Re: wan links on router - Page 2

suthomas1 · ‎01-11-2014

Hi,

Our new location has two 2800-WAN router's. There will be two WAN links from different providers for backup(one primary & other secondary) in this location.

I have few doubts:-

1.Can we terminate both the links individually in two routers?

2.Is there a way to aggregate both link bandwidths together & use it during normal usage?

3.If one link fails, how would the other router know to start initiating traffic, is there any automatic way?

Appreciate all replies.

amsodhi · ‎01-11-2014

1.Can we terminate both the links individually in two routers? Yes --- There is no issue at all. Just terminate them on the layer 3 interfaces.

2.Is there a way to aggregate both link bandwidths together & use it during normal usage?Yes use PBR (Policy based routing on the Lan side to push some traffic from secondary link and rest from primary.).

3.If one link fails, how would the other router know to start initiating traffic, is there any automatic way? IPSLA can be configured for the failover, also with the PBR.

*The above solution is good if you are planning to use static routes. You may use other options also using BGP.

Let me know if you need sample configuration.

Amant

-Amant

paul driver · ‎01-13-2014

Hello

2.Is there a way to aggregate both link bandwidths together & use it during normal usage?Yes use PBR (Policy based routing on the Lan side to push some traffic from secondary link and rest from primary.-YES

This answer should be NO - Its not feasible- the definition of aggregation in this post could be confusing to others.

Aggregation is combining multiple links or ports together preferably on the same device unless something like vss is available which in this it isn't -so load balancing or load sharing would be a much applicable description and in this scenario load sharing would be the correct definition

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Bilal Nawaz · ‎01-12-2014

There are many ways of doing this, this is just one of them. I will be using OSPF to complete all the requirements.

Below is a diagram of my topology.

I have made all MPLS networks with the prefix begining 172.16.x.x

I have made all Corporate networks with prefix begining 10.10.x.x

Rest of the links are point to point as depicted.

You will see in routing tables on R1 and R2 just in case you wonder what they are.

Config - ASA [Not really using an ASA as I no longer have one (Juniper is my thing in security). Just using a router to simulate the routing process on the ASA]

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.252

ip ospf 1 area 0

!

interface FastEthernet0/1

ip address 172.16.0.1 255.255.255.252

ip ospf 1 area 0

!

router ospf 1

log-adjacency-changes

redistribute connected subnets

default-information originate

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Loopback100

I am generating the default route into ospf with default-information originate command. This advertises the default route downstream if I have a valid default route. In which case I have a static default dummy route pointing towards l100 for demonstration purposes.

ASA has a neighborship with R1 since its point to point. It also has a neighborship with the MPLS CE router at the HQ and this router will advertise to the ASA all the routes learned via the cloud.

Config on R1

interface FastEthernet0/0

ip address 10.0.0.2 255.255.255.252

ip ospf 1 area 0

!

interface FastEthernet0/1

ip address 10.0.1.1 255.255.255.252

ip ospf 1 area 1

!

router ospf 1

log-adjacency-changes

area 1 nssa default-information-originate

R1 has an OSPF adjacency with the ASA and the switch. Area 1 is nssa - but also injecting the default route towards itself from this area. Same will be done on R2.

Config on R2

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.252

ip ospf 1 area 0

!

interface FastEthernet0/1

ip address 10.0.2.1 255.255.255.252

ip ospf 1 area 1

!

router ospf 1

log-adjacency-changes

area 1 nssa default-information-originate

R2 has an adjacency with the MPLS CE [Customer Edge] Router. All the MPLS sites in the cloud connect to our MPLS VPN. Then the Service Provider advertises those routes back to us.

Config on SW

!

interface Loopback192

ip address 192.168.1.1 255.255.255.0

ip ospf 1 area 1

!

interface FastEthernet0/0

description *** Unused for Layer2 SW ***

ip address 10.0.2.2 255.255.255.252

ip ospf 1 area 1

!

interface FastEthernet0/1

description *** Unused for Layer2 SW ***

ip address 10.0.1.2 255.255.255.252

ip ospf 1 area 1

!

router ospf 1

log-adjacency-changes

area 1 nssa

passive-interface Loopback192

On SW thers just normal adjacency with R1 and R2, it will get the default route from both with the same metric - therefor will load-balance for anything that there is not a specific route for in the routing table, e.g. internet bound traffic.

192 network is our 'LAN' that we are advertising outbound. With this, all external type routes will be filtered from this area.

However if you wish to load balance for absolutely everything the on R1 and R2 instead of implementing the command:

router ospf 1

area 1 nssa default-information-originate

Filter all routes but the default routes... do this instead

router ospf 1

area 1 nssa default-information-originate no-summary

I will show the differences later...

See the routing tables now...

ASA:

ASA-HA#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

100.0.0.0/32 is subnetted, 1 subnets

C 100.0.0.1 is directly connected, Loopback100

172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks

O E2 172.16.4.0/24 [110/20] via 172.16.0.2, 00:01:01, FastEthernet0/1

O E2 172.16.5.0/24 [110/20] via 172.16.0.2, 00:01:01, FastEthernet0/1

O E2 172.16.6.0/24 [110/20] via 172.16.0.2, 00:01:01, FastEthernet0/1

C 172.16.0.0/30 is directly connected, FastEthernet0/1

O 172.16.1.0/30 [110/20] via 172.16.0.2, 00:01:02, FastEthernet0/1

O E2 172.16.2.0/24 [110/20] via 172.16.0.2, 00:01:02, FastEthernet0/1

O E2 172.16.3.0/24 [110/20] via 172.16.0.2, 00:01:02, FastEthernet0/1

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks

C 10.10.2.0/24 is directly connected, Loopback2

C 10.10.3.0/24 is directly connected, Loopback3

C 10.10.4.0/24 is directly connected, Loopback4

O IA 10.0.2.0/30 [110/30] via 172.16.0.2, 00:01:03, FastEthernet0/1

[110/30] via 10.0.0.2, 00:01:03, FastEthernet0/0

C 10.10.10.0/24 is directly connected, Loopback1

C 10.0.0.0/30 is directly connected, FastEthernet0/0

O IA 10.0.1.0/30 [110/20] via 10.0.0.2, 00:01:03, FastEthernet0/0

192.168.1.0/32 is subnetted, 1 subnets

O IA 192.168.1.1 [110/21] via 10.0.0.2, 00:01:03, FastEthernet0/0

S* 0.0.0.0/0 is directly connected, Loopback100

On the ASA we can see the routes for the MPLS being the 172.16 networks... note we can also see the 192.168. network from our site A... pings work both ways.

On R1:

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

100.0.0.0/32 is subnetted, 1 subnets

O 100.0.0.1 [110/11] via 10.0.0.1, 00:06:04, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks

O E2 172.16.4.0/24 [110/20] via 10.0.0.1, 00:03:23, FastEthernet0/0

O E2 172.16.5.0/24 [110/20] via 10.0.0.1, 00:03:23, FastEthernet0/0

O E2 172.16.6.0/24 [110/20] via 10.0.0.1, 00:03:23, FastEthernet0/0

O 172.16.0.0/30 [110/20] via 10.0.0.1, 00:06:04, FastEthernet0/0

O 172.16.1.0/30 [110/30] via 10.0.0.1, 00:06:06, FastEthernet0/0

O E2 172.16.2.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

O E2 172.16.3.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks

O E2 10.10.2.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

O E2 10.10.3.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

O E2 10.10.4.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

O 10.0.2.0/30 [110/20] via 10.0.1.2, 00:03:24, FastEthernet0/1

O E2 10.10.10.0/24 [110/20] via 10.0.0.1, 00:03:24, FastEthernet0/0

C 10.0.0.0/30 is directly connected, FastEthernet0/0

C 10.0.1.0/30 is directly connected, FastEthernet0/1

192.168.1.0/32 is subnetted, 1 subnets

O 192.168.1.1 [110/11] via 10.0.1.2, 00:03:24, FastEthernet0/1

O*E2 0.0.0.0/0 [110/1] via 10.0.0.1, 00:03:24, FastEthernet0/0

Here we see the default route from the ASA.

On R2

R2#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.1.1 to network 0.0.0.0

100.0.0.0/32 is subnetted, 1 subnets

O 100.0.0.1 [110/21] via 172.16.1.1, 00:08:02, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks

O E2 172.16.4.0/24 [110/20] via 172.16.1.1, 00:05:16, FastEthernet0/0

O E2 172.16.5.0/24 [110/20] via 172.16.1.1, 00:05:16, FastEthernet0/0

O E2 172.16.6.0/24 [110/20] via 172.16.1.1, 00:05:16, FastEthernet0/0

O 172.16.0.0/30 [110/20] via 172.16.1.1, 00:08:02, FastEthernet0/0

C 172.16.1.0/30 is directly connected, FastEthernet0/0

O E2 172.16.2.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

O E2 172.16.3.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks

O E2 10.10.2.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

O E2 10.10.3.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

O E2 10.10.4.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

C 10.0.2.0/30 is directly connected, FastEthernet0/1

O E2 10.10.10.0/24 [110/20] via 172.16.1.1, 00:05:18, FastEthernet0/0

O 10.0.0.0/30 [110/30] via 172.16.1.1, 00:08:04, FastEthernet0/0

O 10.0.1.0/30 [110/20] via 10.0.2.2, 00:05:18, FastEthernet0/1

192.168.1.0/32 is subnetted, 1 subnets

O 192.168.1.1 [110/11] via 10.0.2.2, 00:05:18, FastEthernet0/1

O*E2 0.0.0.0/0 [110/1] via 172.16.1.1, 00:05:18, FastEthernet0/0

On R2 we see the default route from the ASA however this is recieved via the MPLS CE router. The MPLS router advertises the same routes that are learned to us at R2.

Now for the SW

SW1-SW#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.2.1 to network 0.0.0.0

100.0.0.0/32 is subnetted, 1 subnets

O IA 100.0.0.1 [110/21] via 10.0.1.1, 00:13:48, FastEthernet0/1

172.16.0.0/30 is subnetted, 2 subnets

O IA 172.16.0.0 [110/30] via 10.0.2.1, 00:10:34, FastEthernet0/0

[110/30] via 10.0.1.1, 00:13:48, FastEthernet0/1

O IA 172.16.1.0 [110/20] via 10.0.2.1, 00:10:34, FastEthernet0/0

10.0.0.0/30 is subnetted, 3 subnets

C 10.0.2.0 is directly connected, FastEthernet0/0

O IA 10.0.0.0 [110/20] via 10.0.1.1, 00:13:49, FastEthernet0/1

C 10.0.1.0 is directly connected, FastEthernet0/1

C 192.168.1.0/24 is directly connected, Loopback192

O*N2 0.0.0.0/0 [110/1] via 10.0.2.1, 00:10:36, FastEthernet0/0

[110/1] via 10.0.1.1, 00:13:50, FastEthernet0/1

Here notice that we see all O IA routes and a single default route by making this a not so stubby area. None of the E2 type routes are showing towards the MPLS cloud e.g. 172.16.2.0 and 172.16.3.0

Since we have two default routes here, for any outbound traffic that the router doesnt have a route for, the router will end up sending traffic via both of these routes.

Anyway im going to inject the default in this not so stubby area by implementing - area 1 nssa default-information-originate no-summary on R1 and R2. This will filter out routes and advertise the default only.

SW1-SW#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.2.1 to network 0.0.0.0

10.0.0.0/30 is subnetted, 2 subnets

C 10.0.2.0 is directly connected, FastEthernet0/0

C 10.0.1.0 is directly connected, FastEthernet0/1

C 192.168.1.0/24 is directly connected, Loopback192

O*IA 0.0.0.0/0 [110/11] via 10.0.2.1, 00:00:23, FastEthernet0/0

[110/11] via 10.0.1.1, 00:00:05, FastEthernet0/1

SW1-SW#

Now we have a case where absolutely everything that this site does not how to route to will make use of both links.

If the metrics were different we would not able to use both links. Because they are the same we can.

For failover now. ASA is advertising the 100.0.0.1 network out, I will subsequently find which path is taking to get there and shut it down.

SW1-SW#traceroute 100.0.0.1

Type escape sequence to abort.

Tracing the route to 100.0.0.1

1 10.0.2.1 32 msec

10.0.1.1 20 msec

10.0.2.1 44 msec

2 10.0.0.1 52 msec

172.16.1.1 56 msec *

Seems to be going via MPLS for now, I will shut the MPLS link down from R2. Then we should be left with one default route via R1.

SW1-SW#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.1.1 to network 0.0.0.0

10.0.0.0/30 is subnetted, 2 subnets

C 10.0.2.0 is directly connected, FastEthernet0/0

C 10.0.1.0 is directly connected, FastEthernet0/1

C 192.168.1.0/24 is directly connected, Loopback192

O*IA 0.0.0.0/0 [110/11] via 10.0.1.1, 00:09:36, FastEthernet0/1

SW1-SW#

SW1-SW#traceroute 100.0.0.1

Type escape sequence to abort.

Tracing the route to 100.0.0.1

1 10.0.1.1 20 msec 20 msec 24 msec

2 10.0.0.1 40 msec * 28 msec

SW1-SW#

Here we can still get to 100.0.0.1, its the same if we failover the other way, shutting the path down from R1 but having R2 as active. We have full resiliency and also making use of both links bandwidth available.

Thats all 3 requirements met, but there are many ways to accomplish this.

hth.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.