how to do failover and load balancing?

Discussion in 'Cisco' started by jonnah, Apr 29, 2004.

  1. jonnah

    jonnah Guest

    Hi,
    We're using a cisco 2620 series router and will be connected to two
    different ISP's (S0/0 and S1/0. Can we do load balancing between the
    two links and automatic failover when one link goes down? if so, how
    do we go about it?

    Thanks
    jonnah, Apr 29, 2004
    #1
    1. Advertising

  2. In article <>,
    (jonnah) wrote:

    > Hi,
    > We're using a cisco 2620 series router and will be connected to two
    > different ISP's (S0/0 and S1/0. Can we do load balancing between the
    > two links and automatic failover when one link goes down? if so, how
    > do we go about it?


    Load balancing outbound traffic is pretty simple -- just create two
    default routes pointing to each interface:

    ip route 0.0.0.0 0.0.0.0 Serial0/0
    ip route 0.0.0.0 0.0.0.0 Serial1/0

    Load balancing inbound traffic is harder. You'd need to have two
    address ranges, and advertise each of them using BGP, with the
    attributes set so that one ISP is preferred for each range. And then
    you'll have to arrange that your computers are distributed among the
    address ranges so that there's similar amounts of traffic to each range.

    Failover is relatively straightforward. For the outbound traffic, if
    one of the interfaces goes down, the default route that points to it
    will stop being used, and all the traffic will go through the other
    interface. For inbound traffic, when the interface goes down the BGP
    session with that ISP will fail, and it will stop advertising your
    routes.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Apr 29, 2004
    #2
    1. Advertising

  3. Barry Margolin wrote:

    > Load balancing inbound traffic is harder. You'd need to have two
    > address ranges, and advertise each of them using BGP, with the
    > attributes set so that one ISP is preferred for each range. And then
    > you'll have to arrange that your computers are distributed among the
    > address ranges so that there's similar amounts of traffic to each range.


    Why not a single address range advertised to both upstream ISPs? Isn't that
    the standard case of a multihomed network? Or am I missing something?

    - Andrew
    Andrew Gideon, Apr 29, 2004
    #3
  4. In article <>,
    Andrew Gideon <> wrote:

    > Barry Margolin wrote:
    >
    > > Load balancing inbound traffic is harder. You'd need to have two
    > > address ranges, and advertise each of them using BGP, with the
    > > attributes set so that one ISP is preferred for each range. And then
    > > you'll have to arrange that your computers are distributed among the
    > > address ranges so that there's similar amounts of traffic to each range.

    >
    > Why not a single address range advertised to both upstream ISPs? Isn't that
    > the standard case of a multihomed network? Or am I missing something?


    That may or may not get you load balancing. If one of the ISPs has much
    better connectivity than the other, most of the traffic will come that
    way. You may be able to lower it by padding your AS path to that ISP,
    but the effect of this may just be to shift most of the traffic to the
    other ISP.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Apr 29, 2004
    #4
  5. Barry Margolin wrote:

    > That may or may not get you load balancing. If one of the ISPs has much
    > better connectivity than the other, most of the traffic will come that
    > way. You may be able to lower it by padding your AS path to that ISP,
    > but the effect of this may just be to shift most of the traffic to the
    > other ISP.


    Ah, I see what you're saying. Using separate address blocks provides more
    control.

    - Andrew
    Andrew Gideon, Apr 29, 2004
    #5
  6. jonnah

    jonnah Guest

    Barry Margolin <> wrote in message news:<>...
    > In article <>,
    > (jonnah) wrote:
    >
    > > Hi,
    > > We're using a cisco 2620 series router and will be connected to two
    > > different ISP's (S0/0 and S1/0. Can we do load balancing between the
    > > two links and automatic failover when one link goes down? if so, how
    > > do we go about it?

    >
    > Load balancing outbound traffic is pretty simple -- just create two
    > default routes pointing to each interface:
    >
    > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > ip route 0.0.0.0 0.0.0.0 Serial1/0
    >
    > Load balancing inbound traffic is harder. You'd need to have two
    > address ranges, and advertise each of them using BGP, with the
    > attributes set so that one ISP is preferred for each range. And then
    > you'll have to arrange that your computers are distributed among the
    > address ranges so that there's similar amounts of traffic to each range.



    Hi,

    "two address ranges"- does it mean we'd need to become an AS and get 2
    address range from apnic? we're not an ISP nor a very big
    organization, that might be overkill if we need to get address ranges
    from apnic.

    thanks
    jonnah, Apr 30, 2004
    #6
  7. In article <>,
    (jonnah) wrote:

    > Barry Margolin <> wrote in message
    > news:<>...
    > > In article <>,
    > > (jonnah) wrote:
    > >
    > > > Hi,
    > > > We're using a cisco 2620 series router and will be connected to two
    > > > different ISP's (S0/0 and S1/0. Can we do load balancing between the
    > > > two links and automatic failover when one link goes down? if so, how
    > > > do we go about it?

    > >
    > > Load balancing outbound traffic is pretty simple -- just create two
    > > default routes pointing to each interface:
    > >
    > > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > > ip route 0.0.0.0 0.0.0.0 Serial1/0
    > >
    > > Load balancing inbound traffic is harder. You'd need to have two
    > > address ranges, and advertise each of them using BGP, with the
    > > attributes set so that one ISP is preferred for each range. And then
    > > you'll have to arrange that your computers are distributed among the
    > > address ranges so that there's similar amounts of traffic to each range.

    >
    >
    > Hi,
    >
    > "two address ranges"- does it mean we'd need to become an AS and get 2
    > address range from apnic? we're not an ISP nor a very big
    > organization, that might be overkill if we need to get address ranges
    > from apnic.


    No, you can simply divide one address block into two ranges. E.g. if
    you get a /23, you could advertise it as two separate /24 blocks.

    Or you could have each ISP assign you an address block from their own
    range of addresses.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Apr 30, 2004
    #7
  8. jonnah

    ike lozada Guest

    Barry Margolin <> wrote in message news:<>...
    > In article <>,
    > (jonnah) wrote:
    >
    > > Barry Margolin <> wrote in message
    > > news:<>...
    > > > In article <>,
    > > > (jonnah) wrote:
    > > >
    > > > > Hi,
    > > > > We're using a cisco 2620 series router and will be connected to two
    > > > > different ISP's (S0/0 and S1/0. Can we do load balancing between the
    > > > > two links and automatic failover when one link goes down? if so, how
    > > > > do we go about it?
    > > >
    > > > Load balancing outbound traffic is pretty simple -- just create two
    > > > default routes pointing to each interface:
    > > >
    > > > ip route 0.0.0.0 0.0.0.0 Serial0/0
    > > > ip route 0.0.0.0 0.0.0.0 Serial1/0
    > > >
    > > > Load balancing inbound traffic is harder. You'd need to have two
    > > > address ranges, and advertise each of them using BGP, with the
    > > > attributes set so that one ISP is preferred for each range. And then
    > > > you'll have to arrange that your computers are distributed among the
    > > > address ranges so that there's similar amounts of traffic to each range.

    > >
    > >
    > > Hi,
    > >
    > > "two address ranges"- does it mean we'd need to become an AS and get 2
    > > address range from apnic? we're not an ISP nor a very big
    > > organization, that might be overkill if we need to get address ranges
    > > from apnic.

    >
    > No, you can simply divide one address block into two ranges. E.g. if
    > you get a /23, you could advertise it as two separate /24 blocks.
    >
    > Or you could have each ISP assign you an address block from their own
    > range of addresses.


    Hi again,

    ok. our two ISP's have agreed to assign us two /29's from their own
    address block. whats next to do load balance incoming traffic and,
    can we do failover (i.e. when one link goes down, traffic gets
    re-routed to the other link) using two different ISPs? or failover can
    only be done with a single ISP using "multi link"?

    thanks for any info
    ike lozada, May 3, 2004
    #8
  9. In article <>,
    (ike lozada) wrote:

    > ok. our two ISP's have agreed to assign us two /29's from their own
    > address block. whats next to do load balance incoming traffic and,
    > can we do failover (i.e. when one link goes down, traffic gets
    > re-routed to the other link) using two different ISPs? or failover can
    > only be done with a single ISP using "multi link"?


    Uh oh. Trying to advertise blocks so small with BGP is probably not
    going to work well. Many ISPs filter out anything smaller than /24.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 3, 2004
    #9
  10. jonnah

    Ben Guest

    Hmmm...not sure this matters at all. The routes are still part of 2
    different supernets belonging to 2 different ISPs...

    "Barry Margolin" <> wrote in message
    news:...
    > In article <>,
    > (ike lozada) wrote:
    >
    > > ok. our two ISP's have agreed to assign us two /29's from their own
    > > address block. whats next to do load balance incoming traffic and,
    > > can we do failover (i.e. when one link goes down, traffic gets
    > > re-routed to the other link) using two different ISPs? or failover can
    > > only be done with a single ISP using "multi link"?

    >
    > Uh oh. Trying to advertise blocks so small with BGP is probably not
    > going to work well. Many ISPs filter out anything smaller than /24.
    >
    > --
    > Barry Margolin,
    > Arlington, MA
    > *** PLEASE post questions in newsgroups, not directly to me ***
    Ben, May 3, 2004
    #10
  11. In article <409637b7$>,
    "Ben" <> wrote:

    > "Barry Margolin" <> wrote in message
    > news:...
    > > In article <>,
    > > (ike lozada) wrote:
    > >
    > > > ok. our two ISP's have agreed to assign us two /29's from their own
    > > > address block. whats next to do load balance incoming traffic and,
    > > > can we do failover (i.e. when one link goes down, traffic gets
    > > > re-routed to the other link) using two different ISPs? or failover can
    > > > only be done with a single ISP using "multi link"?

    > >
    > > Uh oh. Trying to advertise blocks so small with BGP is probably not
    > > going to work well. Many ISPs filter out anything smaller than /24.


    > Hmmm...not sure this matters at all. The routes are still part of 2
    > different supernets belonging to 2 different ISPs...


    That doesn't really matter.

    Suppose ISP1 assigns 172.16.10.16/29 to you from their 172.16.0.0/16
    block, and ISP2 assigns 172.20.30.48/29 to you from their 172.20.0.0/16
    block. The only advertisements most other ISPs will ever see are the
    two /16 blocks, because they filter out the /29's. As long as both
    connections are up, you'll get the desired load balancing.

    But then your connection with ISP1 goes down. You'll still advertise
    172.16.10.16/29 to ISP2, but that advertisement won't propagate out to
    the rest of the Internet, because most other ISPs filter it. Those ISPs
    will continue to send traffic for this address block to ISP1, because of
    the 172.16.0.0/16 advertisement it's sending out.

    This *might* work OK, though. If ISP1 and ISP2 have a connection to
    each other, and ISP1 doesn't filter out the advertisement from ISP2, the
    traffic will go from other ISPs to ISP1 to ISP2 to you.

    However, there's a worst-case scenario that won't work at all: if ISP1's
    backbone goes down. Then it will stop advertising the 172.16.0.0/16
    block, and other ISPs will have no route at all that matches
    172.16.10.16/29.

    P.S. Please don't top-post.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 3, 2004
    #11
  12. jonnah

    Ivan Ostres Guest

    In article <409637b7$>,
    says...
    > Hmmm...not sure this matters at all. The routes are still part of 2
    > different supernets belonging to 2 different ISPs...
    >
    >


    Yes they are, but one small address space (< /24) will not be visible
    trough both ISPs (it will be visible just trough one that owns that
    address space as aggregate). So, you will lose redundancy, and that was
    one of the "question points".

    --
    Ivan
    Ivan Ostres, May 3, 2004
    #12
  13. jonnah

    jonnah Guest

    Ivan Ostres <> wrote in message news:<c768qc$7f61$-berlin.de>...
    > In article <409637b7$>,
    > says...
    > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > different supernets belonging to 2 different ISPs...
    > >
    > >

    >
    > Yes they are, but one small address space (< /24) will not be visible
    > trough both ISPs (it will be visible just trough one that owns that
    > address space as aggregate). So, you will lose redundancy, and that was
    > one of the "question points".


    So basically, reading this thread, using two different ISPs with /29's
    address blocks will not give us our desired load balancing and
    automatic failover....correct?
    jonnah, May 4, 2004
    #13
  14. In article <>,
    (jonnah) wrote:

    > Ivan Ostres <> wrote in message
    > news:<c768qc$7f61$-berlin.de>...
    > > In article <409637b7$>,
    > > says...
    > > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > > different supernets belonging to 2 different ISPs...
    > > >
    > > >

    > >
    > > Yes they are, but one small address space (< /24) will not be visible
    > > trough both ISPs (it will be visible just trough one that owns that
    > > address space as aggregate). So, you will lose redundancy, and that was
    > > one of the "question points".

    >
    > So basically, reading this thread, using two different ISPs with /29's
    > address blocks will not give us our desired load balancing and
    > automatic failover....correct?


    Not fully reliably. If you need to use BGP, you should get at least a
    /24.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 4, 2004
    #14
  15. jonnah

    jonnah Guest

    Barry Margolin <> wrote in message news:<>...
    > In article <409637b7$>,
    > "Ben" <> wrote:
    >
    > > "Barry Margolin" <> wrote in message
    > > news:...
    > > > In article <>,
    > > > (ike lozada) wrote:
    > > >
    > > > > ok. our two ISP's have agreed to assign us two /29's from their own
    > > > > address block. whats next to do load balance incoming traffic and,
    > > > > can we do failover (i.e. when one link goes down, traffic gets
    > > > > re-routed to the other link) using two different ISPs? or failover can
    > > > > only be done with a single ISP using "multi link"?
    > > >
    > > > Uh oh. Trying to advertise blocks so small with BGP is probably not
    > > > going to work well. Many ISPs filter out anything smaller than /24.

    >
    > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > different supernets belonging to 2 different ISPs...

    >
    > That doesn't really matter.
    >
    > Suppose ISP1 assigns 172.16.10.16/29 to you from their 172.16.0.0/16
    > block, and ISP2 assigns 172.20.30.48/29 to you from their 172.20.0.0/16
    > block. The only advertisements most other ISPs will ever see are the
    > two /16 blocks, because they filter out the /29's. As long as both
    > connections are up, you'll get the desired load balancing.
    >


    Hi, does this mean with mimimal or no configuration, we'll get
    automatic load balancing (incoming and outgoing traffic) from ISP1 and
    ISP2 as long as both connections are up?

    thanks again
    jonnah, May 4, 2004
    #15
  16. In article <>,
    (jonnah) wrote:

    > Barry Margolin <> wrote in message
    > news:<>...
    > > In article <409637b7$>,
    > > "Ben" <> wrote:
    > >
    > > > "Barry Margolin" <> wrote in message
    > > > news:...
    > > > > In article <>,
    > > > > (ike lozada) wrote:
    > > > >
    > > > > > ok. our two ISP's have agreed to assign us two /29's from their own
    > > > > > address block. whats next to do load balance incoming traffic and,
    > > > > > can we do failover (i.e. when one link goes down, traffic gets
    > > > > > re-routed to the other link) using two different ISPs? or failover
    > > > > > can
    > > > > > only be done with a single ISP using "multi link"?
    > > > >
    > > > > Uh oh. Trying to advertise blocks so small with BGP is probably not
    > > > > going to work well. Many ISPs filter out anything smaller than /24.

    > >
    > > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > > different supernets belonging to 2 different ISPs...

    > >
    > > That doesn't really matter.
    > >
    > > Suppose ISP1 assigns 172.16.10.16/29 to you from their 172.16.0.0/16
    > > block, and ISP2 assigns 172.20.30.48/29 to you from their 172.20.0.0/16
    > > block. The only advertisements most other ISPs will ever see are the
    > > two /16 blocks, because they filter out the /29's. As long as both
    > > connections are up, you'll get the desired load balancing.
    > >

    >
    > Hi, does this mean with mimimal or no configuration, we'll get
    > automatic load balancing (incoming and outgoing traffic) from ISP1 and
    > ISP2 as long as both connections are up?


    See my original response for the instructions on how to get load
    balancing of the outgoing traffic. The address assignment only handles
    incoing traffic.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 4, 2004
    #16
  17. jonnah

    jonnah Guest

    Barry Margolin <> wrote in message news:<>...
    > In article <>,
    > (jonnah) wrote:
    >
    > > Ivan Ostres <> wrote in message
    > > news:<c768qc$7f61$-berlin.de>...
    > > > In article <409637b7$>,
    > > > says...
    > > > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > > > different supernets belonging to 2 different ISPs...
    > > > >
    > > > >
    > > >
    > > > Yes they are, but one small address space (< /24) will not be visible
    > > > trough both ISPs (it will be visible just trough one that owns that
    > > > address space as aggregate). So, you will lose redundancy, and that was
    > > > one of the "question points".

    > >
    > > So basically, reading this thread, using two different ISPs with /29's
    > > address blocks will not give us our desired load balancing and
    > > automatic failover....correct?

    >
    > Not fully reliably. If you need to use BGP, you should get at least a
    > /24.



    ah, so it will work even without bgp? we don't need to use BGP, that
    was just one of the suggestions....what we actually need is automatic
    failover from one isp to the other isp if a link goes down and load
    balancing traffic between those two links (assuming both links are
    working fine at that time)
    jonnah, May 4, 2004
    #17
  18. In article <>,
    (jonnah) wrote:

    > Barry Margolin <> wrote in message
    > news:<>...
    > > In article <>,
    > > (jonnah) wrote:
    > >
    > > > Ivan Ostres <> wrote in message
    > > > news:<c768qc$7f61$-berlin.de>...
    > > > > In article <409637b7$>,
    > > > > says...
    > > > > > Hmmm...not sure this matters at all. The routes are still part of 2
    > > > > > different supernets belonging to 2 different ISPs...
    > > > > >
    > > > > >
    > > > >
    > > > > Yes they are, but one small address space (< /24) will not be visible
    > > > > trough both ISPs (it will be visible just trough one that owns that
    > > > > address space as aggregate). So, you will lose redundancy, and that was
    > > > > one of the "question points".
    > > >
    > > > So basically, reading this thread, using two different ISPs with /29's
    > > > address blocks will not give us our desired load balancing and
    > > > automatic failover....correct?

    > >
    > > Not fully reliably. If you need to use BGP, you should get at least a
    > > /24.

    >
    >
    > ah, so it will work even without bgp? we don't need to use BGP, that
    > was just one of the suggestions....what we actually need is automatic
    > failover from one isp to the other isp if a link goes down and load
    > balancing traffic between those two links (assuming both links are
    > working fine at that time)


    You generally need to use BGP to get failover of inbound traffic.

    However, Vincent Jones's book "Reliable IP Networking" has some
    suggestions of ways to get failover using NAT rather than BGP. Take a
    look at it.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, May 4, 2004
    #18
  19. In article <>,
    Barry Margolin <> wrote:
    >In article <>,
    > (jonnah) wrote:
    >
    >> Barry Margolin <> wrote in message
    >> news:<>...
    >> > In article <>,
    >> > (jonnah) wrote:
    >> >
    >> > > Ivan Ostres <> wrote in message
    >> > > news:<c768qc$7f61$-berlin.de>...
    >> > > > In article <409637b7$>,
    >> > > > says...
    >> > > > > Hmmm...not sure this matters at all. The routes are still part of 2
    >> > > > > different supernets belonging to 2 different ISPs...
    >> > > > >
    >> > > > >
    >> > > >
    >> > > > Yes they are, but one small address space (< /24) will not be visible
    >> > > > trough both ISPs (it will be visible just trough one that owns that
    >> > > > address space as aggregate). So, you will lose redundancy, and that was
    >> > > > one of the "question points".
    >> > >
    >> > > So basically, reading this thread, using two different ISPs with /29's
    >> > > address blocks will not give us our desired load balancing and
    >> > > automatic failover....correct?
    >> >
    >> > Not fully reliably. If you need to use BGP, you should get at least a
    >> > /24.

    >>
    >>
    >> ah, so it will work even without bgp? we don't need to use BGP, that
    >> was just one of the suggestions....what we actually need is automatic
    >> failover from one isp to the other isp if a link goes down and load
    >> balancing traffic between those two links (assuming both links are
    >> working fine at that time)

    >
    >You generally need to use BGP to get failover of inbound traffic.
    >
    >However, Vincent Jones's book "Reliable IP Networking" has some
    >suggestions of ways to get failover using NAT rather than BGP. Take a
    >look at it.
    >
    >--
    >Barry Margolin,
    >Arlington, MA
    >*** PLEASE post questions in newsgroups, not directly to me ***


    Minor correction... the name of my book is "High Availability
    Networking with Cisco." There is also a brief white paper on
    multihoming options on my website which summarizes what you can get
    (and not get) with various approaches to multiple ISP links.

    Good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
    Vincent C Jones, May 5, 2004
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    0
    Views:
    2,491
    David
    Nov 12, 2003
  2. Tuffsie
    Replies:
    5
    Views:
    1,996
  3. xavierk
    Replies:
    0
    Views:
    595
    xavierk
    Sep 5, 2006
  4. Ranga
    Replies:
    4
    Views:
    1,919
    Ranga
    Nov 13, 2006
  5. Stuart
    Replies:
    1
    Views:
    888
    Trendkill
    Feb 26, 2007
Loading...

Share This Page