07-02-2010 05:51 AM - edited 03-06-2019 11:52 AM
Hi All,
I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .
Thanks
Taran
07-05-2010 10:22 PM
You need to use PBR concept in order to achieve load balancing. As a first step, you need to determine which traffic goes through which ISP. Once you determine that, you can write an access-list to match interesting traffic. Then you need to write a route-map to set the next hop for that traffic.
Example:
Let us assume that you want to send all HTTP traffic through ISP 2 and all other traffic through ISP 1. Then your configuration on the router looks something like below:
IP route 0.0.0.0 0.0.0.0
IP route 0.0.0.0 0.0.0.0
access-list 101 permit tcp any any eq 80
route-map ISP2 10
match ip address 101
set ip next-hop
interface
ip policy route-map ISP2
The above configuration will ensure that all your outbound HTTP traffic goes over ISP2 link while rest of the traffic will go over ISP1 link. If your ISP has given you a pool of addresses to use on your firewall and have assigned a seperate IP address pool for the link between your router and the ISP, then you can do the NAT on the firewall itself and then write the access-list based on the Public IP addresses. If you are sharing the same range of usable addresses on your ISP links, you could do the NAT on eithre the firewall or the router. If you are doing it on the firewall, make sure that routr is not doing the RPF check. Hope this helps.
07-05-2010 10:52 PM
Hi All,
I have one ISR router having two internet links to two different ISPs and having different IP pool from both of them , LAN IP add are of 10.88.0.0 series .I have put two default routes towards both ISPs. Now I have two requirements , first is to load balance and second is to do NAT . I have a switch connected to this router and then a firewall. I have to NAT firewall's IP with WAN pool or if possible , i can even nat with other IP add but my main requirement is to make through the internet to LAN by combining the bandwith of both ISPs. Plz help me in this .
Thanks
Taran
Hi Taran,
As suggested by Nagaraj Route map will do the load balancing of isp traffic with natting configuration on router, for load balancing you can use 2 default routes each pointing a different ISP as next-hop. Because of their admin distances will be same so your outgoing traffic will be load balanced between two ISP. After that you can use nat with route maps. This makes router to decide which "nat overload" statement will be used based on next-hop.
ip nat pool provider1-space ...
ip nat pool provider2-space ...
ip nat inside source route-map provider1-map pool provider1-space
ip nat inside source route-map provider2-map pool provider2-space
route-map provider1-map permit 10
match ip address 1
match interface E1 -> your int. that goes to ISP1
route-map provider2-map permit 10
match ip address 1
match interface E2 -> your int. that goes to ISP2
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
07-07-2010 02:19 AM
Hi Ganesh,
Thanks for reply.I am also plannning this solution but I think if I wll add interface rather than public pool from isp and also will add SLA then i think it wll load balance . what u say ??
Thanks
taran
07-07-2010 02:33 AM
Hi Taran,
You are right best recommended to have ip address configured insipte of
interface with sla configured for automatic failover without manual
intervention.
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
07-07-2010 02:40 AM
Hi Ganesh,
Let me check this scenario on this upcoming Saturday or Sunday. Then I wll give you the results.
Thanks
Taran
07-07-2010 06:03 AM
SLA configuration is typically used for redundancy purposes. You can certainly use the SLA to ensure that if one of the ISP goes down, other will take over. But for load balancing, you still need to do the configuration manually. You need to identify interesting traffic and then force it to go via one of the ISP. Rest of the traffic will go via the other ISP. If you are running running a dynamic routing protocol (like EIGRP) with both ISP's, then the routing protocol will take care of the load-balancing part. Hope this helps.
Regards,
NT
07-11-2010 07:15 AM
Hi ALL,
I have tried this stuff with route-maps and access-lists but there is one problem which I am getting that is I have two different public IP pool and also different Name servers . It means I have to create lot of route maps statements because I have done static NAT previously , I can not do NAT with the total LAN pool.
What you say ??
Thanks
Taran
07-11-2010 10:22 PM
Hi ALL,
I have tried this stuff with route-maps and access-lists but there is one problem which I am getting that is I have two different public IP pool and also different Name servers . It means I have to create lot of route maps statements because I have done static NAT previously , I can not do NAT with the total LAN pool.
What you say ??
Thanks
Taran
Hi Taran,
Can you elobarate more what exactly is the issue are you facing.
Ganesh.H
07-12-2010 12:10 AM
HI Ganesh,
As you know I have 2 ISPs and connected to same router . Both ISP provide different public IP pool and DNS servers for internet connectivity , now my requirement is that half of traffic will go on one interface and half on other int and in present scenario I have implemented static NAT .plz help me to sort out this issue.
Thanks
Taran
07-21-2010 11:09 PM
can anyone help to sort out this ?
07-22-2010 02:48 AM
Just add static routes to the DNS servers (to provide each DNS traffic to be sent via respective ext. interface), and everything will work fine.
07-22-2010 04:06 AM
Taran,
For your Static Nat , I am afraid that you dont have the option of loadbalancing, with Static Nating it should only traverse the desired ISP link , if its down your static Nat wont work.
HTH
Mohamed
07-23-2010 12:25 AM
Hi
You are totally right ? I am also confuse about the exact solution . SO what you say about the right solution ? I am thinking to create two route-maps with matching LAN ACL and also the WAN int within the route-map then same will be to other route-maps Now both route-maps will be called to NAT. But I am not sure about it !
Thanks
taran
07-23-2010 04:52 AM
Taran,
what you are saying is correct, however, I would suggest you also to implement IP Sla for both ISPs, this will ensure you have redundancy and loadbalancing in place as well.
HTH
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide