Hi, that static route sounds

buzzhani1 · ‎06-22-2015

I have a cisco 1900 series router and two modems from two different ISPs; i also have 24-port switch connecting some ubiquiti access points to the network. The configuration i want to achieve is to have one of the ISPs as the primary network and if for any reason their link fails, the other ISP picks up automatically. So what i want is a backup network in some sense. I've read online about BGP being a possible solution but i don't even know where to start. Are there alternatives to using BGP? Please how do i achieve this?

Thanks in advance.

marioderosa2008 · ‎06-22-2015

Hi,

there are many ways to achieve this.

You can use Policy Based Routing & IP SLA object tracking so that the next hop for all destinations changes to the backup ISP in the event of either a link going down, or, an IP address ( reachable only via the primary ISP) becomes unreachable.

Please note though that during a failover, the source address of your packets when they traverse the internet (or the NAT/PAT address) will change. Bare that in mind if you are accessing services tied down to IPs.

Also note that this will not work for inbound traffic.

Mario

marioderosa2008 · ‎06-22-2015

Just to add, BGP is definately the best way, but to achieve true redundancy when peering with two ISP's, you will need

A) knowledge of BGP and how to ensure you do not become a transit AS

B) your own AS number and private IPv4 address space.

C) purchase a BGP peering service from both ISP's.

Mario

Reza Sharifi · ‎06-22-2015

You can use static route to achieve the same thing. Use a default route with default admin distance to your primary provider and use another default route to your backup service provider with a higher admin distance.

example:

primary

ip route 0.0.0.0 0.0.0.0 <the ip address of the primary provider>

backup

ip route 0.0.0.0 0.0.0.0 <the ip address of the backup provider> 100

HTH

marioderosa2008 · ‎06-22-2015

Hi Reza,

that will only work if the physical router interface plugging in to the primary ISP modem goes DOWN/DOWN.

If there is an issue with the internet in ISP 1, the backup static route will not trigger i'm afraid.

Mario

Reza Sharifi · ‎06-22-2015

Hi Mario,

My apologies.

You are correct. I should have said that it will only work if the physical layer goes down.

The combination of static routes and IP SLA should get him close to what he is trying to do without running BGP.

Thanks,

Reza

buzzhani1 · ‎06-22-2015

Hello Reza,

So you're saying all i need to do is to login into my command line as type in these commands without doing nothing else?

ip route 0.0.0.0 0.0.0.0 <the ip address of the primary provider>

backup

ip route 0.0.0.0 0.0.0.0 <the ip address of the backup provider> 100

Thanks

Reza Sharifi · ‎06-22-2015

Hi,

Yes, applying these 2 commands on your 1900 route will make one ISP primary and the other ISP backup. This will help you in a case where your primary provider connection goes down. If your router and the IOS can supported it, you may want to add the IP SLA solution recommend by Mario, in case there is any issue beyond your directly connected provider.

Here are a couple of links for info on IP SLA:

http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_sla/configuration/guide/hsla_c/hsicmp.html

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_icmp_echo.html

HTH

buzzhani1 · ‎06-22-2015

Okay thanks very much. I will take a look at that right now. However, going back to your solution, (just as a confirmation) if the primary network goes off, i would have to manually disconnect the ethernet cable connecting it to the router and plug the backup modem right..?

Reza Sharifi · ‎06-22-2015

Hi,

No, you should be able to connect one provider to one port on the 1900 router and the other provider to another port on the same router. When the primary connection goes down, the backup should take over without any manual intervention.

HTH

buzzhani1 · ‎06-22-2015

Okay got it. Thanks

marioderosa2008 · ‎06-23-2015

Make sure that the IP address you are tracking is only reachable through ISP 1...

so I would track the IP address of the WAN interface of the ISP1 router. Because if the WAN goes down, that should trigger the failover.

If you have Dynamic IP's on your ISP routers, then you will need to either ask your ISP for an IP you can track, like DNS server or something, or, you can just use a static route on your 1900 to force an IP only reachable via ISP1.

Mario

buzzhani1 · ‎06-23-2015

hello

one more question please,

Should the network parameter on the ip route command be the IP address of the router or the network? For example if my router is on 192.168.1.1, should the network parameter be 192.168.1.1 or 192.168.1.0 ?

Thanks

Reza Sharifi · ‎06-23-2015

The IP address of the router (192.168.1.1 in your example).

HTH

marioderosa2008 · ‎06-24-2015

Hi, that static route sounds wrong...

If the LAN interface of your ISP 1 router is configured with 192.168.1.1 for instance, then that is directly connected to the 1900, so the 1900 interface will have an ip like 192.168.1.x... so you do not need a static route for 192.168.1.0/24 network...

What you should do is find out the WAN IP of your ISP router... and put a static route in for that...

Remember, you want to know if the Internet is unreachable... so you need to monitor the WAN interface if you have a statically assigned IP. If you have a dynamic IP, then some people just put a static route to googles DNS servers made available only via ISP 1 like below...

ip route 8.8.4.4 255.255.255.255 192.168.1.1 name FORCE-GOOGLE-DNS-TO-ISP1

That way, if you set up your tracking object to monitor Googles DNS server, it can only reach it through ISP 1... so if the LAN, OR WAN OR a Core ISP1 failure happens, Google DNS server will be unreachable and then your tracking object will fail and the failover should then occur.

Mario

Using an ISP as a backup network