«

If I add a second Internet feed and can't run BGP, how do I tell my
network to send traffic out via the new router?

On Oct 31, 8:28 am, Bob Simon <nob...@nowhere.com> wrote:
> If I add a second Internet feed and can't run BGP, how do I tell my
> network to send traffic out via the new router?

BGP is just your EGP. All you need to do to make sure traffic goes
out both links is ensure that whatever routing protocol is running
between your network/core and the internet routers has equal costs or
a preferred metric for whatever internet pipe you wish to use. Also
make sure that the second ISP router does not have a better default
route out the other internet router, and is sending traffic out that
it receives from the core. All of this can be done with show ip route
0.0.0.0 commands.

Balancing internet traffic back in is a completely different story as
I'm sure you are aware......

On Oct 31, 8:17 am, Trendkill <jpma...@gmail.com> wrote:
> On Oct 31, 8:28 am, Bob Simon <nob...@nowhere.com> wrote:
>
> > If I add a second Internet feed and can't run BGP, how do I tell my
> > network to send traffic out via the new router?
>
> BGP is just your EGP. All you need to do to make sure traffic goes
> out both links is ensure that whatever routing protocol is running
> between your network/core and the internet routers has equal costs or
> a preferred metric for whatever internet pipe you wish to use. Also
> make sure that the second ISP router does not have a better default
> route out the other internet router, and is sending traffic out that
> it receives from the core. All of this can be done with show ip route
> 0.0.0.0 commands.
>
> Balancing internet traffic back in is a completely different story as
> I'm sure you are aware......

Currently, the network is simple and there is only one way out so we
are only using static routes. This is a school and Internet access
via the school board is intermittent. We simply want to get cable or
DSL for an alternate path out and back. Does this require a routing
protocol? If so, will RIP do?

On Oct 31, 10:38 am, "bobneworle...@yahoo.com"
<bobneworle...@yahoo.com> wrote:
> On Oct 31, 8:17 am, Trendkill <jpma...@gmail.com> wrote:
>
>
>
> > On Oct 31, 8:28 am, Bob Simon <nob...@nowhere.com> wrote:
>
> > > If I add a second Internet feed and can't run BGP, how do I tell my
> > > network to send traffic out via the new router?
>
> > BGP is just your EGP. All you need to do to make sure traffic goes
> > out both links is ensure that whatever routing protocol is running
> > between your network/core and the internet routers has equal costs or
> > a preferred metric for whatever internet pipe you wish to use. Also
> > make sure that the second ISP router does not have a better default
> > route out the other internet router, and is sending traffic out that
> > it receives from the core. All of this can be done with show ip route
> > 0.0.0.0 commands.
>
> > Balancing internet traffic back in is a completely different story as
> > I'm sure you are aware......
>
> Currently, the network is simple and there is only one way out so we
> are only using static routes. This is a school and Internet access
> via the school board is intermittent. We simply want to get cable or
> DSL for an alternate path out and back. Does this require a routing
> protocol? If so, will RIP do?

Static will load balance, but if one fails, you may be SOL. You could
do statics and point to the interface rather than the next hop (if its
point to point), but I would recommend a routing protocol. Rip should
do multi-path load balancing.

On Oct 31, 8:41 am, Trendkill <jpma...@gmail.com> wrote:
> On Oct 31, 10:38 am, "bobneworle...@yahoo.com"
>
>
>
> <bobneworle...@yahoo.com> wrote:
> > On Oct 31, 8:17 am, Trendkill <jpma...@gmail.com> wrote:
>
> > > On Oct 31, 8:28 am, Bob Simon <nob...@nowhere.com> wrote:
>
> > > > If I add a second Internet feed and can't run BGP, how do I tell my
> > > > network to send traffic out via the new router?
>
> > > BGP is just your EGP. All you need to do to make sure traffic goes
> > > out both links is ensure that whatever routing protocol is running
> > > between your network/core and the internet routers has equal costs or
> > > a preferred metric for whatever internet pipe you wish to use. Also
> > > make sure that the second ISP router does not have a better default
> > > route out the other internet router, and is sending traffic out that
> > > it receives from the core. All of this can be done with show ip route
> > > 0.0.0.0 commands.
>
> > > Balancing internet traffic back in is a completely different story as
> > > I'm sure you are aware......
>
> > Currently, the network is simple and there is only one way out so we
> > are only using static routes. This is a school and Internet access
> > via the school board is intermittent. We simply want to get cable or
> > DSL for an alternate path out and back. Does this require a routing
> > protocol? If so, will RIP do?
>
> Static will load balance, but if one fails, you may be SOL. You could
> do statics and point to the interface rather than the next hop (if its
> point to point), but I would recommend a routing protocol. Rip should
> do multi-path load balancing.

Here's a way to do it based on protocol:


! First setup object tracking to ping your ISP's routers.

ip sla 1
icmp-echo <ISP1 next hop IP>
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo <ISP2 next hop IP>
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now

! Then define your default routes. We're going to use ISP 2 as the
preferred default route, since
! it has a lower metric. If the tracking object goes down, it will
failover to ISP2.

ip route 0.0.0.0 0.0.0.0 <ISP1 next hop IP> 20 track 1
ip route 0.0.0.0 0.0.0.0 <ISP2 next hop IP> track 2

! Now create the ACL that will match traffic you want to route
differently than your default route.

ip access-list extended PBR
permit tcp 10.233.165.0 0.0.0.255 any eq smtp
permit tcp 10.233.165.0 0.0.0.255 any eq www

! Setup the route map to match anything in the ACL to be routed out
ISP1. If the ISP1 upstream router is down, it will failover to ISP2
(our normal default route).

route-map RULES permit 10
description Tracking object routing - PBR ACL for bypass
match ip address PBR
set ip next-hop verify-availability <ISP1 next hop IP> 1 track 1

! Lastly, you need to setup NAT according to the ISP that you're
routing traffic to. Optional: Use a deny statement if you have lan to
lan vpn's.

ip access-list extended nat_rule
deny ip 10.233.160.0 0.0.31.255 10.233.148.0 0.0.0.255
permit ip 10.233.165.0 0.0.0.255 any

! Now create the route map to NAT according to which interface the
traffic is leaving.

route-map NAT_MAP_ISP2 permit 10
description To nat outbound traffic to ISP address block
match ip address nat_rule
match interface fa0/1
!
route-map NAT_MAP_ISP1 permit 10
description To nat outbound traffic to ISP address block
match ip address nat_rule
match interface fa0/2

! Dont' forget to put ip nat outside statements on each of your
Internet facing interfaces and ip nat inside on your LAN interface.

If you are using NAT, then take a look at Cisco doc "IOS NAT Load-
balancing for Two ISP Connections"

http://cco.cisco.com/en/US/tech/tk64...s_configuratio...

On Nov 1, 5:02 am, Merv <merv.hr...@rogers.com> wrote:
> If you are using NAT, then take a look at Cisco doc "IOS NAT Load-
> balancing for Two ISP Connections"



http://www.cisco.com/en/US/tech/tk64...808d2b72.shtml