built into your configuration. Second best option would be add a HWIC-2FE to your current 2811 (if you have open slots and a recent IOS, 12.24 or higher) then have your ISP deliver these circuits to you as PPP links then you can configure a PPP multilink and can load-balance this way but would not be able to configure 3 separate IPSEC GRE tunnels but one tunnel would work in the same manner, say one of your links go down, your termination point for your GRE tunnel is your multilink interface so it would stay up as long as one of the three circuits is operational.

\\The L2 switch is also single point of failure for all three links. The ISP is not going to provide you with 3 circuits in the same IP space so the only way for this to even work would be to configure your VLAN with an IP address that covers all three circuits for your default gateway and same thing you will not be able to configure 3 GRE tunnels back to your HQ and not real sure how the traffic would effectively load-balance across the three circuits from the switch as you can only have 1 default gateway on a L2 switch even if you use a L3 switch the other gateways are just backup or floating routes if the primary fails. I would like to see their configuration plan for this.

keven.jones · ‎01-16-2011

Hi Walter,

ISP cannot provide all links in one public subnet and the links cannot be ppp as well. How it will differ if the three links are from different isp.

I was also seeking config help in the forum to terminate 3 links on L2 switch and a trunk to router.

thanks

Keven

Richard Burts · ‎01-16-2011

Keven

PPP Multilink might be an interesting alternative if you had point to point serial interfaces but not for Ethernet.

What you need to set up the connections on a switch and trunk to the router might look something like this:

**switch**

vlan 100

name ISP1

vlan 200

name ISP2

vlan 300

name ISP3

interface fastethernet0/1

switchport access vlan 100
switchport mode access

interface fastethernet0/2

switchport access vlan 200
switchport mode access

interface fastethernet0/3

switchport access vlan 300

switchport mode access

interface fastethernet 0/4

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk

**router**

interface gig0/1.100

encapsulation dot1q 100

ip address 1.1.1.2 255.255.255.252

interface gig0/1.200

encapsulation dot1q 200

ip address 1.1.2.2 255.255.255.252

interface gig0/1.300

encapsulation dot1q 300

ip address 1.1.3.2 255.255.255.252

Once you get the connections configured and working there are a few other things that you will need to work out and configure:

- how will you set up routing to use all 3 connections?

- if you lose connectivity to the ISP on one of the connections will the routing recognize and react to this loss?

- will you need to do Network Address Translation?

- if you are doing NAT will it need to work differently on each of the 3 connections (if all connections are to the same ISP probably not, if connections are to different ISPs probably do need to work differently).

HTH

Rick

HTH

Rick