dual LAN dual ISP failover only

sergii.vinnikov · ‎08-12-2016

Hello everyone

What we have

WAN1, WAN2, LAN1, LAN2

Simply 2 conditions:

1) we need to route and provide access to internet for LAN1 only over WAN1 and if WAN1 failed - failover to WAN2

2) LAN2 should work always over WAN2, and switch to WAN1 only if it failed.

What i have configured in GNS test scenario you can find in attachment, tracking, pbr, nat route-map.. everything looks fine.

Here is how configuration is looks like:

R1#show runn
Building configuration...

version 15.2
hostname R1
ip tcp synwait-time 5
ip ssh version 1
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
interface FastEthernet0/0
description WAN1
ip address 10.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface FastEthernet0/1
description WAN2
ip address 10.2.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Ethernet1/0
description LAN172
ip address 172.24.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map WAN1
!
interface Ethernet1/1
description LAN192
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map WAN2
!
!
ip nat inside source route-map SNAT interface FastEthernet0/0 overload
ip nat inside source route-map SNAT2 interface FastEthernet0/1 overload
!
ip sla auto discovery
ip sla 1
icmp-echo 10.1.1.2
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.2.1.2
ip sla schedule 2 life forever start-time now
access-list 1 permit 172.24.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 10 permit 172.24.0.0 0.0.0.255
access-list 20 permit 192.168.0.0 0.0.0.255
no cdp log mismatch duplex
!
route-map SNAT permit 10
match ip address 1
match interface FastEthernet0/0
!
route-map SNAT2 permit 10
match ip address 1
match interface FastEthernet0/1
!
route-map WAN1 permit 10
match ip address 10
set ip next-hop verify-availability 10.1.1.2 1 track 1
set ip next-hop verify-availability 10.2.1.2 2 track 2
!
route-map WAN2 permit 10
match ip address 20
set ip next-hop verify-availability 10.2.1.2 1 track 2
set ip next-hop verify-availability 10.1.1.2 2 track 1
!
!
end

at GNS3 it is working fine as i can see, all packets from R9 is going in correct way to R5 and R6

But in real life, when i export that config to working 1921 switch with c1900-universalk9-mz.SPA.154-3.M3.bin i have a packet losses near 40-50% Like it is trying to work over second subnet and dropped, and so on.

Nothing special on real equipment, same commands.. The only thing that I am using 7200 image 15.2 in GNS3.

But i dont thing this could be the reason?

I on working on this topic almost second week, may be you can show me what i am doing wrong?

Thank you beforehands!

howardwen · ‎09-06-2016

no one follow this?

sergii.vinnikov · ‎09-06-2016

Hello Howard,

i am still working on this case, for now have only solution with "load balancing" between 2 ISPs, a little different from initial approach. This case will also work for my scenario.

It is still same conditions, with a little modification in config, and i have balancing

Like 1 ISP - 8 mbit

2nd ISP - 8 mbit

LAN1 can utilize both channels, but limited to 10 mbit

LAN2 - same thing

So a little better throughput then planned, but will not work in some other scenarios.

May be someone here will point me correct direction and i can optimize/test my schema later.

Regards,

Sergii

howardwen · ‎09-06-2016

Hello sergii,

Tks, I just want to know how to configure 2 WANs for 1 LAN user..

and then searched your this question.