«

Hi Techies....

I'm stuck in a problem....as i'm not very well with cisco routers...

I have a cisco router 1800 series with a 4 port fast ethernet card.
now i have attached both the internet isp's (A and B) over ethernet to
this router, now what i need is that all my traffic for internet from
lan A (192.168.1.0/24) should be routed to isp A and all from lan B
(10.220.16.0/24)should be routed to isp B.

Please ckick the link for the diagram. http://img248.imageshack.us/my.php?i...rawing1jq5.jpg

Thanks..............

On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
> Hi Techies....
>
> I'm stuck in a problem....as i'm not very well with cisco routers...
>
> I have a cisco router 1800 series with a 4 port fast ethernet card.
> now i have attached both the internet isp's (A and B) over ethernet to
> this router, now what i need is that all my traffic for internet from
> lan A (192.168.1.0/24) should be routed to isp A and all from lan B
> (10.220.16.0/24)should be routed to isp B.
>
> Please ckick the link for the diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>
> Thanks..............

Policy-based routing is your only option. Else all traffic will take
one path, the other, or both (depending on your configuration), but
will not be split based on source network. Search policy-based
routing or PBR on cisco, lots of good documentation.

On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>
> > Hi Techies....
>
> > I'm stuck in a problem....as i'm not very well with cisco routers...
>
> > I have a cisco router 1800 series with a 4 port fast ethernet card.
> > now i have attached both the internet isp's (A and B) over ethernet to
> > this router, now what i need is that all my traffic for internet from
> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
> > (10.220.16.0/24)should be routed to isp B.
>
> > Please ckick the link for the diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>
> > Thanks..............
>
> Policy-based routing is your only option. Else all traffic will take
> one path, the other, or both (depending on your configuration), but
> will not be split based on source network. Search policy-based
> routing or PBR on cisco, lots of good documentation.

This only solves one part of the routing equation in that traffic out
to the Internet will indeed leave the connection specified, however it
does not influence the way the traffic will return to your network
which is normally more important (load balancing inbound flows which
are much larger normally than the outbound flows). That cannot be
solved by the end customer without using some very creative routing
and even then you are at the mercy of your provider to make it work.
Normally you would use BGP for that and you would split your IP
address pools in half or more and advertise one half to one provider,
and the other half to the other. At the same time you would advertise
a summary of the entire pool to both providers for failover purposes.
This is a very complex problem in large networks which have large
amounts of IP space that they can use to load balance. Even then, you
have to look at what servers reside in that IP segment (or pool) and
determine if you are truly load balancing (ie if your largest servers
all sit in the same /24 and you are advertising /24 networks to your
upstream provider then most of your traffic will still only use one
link). If both links are to the same ISP router then you can use BGP
MED (communities) to influence it but again provider dependent.

<> wrote in message
news: ups.com...
> On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
>> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>>
>> > Hi Techies....
>>
>> > I'm stuck in a problem....as i'm not very well with cisco routers...
>>
>> > I have a cisco router 1800 series with a 4 port fast ethernet card.
>> > now i have attached both the internet isp's (A and B) over ethernet to
>> > this router, now what i need is that all my traffic for internet from
>> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
>> > (10.220.16.0/24)should be routed to isp B.
>>
>> > Please ckick the link for the
>> > diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>>
>> > Thanks..............
>>
>> Policy-based routing is your only option. Else all traffic will take
>> one path, the other, or both (depending on your configuration), but
>> will not be split based on source network. Search policy-based
>> routing or PBR on cisco, lots of good documentation.
>
> This only solves one part of the routing equation in that traffic out
> to the Internet will indeed leave the connection specified, however it
> does not influence the way the traffic will return to your network
> which is normally more important (load balancing inbound flows which
> are much larger normally than the outbound flows). That cannot be
> solved by the end customer without using some very creative routing
> and even then you are at the mercy of your provider to make it work.
> Normally you would use BGP for that and you would split your IP
> address pools in half or more and advertise one half to one provider,
> and the other half to the other. At the same time you would advertise
> a summary of the entire pool to both providers for failover purposes.
> This is a very complex problem in large networks which have large
> amounts of IP space that they can use to load balance. Even then, you
> have to look at what servers reside in that IP segment (or pool) and
> determine if you are truly load balancing (ie if your largest servers
> all sit in the same /24 and you are advertising /24 networks to your
> upstream provider then most of your traffic will still only use one
> link). If both links are to the same ISP router then you can use BGP
> MED (communities) to influence it but again provider dependent.
>
>

Where did the OP mention redundancy or the need to load balance anything?
They specifically stated that they want this subnet on ISP1 and this subnet
on ISP2. You're refering to corporations/businesses who "own" their own
block of IP's who want to multi-home to different ISP's. The OP mentioned an
1800 series, so thats most likely not the case here. In the OP's case there
is absolutely no need for BGP or any other routing protocol as the IP's will
be nat'd going out their designated interfaces and the return traffic would
follow that same path thru the appropriate ISP. As the first responder
stated already, policy based routing is the only available option without
adding more hardware such as a Radware type solution for what the OP
requested.

On Jul 1, 9:21 pm, "Brian V" <diespam...@nospam.com> wrote:
> <carlfug...@gmail.com> wrote in message
>
> news: ups.com...
>
>
>
> > On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
> >> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>
> >> > Hi Techies....
>
> >> > I'm stuck in a problem....as i'm not very well with cisco routers...
>
> >> > I have a cisco router 1800 series with a 4 port fast ethernet card.
> >> > now i have attached both the internet isp's (A and B) over ethernet to
> >> > this router, now what i need is that all my traffic for internet from
> >> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
> >> > (10.220.16.0/24)should be routed to isp B.
>
> >> > Please ckick the link for the
> >> > diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>
> >> > Thanks..............
>
> >> Policy-based routing is your only option. Else all traffic will take
> >> one path, the other, or both (depending on your configuration), but
> >> will not be split based on source network. Search policy-based
> >> routing or PBR on cisco, lots of good documentation.
>
> > This only solves one part of the routing equation in that traffic out
> > to the Internet will indeed leave the connection specified, however it
> > does not influence the way the traffic will return to your network
> > which is normally more important (load balancing inbound flows which
> > are much larger normally than the outbound flows). That cannot be
> > solved by the end customer without using some very creative routing
> > and even then you are at the mercy of your provider to make it work.
> > Normally you would use BGP for that and you would split your IP
> > address pools in half or more and advertise one half to one provider,
> > and the other half to the other. At the same time you would advertise
> > a summary of the entire pool to both providers for failover purposes.
> > This is a very complex problem in large networks which have large
> > amounts of IP space that they can use to load balance. Even then, you
> > have to look at what servers reside in that IP segment (or pool) and
> > determine if you are truly load balancing (ie if your largest servers
> > all sit in the same /24 and you are advertising /24 networks to your
> > upstream provider then most of your traffic will still only use one
> > link). If both links are to the same ISP router then you can use BGP
> > MED (communities) to influence it but again provider dependent.
>
> Where did the OP mention redundancy or the need to load balance anything?
> They specifically stated that they want this subnet on ISP1 and this subnet
> on ISP2. You're refering to corporations/businesses who "own" their own
> block of IP's who want to multi-home to different ISP's. The OP mentioned an
> 1800 series, so thats most likely not the case here. In the OP's case there
> is absolutely no need for BGP or any other routing protocol as the IP's will
> be nat'd going out their designated interfaces and the return traffic would
> follow that same path thru the appropriate ISP. As the first responder
> stated already, policy based routing is the only available option without
> adding more hardware such as a Radware type solution for what the OP
> requested.

Hmm...I guess if I was paying for two links to the Internet even just
for Web browsing, it would be pretty silly not to very easily put in
the ability to use both links. My argument still stands though, it
doesn't matter if you PBR the traffic out one link or the other, your
at the mercy of the Internet routing tables to determine how its going
to come back to you so you may send it out on link 1, but everything
may come back in link 2.

<> wrote in message
news: ups.com...
> On Jul 1, 9:21 pm, "Brian V" <diespam...@nospam.com> wrote:
>> <carlfug...@gmail.com> wrote in message
>>
>> news: ups.com...
>>
>>
>>
>> > On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
>> >> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>>
>> >> > Hi Techies....
>>
>> >> > I'm stuck in a problem....as i'm not very well with cisco routers...
>>
>> >> > I have a cisco router 1800 series with a 4 port fast ethernet card.
>> >> > now i have attached both the internet isp's (A and B) over ethernet
>> >> > to
>> >> > this router, now what i need is that all my traffic for internet
>> >> > from
>> >> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
>> >> > (10.220.16.0/24)should be routed to isp B.
>>
>> >> > Please ckick the link for the
>> >> > diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>>
>> >> > Thanks..............
>>
>> >> Policy-based routing is your only option. Else all traffic will take
>> >> one path, the other, or both (depending on your configuration), but
>> >> will not be split based on source network. Search policy-based
>> >> routing or PBR on cisco, lots of good documentation.
>>
>> > This only solves one part of the routing equation in that traffic out
>> > to the Internet will indeed leave the connection specified, however it
>> > does not influence the way the traffic will return to your network
>> > which is normally more important (load balancing inbound flows which
>> > are much larger normally than the outbound flows). That cannot be
>> > solved by the end customer without using some very creative routing
>> > and even then you are at the mercy of your provider to make it work.
>> > Normally you would use BGP for that and you would split your IP
>> > address pools in half or more and advertise one half to one provider,
>> > and the other half to the other. At the same time you would advertise
>> > a summary of the entire pool to both providers for failover purposes.
>> > This is a very complex problem in large networks which have large
>> > amounts of IP space that they can use to load balance. Even then, you
>> > have to look at what servers reside in that IP segment (or pool) and
>> > determine if you are truly load balancing (ie if your largest servers
>> > all sit in the same /24 and you are advertising /24 networks to your
>> > upstream provider then most of your traffic will still only use one
>> > link). If both links are to the same ISP router then you can use BGP
>> > MED (communities) to influence it but again provider dependent.
>>
>> Where did the OP mention redundancy or the need to load balance anything?
>> They specifically stated that they want this subnet on ISP1 and this
>> subnet
>> on ISP2. You're refering to corporations/businesses who "own" their own
>> block of IP's who want to multi-home to different ISP's. The OP mentioned
>> an
>> 1800 series, so thats most likely not the case here. In the OP's case
>> there
>> is absolutely no need for BGP or any other routing protocol as the IP's
>> will
>> be nat'd going out their designated interfaces and the return traffic
>> would
>> follow that same path thru the appropriate ISP. As the first responder
>> stated already, policy based routing is the only available option without
>> adding more hardware such as a Radware type solution for what the OP
>> requested.
>
> Hmm...I guess if I was paying for two links to the Internet even just
> for Web browsing, it would be pretty silly not to very easily put in
> the ability to use both links. My argument still stands though, it
> doesn't matter if you PBR the traffic out one link or the other, your
> at the mercy of the Internet routing tables to determine how its going
> to come back to you so you may send it out on link 1, but everything
> may come back in link 2.
>

When you are using PBR it specifically tells this internal subnet to go
out this pipe and the other internal subnet to go out the other pipe. Each
one of those pipes has a unique public subnet associated to it. Your traffic
will ALWAYS come back in the correct pipe. You are again thinking enterprise
class routing that owns it own class C (or greater) that is running BGP with
multiple providors. These days business has shifted to smaller address
blocks, takes an arm and a leg to get larger IP blocks and most providors
won't route/advertise anything smaller than a /23.

Brian V wrote:

>
> <> wrote in message
> news: ups.com...
>
>> On Jul 1, 9:21 pm, "Brian V" <diespam...@nospam.com> wrote:
>>
>>> <carlfug...@gmail.com> wrote in message
>>>
>>> news: ups.com...
>>>
>>>
>>>
>>> > On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
>>> >> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>>>
>>> >> > Hi Techies....
>>>
>>> >> > I'm stuck in a problem....as i'm not very well with cisco
>>> routers...
>>>
>>> >> > I have a cisco router 1800 series with a 4 port fast ethernet card.
>>> >> > now i have attached both the internet isp's (A and B) over
>>> ethernet >> > to
>>> >> > this router, now what i need is that all my traffic for internet
>>> >> > from
>>> >> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
>>> >> > (10.220.16.0/24)should be routed to isp B.
>>>
>>> >> > Please ckick the link for the
>>> >> > diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>>>
>>> >> > Thanks..............
>>>
>>> >> Policy-based routing is your only option. Else all traffic will take
>>> >> one path, the other, or both (depending on your configuration), but
>>> >> will not be split based on source network. Search policy-based
>>> >> routing or PBR on cisco, lots of good documentation.
>>>
>>> > This only solves one part of the routing equation in that traffic out
>>> > to the Internet will indeed leave the connection specified, however it
>>> > does not influence the way the traffic will return to your network
>>> > which is normally more important (load balancing inbound flows which
>>> > are much larger normally than the outbound flows). That cannot be
>>> > solved by the end customer without using some very creative routing
>>> > and even then you are at the mercy of your provider to make it work.
>>> > Normally you would use BGP for that and you would split your IP
>>> > address pools in half or more and advertise one half to one provider,
>>> > and the other half to the other. At the same time you would advertise
>>> > a summary of the entire pool to both providers for failover purposes.
>>> > This is a very complex problem in large networks which have large
>>> > amounts of IP space that they can use to load balance. Even then, you
>>> > have to look at what servers reside in that IP segment (or pool) and
>>> > determine if you are truly load balancing (ie if your largest servers
>>> > all sit in the same /24 and you are advertising /24 networks to your
>>> > upstream provider then most of your traffic will still only use one
>>> > link). If both links are to the same ISP router then you can use BGP
>>> > MED (communities) to influence it but again provider dependent.
>>>
>>> Where did the OP mention redundancy or the need to load balance
>>> anything?
>>> They specifically stated that they want this subnet on ISP1 and this
>>> subnet
>>> on ISP2. You're refering to corporations/businesses who "own" their own
>>> block of IP's who want to multi-home to different ISP's. The OP
>>> mentioned an
>>> 1800 series, so thats most likely not the case here. In the OP's case
>>> there
>>> is absolutely no need for BGP or any other routing protocol as the
>>> IP's will
>>> be nat'd going out their designated interfaces and the return traffic
>>> would
>>> follow that same path thru the appropriate ISP. As the first responder
>>> stated already, policy based routing is the only available option
>>> without
>>> adding more hardware such as a Radware type solution for what the OP
>>> requested.
>>
>>
>> Hmm...I guess if I was paying for two links to the Internet even just
>> for Web browsing, it would be pretty silly not to very easily put in
>> the ability to use both links. My argument still stands though, it
>> doesn't matter if you PBR the traffic out one link or the other, your
>> at the mercy of the Internet routing tables to determine how its going
>> to come back to you so you may send it out on link 1, but everything
>> may come back in link 2.
>>
>
> When you are using PBR it specifically tells this internal subnet to
> go out this pipe and the other internal subnet to go out the other pipe.
> Each one of those pipes has a unique public subnet associated to it.
> Your traffic will ALWAYS come back in the correct pipe. You are again
> thinking enterprise class routing that owns it own class C (or greater)
> that is running BGP with multiple providors. These days business has
> shifted to smaller address blocks, takes an arm and a leg to get larger
> IP blocks and most providors won't route/advertise anything smaller than
> a /23.

Brian is correct. The traffic will return based on the IP address that
it left with. If you try and spoof the IP address to use the other
connection chances are that it won't work at all as almost all internet
routers won't allow source addressing.

But why use PBR. I think that is too complicated for something so simple.
It is the NAT config that is most important here, and I would also
suggest that there is no point in using 2 ethernet ports on the router.
Why not just put the 2 internet feeds into a hub/switch and connect the
router by 1 ethernet port and use IP routing and NAT to determine the
best route to use.
If you NAT the traffic onto the relevant network and have 2 default
routes only 1 default route will be legal for the NATed traffic so will
be the one used.

try this >>>>>>>

ip nat pool ISPa <IP details for ISPa provided range>
ip nat pool ISPb <IP details for ISPb>
ip nat inside source list 1 pool ISPa overload
ip nat inside source list 2 pool ISPb overload
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.220.16.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 <ISPa router address>
ip route 0.0.0.0 0.0.0.0 <ISPb router address>

"@NOSPAMhod!SPAM.co(dot)uk" <""tim\"@NOSPAMhod!SPAM.co(dot)uk"> wrote in
message news:f6ia99$1lbv$...
> Brian V wrote:
>
>>
>> <> wrote in message
>> news: ups.com...
>>
>>> On Jul 1, 9:21 pm, "Brian V" <diespam...@nospam.com> wrote:
>>>
>>>> <carlfug...@gmail.com> wrote in message
>>>>
>>>> news: ups.com...
>>>>
>>>>
>>>>
>>>> > On Jun 30, 1:58 pm, Trendkill <jpma...@gmail.com> wrote:
>>>> >> On Jun 30, 2:48 pm, TheGoD <tgupt...@gmail.com> wrote:
>>>>
>>>> >> > Hi Techies....
>>>>
>>>> >> > I'm stuck in a problem....as i'm not very well with cisco
>>>> routers...
>>>>
>>>> >> > I have a cisco router 1800 series with a 4 port fast ethernet
>>>> >> > card.
>>>> >> > now i have attached both the internet isp's (A and B) over
>>>> ethernet >> > to
>>>> >> > this router, now what i need is that all my traffic for internet
>>>> >> > from
>>>> >> > lan A (192.168.1.0/24) should be routed to isp A and all from lan
>>>> >> > B
>>>> >> > (10.220.16.0/24)should be routed to isp B.
>>>>
>>>> >> > Please ckick the link for the
>>>> >> > diagram.http://img248.imageshack.us/my.php?i...rawing1jq5.jpg
>>>>
>>>> >> > Thanks..............
>>>>
>>>> >> Policy-based routing is your only option. Else all traffic will
>>>> >> take
>>>> >> one path, the other, or both (depending on your configuration), but
>>>> >> will not be split based on source network. Search policy-based
>>>> >> routing or PBR on cisco, lots of good documentation.
>>>>
>>>> > This only solves one part of the routing equation in that traffic out
>>>> > to the Internet will indeed leave the connection specified, however
>>>> > it
>>>> > does not influence the way the traffic will return to your network
>>>> > which is normally more important (load balancing inbound flows which
>>>> > are much larger normally than the outbound flows). That cannot be
>>>> > solved by the end customer without using some very creative routing
>>>> > and even then you are at the mercy of your provider to make it work.
>>>> > Normally you would use BGP for that and you would split your IP
>>>> > address pools in half or more and advertise one half to one provider,
>>>> > and the other half to the other. At the same time you would
>>>> > advertise
>>>> > a summary of the entire pool to both providers for failover purposes.
>>>> > This is a very complex problem in large networks which have large
>>>> > amounts of IP space that they can use to load balance. Even then,
>>>> > you
>>>> > have to look at what servers reside in that IP segment (or pool) and
>>>> > determine if you are truly load balancing (ie if your largest servers
>>>> > all sit in the same /24 and you are advertising /24 networks to your
>>>> > upstream provider then most of your traffic will still only use one
>>>> > link). If both links are to the same ISP router then you can use BGP
>>>> > MED (communities) to influence it but again provider dependent.
>>>>
>>>> Where did the OP mention redundancy or the need to load balance
>>>> anything?
>>>> They specifically stated that they want this subnet on ISP1 and this
>>>> subnet
>>>> on ISP2. You're refering to corporations/businesses who "own" their own
>>>> block of IP's who want to multi-home to different ISP's. The OP
>>>> mentioned an
>>>> 1800 series, so thats most likely not the case here. In the OP's case
>>>> there
>>>> is absolutely no need for BGP or any other routing protocol as the IP's
>>>> will
>>>> be nat'd going out their designated interfaces and the return traffic
>>>> would
>>>> follow that same path thru the appropriate ISP. As the first responder
>>>> stated already, policy based routing is the only available option
>>>> without
>>>> adding more hardware such as a Radware type solution for what the OP
>>>> requested.
>>>
>>>
>>> Hmm...I guess if I was paying for two links to the Internet even just
>>> for Web browsing, it would be pretty silly not to very easily put in
>>> the ability to use both links. My argument still stands though, it
>>> doesn't matter if you PBR the traffic out one link or the other, your
>>> at the mercy of the Internet routing tables to determine how its going
>>> to come back to you so you may send it out on link 1, but everything
>>> may come back in link 2.
>>>
>>
>> When you are using PBR it specifically tells this internal subnet to
>> go out this pipe and the other internal subnet to go out the other pipe.
>> Each one of those pipes has a unique public subnet associated to it. Your
>> traffic will ALWAYS come back in the correct pipe. You are again thinking
>> enterprise class routing that owns it own class C (or greater) that is
>> running BGP with multiple providors. These days business has shifted to
>> smaller address blocks, takes an arm and a leg to get larger IP blocks
>> and most providors won't route/advertise anything smaller than a /23.
>
> Brian is correct. The traffic will return based on the IP address that it
> left with. If you try and spoof the IP address to use the other connection
> chances are that it won't work at all as almost all internet routers won't
> allow source addressing.
>
> But why use PBR. I think that is too complicated for something so simple.
> It is the NAT config that is most important here, and I would also suggest
> that there is no point in using 2 ethernet ports on the router. Why not
> just put the 2 internet feeds into a hub/switch and connect the router by
> 1 ethernet port and use IP routing and NAT to determine the best route to
> use.
> If you NAT the traffic onto the relevant network and have 2 default routes
> only 1 default route will be legal for the NATed traffic so will be the
> one used.
>
> try this >>>>>>>
>
> ip nat pool ISPa <IP details for ISPa provided range>
> ip nat pool ISPb <IP details for ISPb>
> ip nat inside source list 1 pool ISPa overload
> ip nat inside source list 2 pool ISPb overload
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 2 permit 10.220.16.0 0.0.0.255
> ip route 0.0.0.0 0.0.0.0 <ISPa router address>
> ip route 0.0.0.0 0.0.0.0 <ISPb router address>
>

It's not as simple as it appears. If you were to do it that way every other
packet would try to go to the internet "un-nat'd" and be dropped. Think
about it, using your IP's with equal cost routing....a packet from the
192.168.1.x subnet comes along, the router has 2 equal cost routes, first
packet goes out ISPa and gets NAT'd since it matches the rule, no problem,
the next packet comes along and goes out ISPb but since there is no NAT's
rule that matches that packet it goes to ISPb un-nat'd and is dropped. Same
thing would happen for the 10.220.16.x subnet. The only possible way to do
this type setup is with PBR or using some other type of device such as a
Radware that can manipulate destination based on source address.