WAN redundancy using PBR with 2 PPPoE dialer interface
I have a network topology with 2 PPPoE dialer interface from 2 different ISP's and both are pro actively monitored by IP SLA's. Implementing Policy Based routing, LAN 1 uplink use ISP1 gateway and the latter uses ISP 2 gateway. However, I am trying to improve the set up where I want to have a dual redundancy on each LAN networks.
Example Scenario For LAN 1:
- LAN 1 networks primary uplink is ISP1 gateway then will switch to ISP2 as ISP 1 gateway becomes unreachable via IP-SLA tracking. As ISP 1 goes back up, then will switch back again to its primary uplink.
- LAN 2 network uses ISP 2 gateway as its primary link and switchover to ISP 1 as the primary link goes down.
ISP1 gateway: XXX.XXX.XXX.XXX/32
ISP2 IP gateway: YYY.YYY.YYY.YYY/32
LAN1 Network: 10.4.3.0/24 (gateway: 10.4.3.253)
LAN2 Network: 10.0.0.0/24 (gateway: 10.0.0.253)
My problem is that I am having trouble with NAT as I am using both dialer (dialer 1 and 2) interfaces for each networks.
Your inputs will be greatly appreciated. Thanks!
multilink bundle-name authenticated ! ! ! ! redundancy ! ! ! ! ! controller VDSL 0/0/0 ! track 1 ip sla 1 reachability delay down 10 up 1 ! track 2 ip sla 2 reachability delay down 10 up 1 ! ! !
interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description WAN 1 - CAT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface GigabitEthernet0/1 description WAN 2 - ToT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 2 no cdp enable !
! note: for testing purposes, i change Gi0/2 interface based on LAN1 or LAN 2 testing though I have L3 switch from downstream network to cater both LAN networks.
interface GigabitEthernet0/2 description LAN INTERFACE ip address 10.0.0.253 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR-TO-INTERNET duplex auto speed auto ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0/0/0 no ip address shutdown ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap callin ppp chap hostname <ISP1@hostname.com> ppp chap password 0 <ISP1passw0rd> no cdp enable ! interface Dialer2 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 2 ppp authentication chap callin ppp chap hostname <ISP2@hostname.com> ppp chap password 0 <ISP2passw0rd> no cdp enable ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map NAT-TO-ISP1 interface Dialer1 overload ip nat inside source route-map NAT-TO-ISP2 interface Dialer2 overload ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX track 1 ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.YYY 200 ! ip access-list extended HQ-NETWORK-TO-INTERNET permit ip 10.4.3.0 0.0.0.255 any ip access-list extended MANSION-NETWORK-TO-INTERNET permit ip 10.0.0.0 0.0.0.255 any ! ip sla auto discovery ip sla 1 icmp-echo XXX.XXX.XXX.XXX source-interface Dialer1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo YYY.YYY.YYY.YYY source-interface Dialer2 ip sla schedule 2 life forever start-time now ! route-map NAT-TO-ISP2 permit 10 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer2 !
route-map NAT-TO-ISP2 permit 20 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer2
! route-map NAT-TO-ISP1 permit 10 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer1 !
route-map NAT-TO-ISP1 permit 20 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer1
! route-map PBR-TO-INTERNET permit 10 match ip address HQ-NETWORK-TO-INTERNET set ip next-hop verify-availability XXX.XXX.XXX.XXX 10 track 1
set interface Dialer1 Null0 ! route-map PBR-TO-INTERNET permit 20 match ip address MANSION-NETWORK-TO-INTERNET set ip next-hop verify-availability YYY.YYY.YYY.YYY 10 track 2 set interface Dialer2 Null0
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...
In a typical production SD-WAN deployment, we would probably have many remote sites connected via many different Internet connections to a centralized data center or a regional hub. In most regions in the world, Internet providers will always use some typ...