NAT Overload and load sharing

Discussion in 'Cisco' started by Houston SBC, Mar 25, 2007.

  1. Houston SBC

    Houston SBC Guest

    I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast ethernet,
    and 2 Int T1 CSU/DSU cards.

    Verizon has just enabled the second T-1 line for constant operation--it was
    previosly just a backup line.

    Each T-1 is using frame relay on a serial sub-interface and has ip addresses
    assigned-- using a /30 subnet.
    The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are
    designated as ip nat outside.

    I was using" ip nat inside source list 10 interface s0/0.1 overload" to
    allow internal users access to the Internet.

    I can now use the
    ip nat pool test netmask 255.255.255.252
    address 100.100.100.1 100.100.100.1----ip address s0/0.1
    address 100.100.100.5 100.100.100.5 ip address s0/1.1

    and

    ip nat inside source list 10 pool test overload..

    This works but I only get T-1 speed inbound--one or the other serial
    interfaces-no load sharing. Outbound traffic is equally distributed (I have
    load-sharing per-packet on each serial sub-interface).

    Do I have to get Verizon to bond the T-1 lines or can I use NAT on a stick
    with some route map magic?

    Has anyone setup overload nat to load balance incoming traffic? Not incoming
    traffic to a server.

    It looks as though an internal user will get a global address from the pool,
    which seems to be the same ip address of the same serial interface and
    subsequently only goes out a single t-1 circuit.

    TIA

    Digital Doug
     
    Houston SBC, Mar 25, 2007
    #1
    1. Advertising

  2. On Sun, 25 Mar 2007 14:03:04 -0500, Houston SBC wrote:

    > Do I have to get Verizon to bond the T-1 lines or can I use NAT on a stick
    > with some route map magic?


    You only get to control your outbound traffic. Whatever Verizon has to
    send to you, they get to choose how it's sent.

    >
    > Has anyone setup overload nat to load balance incoming traffic? Not
    > incoming traffic to a server.


    Not me. Perhaps PPP multilink might help. Makes your 2XT1s look like
    one interface instead of two.

    >
    > It looks as though an internal user will get a global address from the
    > pool, which seems to be the same ip address of the same serial interface
    > and subsequently only goes out a single t-1 circuit.
    >


    Yes, for any individual outbound connection. Multiple connections
    would/might be split between the two addresses so the aggregate b/w might
    be > 1 x T1.

    --
    Rgds,
    Martin
     
    Martin Gallagher, Mar 26, 2007
    #2
    1. Advertising

  3. You have a couple ways to do this. However you should coordinate this with
    your local Verizon loop crews.

    1. You can try to convince them to implement Multilink Frame Relay (you
    mentioned that you have Frame Relay on the Interface). However if Verizon
    does not support this, there is nothing you can do.

    2. You can configure a "NAT-on-a-Stick" on your router. Basically it will be
    doing NAT before it hits Serial Interface, and then process translated
    packet as a normal routed packet. After you configure NAT-on-a-Stick, you
    enable IP Load-Sharing (through either CEF or packet processing) to take
    place on your Serial interfaces.

    3. You should also talk to Verizon, how do they do load-balancing on your
    links. You may need to do something more complicated, like BGP.

    Good luck,

    Mike
    ------
    Headset Adapters for Cisco IP Phones
    www.ciscoheadsetadapter.com



    "Houston SBC" <> wrote in message
    news:JHzNh.150$...
    >I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast ethernet,
    >and 2 Int T1 CSU/DSU cards.
    >
    > Verizon has just enabled the second T-1 line for constant operation--it
    > was previosly just a backup line.
    >
    > Each T-1 is using frame relay on a serial sub-interface and has ip
    > addresses assigned-- using a /30 subnet.
    > The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are
    > designated as ip nat outside.
    >
    > I was using" ip nat inside source list 10 interface s0/0.1 overload" to
    > allow internal users access to the Internet.
    >
    > I can now use the
    > ip nat pool test netmask 255.255.255.252
    > address 100.100.100.1 100.100.100.1----ip address s0/0.1
    > address 100.100.100.5 100.100.100.5 ip address s0/1.1
    >
    > and
    >
    > ip nat inside source list 10 pool test overload..
    >
    > This works but I only get T-1 speed inbound--one or the other serial
    > interfaces-no load sharing. Outbound traffic is equally distributed (I
    > have load-sharing per-packet on each serial sub-interface).
    >
    > Do I have to get Verizon to bond the T-1 lines or can I use NAT on a stick
    > with some route map magic?
    >
    > Has anyone setup overload nat to load balance incoming traffic? Not
    > incoming traffic to a server.
    >
    > It looks as though an internal user will get a global address from the
    > pool, which seems to be the same ip address of the same serial interface
    > and subsequently only goes out a single t-1 circuit.
    >
    > TIA
    >
    > Digital Doug
    >
    >
    >
    >
    >
     
    headsetadapter.com, Mar 26, 2007
    #3
  4. And here is a link for NAT-on-a Stick configuration:

    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

    Good luck,

    Mike
    ------
    Headset Adapters for Cisco IP Phones
    www.ciscoheadsetadapter.com


    "headsetadapter.com" <> wrote in message
    news:...
    > You have a couple ways to do this. However you should coordinate this with
    > your local Verizon loop crews.
    >
    > 1. You can try to convince them to implement Multilink Frame Relay (you
    > mentioned that you have Frame Relay on the Interface). However if Verizon
    > does not support this, there is nothing you can do.
    >
    > 2. You can configure a "NAT-on-a-Stick" on your router. Basically it will
    > be doing NAT before it hits Serial Interface, and then process translated
    > packet as a normal routed packet. After you configure NAT-on-a-Stick, you
    > enable IP Load-Sharing (through either CEF or packet processing) to take
    > place on your Serial interfaces.
    >
    > 3. You should also talk to Verizon, how do they do load-balancing on your
    > links. You may need to do something more complicated, like BGP.
    >
    > Good luck,
    >
    > Mike
    > ------
    > Headset Adapters for Cisco IP Phones
    > www.ciscoheadsetadapter.com
    >
    >
    >
    > "Houston SBC" <> wrote in message
    > news:JHzNh.150$...
    >>I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast
    >>ethernet, and 2 Int T1 CSU/DSU cards.
    >>
    >> Verizon has just enabled the second T-1 line for constant operation--it
    >> was previosly just a backup line.
    >>
    >> Each T-1 is using frame relay on a serial sub-interface and has ip
    >> addresses assigned-- using a /30 subnet.
    >> The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are
    >> designated as ip nat outside.
    >>
    >> I was using" ip nat inside source list 10 interface s0/0.1 overload" to
    >> allow internal users access to the Internet.
    >>
    >> I can now use the
    >> ip nat pool test netmask 255.255.255.252
    >> address 100.100.100.1 100.100.100.1----ip address s0/0.1
    >> address 100.100.100.5 100.100.100.5 ip address s0/1.1
    >>
    >> and
    >>
    >> ip nat inside source list 10 pool test overload..
    >>
    >> This works but I only get T-1 speed inbound--one or the other serial
    >> interfaces-no load sharing. Outbound traffic is equally distributed (I
    >> have load-sharing per-packet on each serial sub-interface).
    >>
    >> Do I have to get Verizon to bond the T-1 lines or can I use NAT on a
    >> stick with some route map magic?
    >>
    >> Has anyone setup overload nat to load balance incoming traffic? Not
    >> incoming traffic to a server.
    >>
    >> It looks as though an internal user will get a global address from the
    >> pool, which seems to be the same ip address of the same serial interface
    >> and subsequently only goes out a single t-1 circuit.
    >>
    >> TIA
    >>
    >> Digital Doug
    >>
    >>
    >>
    >>
    >>

    >
    >
     
    headsetadapter.com, Mar 26, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ronald de Leeuw
    Replies:
    2
    Views:
    14,446
  2. Replies:
    1
    Views:
    827
  3. skweetis
    Replies:
    0
    Views:
    1,242
    skweetis
    Dec 11, 2006
  4. Houston SBC
    Replies:
    0
    Views:
    664
    Houston SBC
    Jan 25, 2007
  5. jayteezer
    Replies:
    1
    Views:
    1,450
    bod43
    May 23, 2010
Loading...

Share This Page