Assumption:. Single router with multiple WAN interfaces. Following thread could be a useful reference for those who may want to configure a Cisco router to do load balancing on outbound traffic across 2 Internet connections (i.e. Cable/DSL); by utilize OER (Optimized Edge Routing) with only static routes to each line (without deploying BGP at all on either line).»Contributed by: AngralituxNote:Keep in mind that some applications require consistent IP address at all times. If you use multiple public IP addresses to connect to hosts within the Internet (either outbound or inbound), then your connections might not be stable or even fail to connect.Check out the following FAQ for more info regarding the use of multiple IP addresses for redundancy to keep stable connections.» »Sample ConfigurationBelow is a full working sample configuration based on the thread:Network SetupThe above sample configuration comes from Cisco 2620XM with NM-4E module installed, running Cisco IOS 12.4.3 version. The Ethernet 1/0 goes to a NAT box #1 that connect to ISP #1 and the Ethernet 1/1 goes to another NAT box #2 of ISP #2. NAT box #1 inside interface that goes to the Ethernet 1/0 has IP address of 172.16.0.1.
Mar 4, 2018 - Cisco Performance Routing - Dual ISP's, Single Router. It would not provide load-balancing of those links though. PfR provides both. @Lbaker, what adaptr is saying is, if you want your users to load balance when going out of your network, then you can use hardware and/or software to do this. If you want the world to reach your office and load balance between two ISP than you need those ISP to talk and configure accordingly. – Alex Oct 26 '11 at 18:44.
Likewise, the NAT box #2 inside interface that faces the Ethernet 1/1 has IP address of 172.16.0.5. Each NAT box outside interface IP address is the corresponding public IP address from their own ISP.
As the LAN side, there are FastEthernet 0/0.21 and FastEthernet 0/0.22 on the 2620XM.Please note that to make the OER works, your router setup does not necessary have to be exactly the same as the sample. The LAN side can be only one subnet for example.Keep in mind that as prerequisite, the router needs to be able to go out to the Internet via either ISP. This sample configuration assumes basic connections to either ISP are already working. When this is not the case, please refer to different FAQ topics on how to properly setup your router (i.e. PPP/PPPoE/PPPoA, Static, DHCP).Another essential issue is that how I setup the network. As previously mentioned, I use one dedicated NAT box for each ISP connection.
Therefore the NAT and PAT process are not done at the 2620XM router. Instead they are done at each of the NAT box. The diagram below shows the network setup:The reason I use dedicated NAT box for each ISP connection is the following.
NAT and PAT process (according to the 'industry standard' or RFC) only allows one traffic (one-one relationship); from single inside to single outside, and from single outside to single inside. In short; once the NAT process decides that single traffic from one host to use the interface Ethernet 1/0 (ISP #1), it cannot just easily change to the interface Ethernet 1/1 (ISP #2); and vice versa. To keep the NAT and PAT works as usual and integrate them with OER, I then use dedicated NAT box for each ISP. As implementation, you can use smaller router or a PIX 501 as the NAT box.Expected BehaviorTo get a better understanding of how OER works, here is the routing table of static routes from the 2620XM router:Routershow ip route staticAs you can verify, the above subnets are the Yahoo! Website IP addresses and others. From the configuration, you can see that static routes to those subnets are not added manually; instead it is OER doing. It is the OER process that decide 'the best route' for specific IP address destination, and put them as static routes.Note that the above routing table comes up when the outbound traffic are light.
When the traffic are heavier, you will see many more static routes the OER process adds.Field noticeNote the prefix-list below if implementing active-probing (mode monitor active) from egress interfaces: ip prefix-list OER seq 10 permit 0.0.0.0/0 The 0.0.0.0/0 prefix will never timeout and will always show in the MTC table, thus any and all prefixes ever learned will always be probed every 'periodic' time, regardless if the more specific learned prefix has timed out. The 0.0.0.0/0 prefix still has to probe something, so it just doesn't choose a random prefix, it probes ALL that it ever knew. You'll see that the active probes magically appear for every single prefix that has EVER been learned will begin probing them all. To get around this, don't specify the 0.0.0.0/0 as a parent route, rather use the default behavior (which is learn all routes). That way that 0.0.0.0/0 prefix is never in the MTC and thus the active probes associated with it are gone for good. Regular prefixes will timeout per the 'expire after time' as well as it's associated probes. This was tested with 12.4(15)T11 on 3700 series routers.
Didn't test using 'monitor mode both' which uses active and passive monitoring.OER Evolution: PfR (Performance Routing)Discussions»by Angralitux edited by aryobalast modified: 2015-08-17 15:10:46. There are a lot of questions in this forum regarding load balance of two ISP in terms of Internet-access related issue. The idea is to take connection to the alternate or second ISP in case the main or the 1st ISP connection is down, bouncing, or slow.It might sound simple to have, but not quite simple to implement. There are several factors to consider as follow:1. NAT (Network Address Translation) between private and public IP address2.
IP Address Reachability3. Telco Local Loop4. Power Outage or Mother NatureNAT between private and public IP addressLet's say you have two independent ISP. You receive different subnet from each ISP. You decide to use the 1st ISP as your main connection to the Internet and the 2nd ISP as backup. You have a private network (using i.e.
10.x.x.x, 172.16.x.x, or 192.168.x.x) that is NAT to both ISP public IP address.Even using OER and in occasion of simple Internet browsing, the connection might not gracefully switch from 1st ISP to the 2nd in case of down link. This situation applies when combining OER with static routes. The reason is that some applications (including simple Internet browsing) are sensitive to switching public IP address, even the 2nd ISP public IP address is NAT into the same physical internal device.IP Address ReachabilityAs mentioned above, some applications (including simple Internet browsing that is using HTTP or HTTPS) are sensitive to public IP address switching from ISP #1 IP address to ISP #2's. This situation is true especially when dealing with TCP connection (i.e. HTTP, HTTPS, FTP, Mail).
On TCP connection, basically you need to have the same IP address all the time.Therefore when the main ISP connection is down, the 2nd ISP must have the knowledge on how to reach the main ISP public IP address to keep the current connection working. This IP reachable situation applies to traffic from the Internet entering the router and from inside LAN leaving the router to the Internet.If you are a SOHO (Small Office or Home Office) user that only have broadband connection (DSL or cable Internet), then most of the time both of your ISP do not trade the knowledge on how to reach each other IP address. This situation then causes the 2nd ISP never has the knowledge on how to reach the main ISP public IP address or vice versa, in case of down link.Telco Local LoopEver notice how the physical cable from your site or place goes to the ISP? If you are a SOHO user that only have broadband connection, then most likely the physical cable from your site are using the same cable bundle to the same CO (Telco Central Office).
If somehow the cable bundle got disconnected (i.e. By falling tree), then connection to both ISP would be disconnected as well.Power Outage or Mother NaturePower Outage or Mother Nature factor is always haunting everybody, even large corporations. Keep in mind if you have power outage in your area, then connection to both ISP might as well disconnected. Mother Nature (i.e. Tornado, lightning, earthquake, fire) could be causing the same effects.SolutionsThere are several network designs to accomplish load balance gracefully between two redundant links.1.
Have a multilink connection to the same ISP over different POP (Point of Presence)2. Have a multilink connection to the same ISP using two different SLA (Service Level Agreement) or different link technology3. Have a 'virtual multilink connection' to the same 3rd ISP over two ISP4. Have multiple links to two different ISPsMultilink over different POP (POP Diversity)This is basically the traditional established choice to provide the load balance. Usually the ISP requires you to have redundant T1/E1 of Frame Relay or point-to-point links (leased line or dedicated line) from your site to their nearest POP, in form of bonded T1/E1 circuits.From physical cable connection redundancy perspective, each link should terminate at different POP. This is to ensure that you still have connection in case one of the POP fails.In addition, you also need to discuss with your ISP as to how these POP terminate to. The ideal is to have each POP terminate to different ISP network or at least different CO.
When both POP terminate to the same CO, then there is a single point of failure on the CO.In bonded T1/E1 circuits, you will not assign two different IP addresses to each link. Instead you bond both links into one larger link, and assign just one IP address to the larger link. Physically your data might travel over the 1st or 2nd link, however logically (in IP perspective) the data travel over the same link.Since there are actually at least two different physical circuits, a situation when one circuit is down; the 2nd circuit will automatically take over all data from the 1st circuit. Further, overload data on one circuit will activate and move into the 2nd circuit.
These mechanisms are taken care of by the layer 1 and layer 2 (transparent from IP perspective). Therefore there is no need of fancy configuration on the router (no need of OER, BGP, nor any other similar stuff) since from IP perspective, the link is still up so then the router will be passing data as usual.Usually your ISP only requires static route over the bonded link. No need to run BGP as mentioned previously (unless you ask the ISP to do so).When one circuit is down and 2nd one is up, you might experience latency; which make sense. However your crucial applications are still able to work, which is the good news. To eliminate the latency, you can just contact your circuit provider (telco or ISP) to take a look at the circuit and repair it until both circuits are up.Multilink using two different SLA or different link technologyWhen somehow you or your company can not yet afford to have bonded T1/E1 (or you simply choose not to), then you might consider having two links with different technology, i.e. Frame Relay and DSL. DSL SLA level is lower than Frame Relay, therefore having these two links is more cost-affordable than the bonded T1/E1.
The usual term is that the Frame Relay would be the main connection to the ISP where the DSL would be as the backup for failover design.To maintain redundant physical cable connection, each link should terminate to different ISP network or different CO; like the previous multilink scenario.Having two independent links to the Internet would require the IP Address Reachability situation as mentioned previously. Therefore this design requirement is usually that you need to have both links to connect to the same telco or the same ISP.When you have Internet connection using any link technology, your ISP would provide you with subnet. For Frame Relay or T1/E1, you might receive two subnets where the 1st is for the WAN side (assigned on the Serial interfaces) and 2nd is for the LAN side (assigned on your Ethernet LAN interface). For DSL, you probably only receive single subnet.
It is technically possible however, that your ISP assigns two subnets also for the DSL link for the load balance or failover design, to match the Frame Relay or T1/E1 setup.With that in mind, then there are two possible design using this kind of connection setup1. The Frame Relay and DSL LAN sides are in the same subnet (in the same IP Block)2. The Frame Relay and DSL LAN sides are in the different subnet (each LAN has its own IP Block or subnet)Both LAN sides are in the same subnetYour telco or ISP needs to setup their end to direct all traffic to the subnet using Frame Relay as primary link and using DSL as secondary or backup link. The router at your location needs to match such setup.Since both links have the same subnet, usually you only need one router at your location where both links terminate to. You can have a choice to have failover router in case the main one is having problem such as lost power or hardware problem.The downside of this design is that the secondary or backup link would never be used until the main link is down.
You will be also required to have periodical connection test on this backup link (i.e. Every four months) to make sure that the backup link is always ready to use whenever the main link is down.Each LAN side has its own subnetWhen it is not quite possible to have the same IP block for both Frame Relay and DSL LAN sides (or you simply choose not to have such condition), then you can have the following design. You can have the telco or ISP propagate the Frame Relay LAN subnet via the Frame Relay link as primary route and via the DSL link as secondary route. Similarly, the telco or ISP also need to propagate the DSL LAN subnet via the DSL link as primary route and via the Frame Relay link as secondary route.This kind of design usually requires you to have two routers facing the telco or the ISP; where one is for the Frame Relay link and the another for the DSL link. To interconnect the two subnets, you would also need another router sitting behind the Frame Relay and DSL routers.
This 3rd router would do the failover routing between the two LAN subnets, to match the telco or ISP routing design.The advantage of this setup is that you can have a choice to use the DSL for less-critical applications (such as browsing to the Internet) where reserve the Frame Relay bandwidth for the most-critical applications.You also have a choice to put failover router for all three router where each has its own; or just having a failover router for the 3rd router that does the failover routing.Side NoteAs mentioned, usually the 2nd design requires at least three routers on your location. It is technically possible however to use just one router for both links and as the failover router.The most important issue is that either design should be on your SLA with the telco or ISP, so then you can have firm faith that the failover mechanism would go smoothly at least on the telco or ISP side.Illustration:You need to load balance your traffic between the Frame Relay and the DSL links. For simplicity, only necessary info is shown.Keep in mind that this illustration serves only to show you ideas of how the network is setup. This might not the actual implementation since conditions can be varied from one ISP to another.