Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT issue with load balancing between two ISPs

Reply
Thread Tools

NAT issue with load balancing between two ISPs

 
 
okrus okrus is offline
Junior Member
Join Date: Jun 2008
Location: Munich
Posts: 1
 
      06-03-2008
Hello everybody!

This is my first question, I am brand new in this so please excuse me if I do not write properly or straight to the point.

I will try my best.

These are the devices related to my question:
- cisco2811 (completely access)
- DSL modem
- cisco2900 series

I have access to all except cisco2900.

I guess the configuration in cisco2950 is ok and so simple, no special routing or security task, just a point to connect with the provider and through internet (At the moment is working properly).

DSL modem is pretty simple, just a connection straight to internet like a SOHO (small office home office), with no command line interface or similar.


[outbound connection]
Proventia firewall ethernet --------- cisco2811------------ethernet cisco2900 (ISP 1)
[local network traffic] |____ethernet DSL modem (ISP 2)
[outbound connection]


I am trying to make a simple load balancing between two ISPs with NAT.

I found three possible solutions (for sure exist more).

The starting state is forwarding all the traffic through ISP1, and everything is ok.
ip route 0.0.0.0 0.0.0.0 interfaz ISP1
and basic nat translation
ip nat inside source static network IP_firewall_to_cisco2811 IP_cisco2811_to_ISP1 /32

A. Use two static routes in cisco2811
ip route 0.0.0.0 0.0.0.0 interfaz ISP1
ip route 0.0.0.0 0.0.0.0 interfaz ISP2

But not working as it supose to be.
When I made a traceroute, the information shows that cisco2811 try to route twice between both ISPs and at the end some pages were not load in the browser.
Maybe I have to add more commands to this solution, appart from the small part of nat inside for these interfaces.

qosrouter#traceroute
Protocol [ip]:
Target IP address: 80.81.96.190
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 80.81.96.190

1 *
IP_ISP1 0 msec *
2 194.25.5.110 124 msec * 116 msec
3 *
217.5.66.34 124 msec *
4 217.5.66.46 128 msec * 128 msec
5 *
212.20.155.38 116 msec *
6 130.117.0.210 128 msec * 124 msec
7 *
130.117.3.77 120 msec *
8 130.117.1.114 128 msec * 132 msec
9 *
130.117.3.101 192 msec *
10 130.117.0.213 144 msec *
130.117.2.209 148 msec
11 *
130.117.2.133 172 msec *
12 * * *
13 *
149.6.82.206 152 msec *
14 213.172.34.122 156 msec *
...etc


B. Use route-map to both ISPs
But not working as it supose to be.
Should I put default routes even with route-map next-hop ip defined?

ip nat inside source route-map isp1 interface vlan 12 overload
ip nat inside source route-map isp2 interface dialer 1 overload

access-list 110 permit ip host IP_firewall_to_cisco2811 any
access-list 120 permit ip host IP_firewall_to_cisco2811 any

route-map isp1 permit 10
match ip address 110
set ip next-hop IP_ISP1

route-map isp2 permit 10
match ip address 120
set ip next-hop IP_ISP2

C. Use OER, whilst I have no simple solution with static routes I will wait till use this solution, in addition, I am not sure about compatibility between route-map configuration.

Below this lines, you can see the configuration in cisco2811 which traffic can get access to internet through ISP1 only:

!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
boot-start-marker
boot system flash c2800nm-advipservicesk9-mz.124-13a.bin
boot-end-marker
!
no aaa new-model
no ip source-route
!
vpdn enable
ip tcp synwait-time 10
!
!
interface FastEthernet0/0
description # traffic to ISP 2 DSL modem#
no ip address
duplex half
speed 10
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
description # dialer connection to fastethernet 0/0 #
ip address negotiated
ip mtu 1452
encapsulation ppp
ip nat outside
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname usuario@domain_text
ppp chap password 7 password_text
ppp pap sent-username usuario@domain_text password 7 password_text
!
interface FastEthernet0/1
description # firewall to cisco2811 traffic #
bandwidth 100000
ip address xx.yy.zz.169 255.255.255.248
ip access-group 100 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex half
speed 10
no mop enabled
!
interface FastEthernet0/0/2
description # swith port for ISP 1 cisco2900 #
switchport access vlan 12
!
interface Vlan12
description # traffic to ISP 1 cisco2900 #
ip address xx.yy.zz.76 255.255.255.248
ip access-group 101 in
ip access-group 102 out
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
fair-queue 64 16 256
no mop enabled
!
ip route 0.0.0.0 0.0.0.0 ip_next_hop_ISP1
!
ip nat inside source static network IP_firewall_to_cisco2811 IP_cisco2811_to_ISP1 /32
!
no cdp run
dialer-list 1 protocol ip permit
ip classless
!


When I try to apply the above commands, I lose communication with ISPs from web browser although traceroute still shows correct path and informations to achieve destination web sites.

qosrouter#traceroute
Protocol [ip]:
Target IP address: 213.4.130.210
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 213.4.130.210

1 ISP1 0 msec 0 msec 0 msec
2 194.25.5.110 276 msec 272 msec 252 msec
3 217.5.66.34 164 msec 224 msec 284 msec
4 *
62.154.16.161 128 msec 128 msec
5 62.156.138.90 160 msec 240 msec 136 msec
6 84.16.13.34 144 msec 144 msec 140 msec
7 213.140.36.73 168 msec 240 msec 164 msec
8 80.58.75.158 164 msec 164 msec 168 msec
9 * * *
10 etc...


qosrouter#traceroute
Protocol [ip]:
Target IP address: 80.81.96.190
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 80.81.96.190

1 ISP2 8 msec 40 msec 20 msec
2 212.18.6.213 12 msec 8 msec 12 msec
3 62.140.24.9 8 msec 8 msec 12 msec
4 * * *
5 4.68.118.80 12 msec
4.68.118.16 16 msec
4.68.118.144 16 msec
6 62.67.33.242 16 msec 20 msec 16 msec
7 212.23.42.173 [MPLS: Label 3083 Exp 0] 40 msec 44 msec 44 msec
8 84.233.207.86 [MPLS: Label 616 Exp 0] 44 msec 40 msec 40 msec
9 84.233.204.209 [MPLS: Label 969 Exp 0] 40 msec 44 msec 44 msec
10 84.233.204.234 [MPLS: Label 258 Exp 0] 44 msec 40 msec 40 msec
11 212.23.42.198 44 msec 44 msec 44 msec
12 84.233.187.18 44 msec 44 msec 40 msec
13 213.172.34.122 40 msec 44 msec 44 msec
14 * * *
15 etc...


Why I can not surf internet using both ISPs at the same time load balancing traffic between both.

Traceroute commands are ok.

Thank all of you in advance

kind regards
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Diff between load balancing & load sharing palas_123 Cisco 1 12-28-2009 11:32 PM
Load Sharing / Balancing two ISPs with NAT in C18XX nmilford Cisco 0 11-21-2007 02:58 AM
Load Balancing between two DSL Modems davinderkumar@gmail.com Computer Support 1 02-07-2006 06:49 AM
Load Balancing with two ISPs marek Cisco 7 04-24-2005 12:10 AM
Load Balancing between two routers Jason Cisco 2 10-22-2004 07:18 PM



Advertisments