WAN redundancy using PBR with 2 PPPoE dialer interface
I have a network topology with 2 PPPoE dialer interface from 2 different ISP's and both are pro actively monitored by IP SLA's. Implementing Policy Based routing, LAN 1 uplink use ISP1 gateway and the latter uses ISP 2 gateway. However, I am trying to improve the set up where I want to have a dual redundancy on each LAN networks.
Example Scenario For LAN 1:
- LAN 1 networks primary uplink is ISP1 gateway then will switch to ISP2 as ISP 1 gateway becomes unreachable via IP-SLA tracking. As ISP 1 goes back up, then will switch back again to its primary uplink.
- LAN 2 network uses ISP 2 gateway as its primary link and switchover to ISP 1 as the primary link goes down.
ISP1 gateway: XXX.XXX.XXX.XXX/32
ISP2 IP gateway: YYY.YYY.YYY.YYY/32
LAN1 Network: 10.4.3.0/24 (gateway: 10.4.3.253)
LAN2 Network: 10.0.0.0/24 (gateway: 10.0.0.253)
My problem is that I am having trouble with NAT as I am using both dialer (dialer 1 and 2) interfaces for each networks.
Your inputs will be greatly appreciated. Thanks!
multilink bundle-name authenticated ! ! ! ! redundancy ! ! ! ! ! controller VDSL 0/0/0 ! track 1 ip sla 1 reachability delay down 10 up 1 ! track 2 ip sla 2 reachability delay down 10 up 1 ! ! !
interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description WAN 1 - CAT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface GigabitEthernet0/1 description WAN 2 - ToT ISP no ip address ip virtual-reassembly in duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 2 no cdp enable !
! note: for testing purposes, i change Gi0/2 interface based on LAN1 or LAN 2 testing though I have L3 switch from downstream network to cater both LAN networks.
interface GigabitEthernet0/2 description LAN INTERFACE ip address 10.0.0.253 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map PBR-TO-INTERNET duplex auto speed auto ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0/0/0 no ip address shutdown ! interface Dialer1 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap callin ppp chap hostname <ISP1@hostname.com> ppp chap password 0 <ISP1passw0rd> no cdp enable ! interface Dialer2 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 2 ppp authentication chap callin ppp chap hostname <ISP2@hostname.com> ppp chap password 0 <ISP2passw0rd> no cdp enable ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map NAT-TO-ISP1 interface Dialer1 overload ip nat inside source route-map NAT-TO-ISP2 interface Dialer2 overload ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX track 1 ip route 0.0.0.0 0.0.0.0 YYY.YYY.YYY.YYY 200 ! ip access-list extended HQ-NETWORK-TO-INTERNET permit ip 10.4.3.0 0.0.0.255 any ip access-list extended MANSION-NETWORK-TO-INTERNET permit ip 10.0.0.0 0.0.0.255 any ! ip sla auto discovery ip sla 1 icmp-echo XXX.XXX.XXX.XXX source-interface Dialer1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo YYY.YYY.YYY.YYY source-interface Dialer2 ip sla schedule 2 life forever start-time now ! route-map NAT-TO-ISP2 permit 10 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer2 !
route-map NAT-TO-ISP2 permit 20 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer2
! route-map NAT-TO-ISP1 permit 10 match ip address HQ-NETWORK-TO-INTERNET set interface Dialer1 !
route-map NAT-TO-ISP1 permit 20 match ip address MANSION-NETWORK-TO-INTERNET set interface Dialer1
! route-map PBR-TO-INTERNET permit 10 match ip address HQ-NETWORK-TO-INTERNET set ip next-hop verify-availability XXX.XXX.XXX.XXX 10 track 1
set interface Dialer1 Null0 ! route-map PBR-TO-INTERNET permit 20 match ip address MANSION-NETWORK-TO-INTERNET set ip next-hop verify-availability YYY.YYY.YYY.YYY 10 track 2 set interface Dialer2 Null0
The cat's out of the bag! In October 2020, Cisco announced the Next Generation of Enterprising Routing Platforms: the Catalyst 8000 Edge Platforms Family including the Catalyst 8200, Catalyst 8300, Catalyst 8500, and Catalyst 8000V. The new family of Cats...
Community Live- Smart Licensing Using Policy (Routing) – A Simplified Licensing Approach
(Live event - Tuesday, 18 May, 2021 at 9:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)
This event will have place on Tuesday 18th, May 2021 at 9:00 hrs PDT&nb...
Welcome to the overview guide that covers the latest in Cisco Networking and Data Center innovations and new product introductions. You'll find information on Intent Based Networking updates, special promotions and free trials, as well as exclusive upcom...
Listen: https://smarturl.it/CCRS8E13 99% of organizations use certifications to make hiring decisions. The reason is simple: Cisco certifications bring valuable, measurable rewards to certified IT professionals and the organizations that employ them....
Cisco AI Endpoint Analytics – Deployment guide
This deployment guide is meant for Cisco AI Endpoint Analytics adoption for customers, partners and everyone focusing on Endpoint Visibility and to how achieve it with Endpoint Analytics. It has sections that...