Dual WAN with PBR problem no load balancing

Italjapan · ‎01-13-2013

Hi,

I'm configuring a Cisco 2600 (IOS 12.4) router with 3 ethernet ports:

- LAN Port

- WAN 1 port (First ISP)

- WAN 2 port (Second ISP)

I need:

- Fault-tolerant/ Load balancing WAN connection with the two ISP connection using NAT from LAN

- access from TCP/23 FIRST-ISP IP (X.X.X.X) and SECOND-ISP IP (Y.Y.Y.Y) to TCP/23 of a LAN SERVER (I assigned to 2 IP Z1.Z1.Z1.Z1 and Z2.Z2.Z2.Z2 address to the ethernet interface of the server)

I used this configuration:

...

interface FastEthernet0/0

description LAN

ip address Z.Z.Z.Z 255.255.255.0

ip nat inside

ip policy route-map TCP23-in

duplex auto

speed auto

!

interface FastEthernet0/1

description FIRST-ISP

ip address X.X.X.X 255.255.255.248

ip nat outside

duplex auto

speed auto

!

interface Ethernet1/0

description SECOND-ISP

ip address Y.Y.Y.Y 255.255.255.248

ip nat outside

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1

ip route 0.0.0.0 0.0.0.0 Y1.Y1.Y1.Y1

!

no ip http server

no ip http secure-server

ip nat inside source static tcp Z1.Z1.Z1.Z1 23 interface Ethernet1/0 23

ip nat inside source static tcp Z2.Z2.Z2.Z2 23 interface FastEthernet0/1 23

ip nat inside source route-map FIRST-ISP interface FastEthernet0/1 overload

ip nat inside source route-map SECOND-ISP interface Ethernet1/0 overload

ip access-list extended TRAFFIC-FROM-Z1.Z1.Z1.Z1

permit tcp host Z1.Z1.Z1.Z1eq 23 any

ip access-list extended TRAFFIC-FROM-Z2.Z2.Z2.Z2

permit tcp host Z2.Z2.Z2.Z2 eq 23 any

access-list 110 permit ip Z.Z.Z.0 0.0.0.255 any

route-map TCP23-in permit 10

match ip address TRAFFIC-FROM-Z1.Z1.Z1.Z1

set interface FastEthernet0/1

!

route-map TCP23-in permit 20

match ip address TRAFFIC-FROM-Z2.Z2.Z2.Z2

set interface Ethernet1/0

!

route-map FIRST-ISP permit 10

match ip address 110

match interface FastEthernet0/1

!

route-map SECOND-ISP permit 10

match ip address 110

match interface Ethernet1/0

...

The configuration works fine for this:

- access from TCP/23 FIRST-ISP IP and SECOND-ISP IP to TCP/23 of a LAN server (I assigned to 2 IP address to the ethernet interface of the server)

My problem is that i have Fault-tolerant WAN connection with the two ISP connection using NAT from LAN, but not load balancing.

If i try to shutdown the FIRST-ISP interface, the router start to use the default route to SECOND-ISP route making NAT, but if the two interfaces are "no shutdown", the router use only FIRST-ISP route.

I tried with the SERVER making a lot of HTTP connection to http://www.whatismyip.com/.

Please help me.

Thanks

Andras Dosztal · ‎01-13-2013

The replies to incoming requests are sent to the right ISP because of the NAT sessions.

For outgoing traffic, in the setup you're using PBR for TCP 23, but testing it with HTTP. If you want all traffic to be load balanced, take out the "eq 23" from your access lists.

Italjapan · ‎01-13-2013

Hi,

i've not problem with incoming traffic to TCP/23 like i wrote here:

"The configuration works fine for this:

- access from TCP/23 FIRST-ISP IP and SECOND-ISP IP to TCP/23 of a LAN server (I assigned to 2 IP address to the ethernet interface of the server)"

and i'm not using "For outgoing traffic, in the setup you're using PBR for TCP 23".

My problem is that using this two routes:

- ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1 (FIRST-ISP)

- ip route 0.0.0.0 0.0.0.0 Y1.Y1.Y1.Y1 (SECOND-ISP)

the router is not load balancing the traffic but using only:

- ip route 0.0.0.0 0.0.0.0 X1.X1.X1.X1 (FIRST-ISP)

start to use the second route only if the first route is not available.

I made my configuration reading this:

https://supportforums.cisco.com/thread/2067691

Thanks

Italjapan · ‎01-13-2013

I was wrong...

Per-destination load balancing is enabled by default when you enable CEF:

http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfcefc.html#wp1000875

I was trying to ping the same destination and the route was the same.

But if I try to "traceroute" different destination, the router randomize the outgoing route.

Bye