Re: How to do load-balancing with multiple uplinks

Discussion in 'Cisco' started by Stephen, Aug 29, 2011.

  1. Stephen

    Stephen Guest

    On Sun, 28 Aug 2011 15:04:01 +0200, "Elia S."
    <> wrote:

    >Hello
    >I am in this situation:
    >
    >I have two DSL Routers, doing NAT on the following IP:
    >
    >R1:
    >WAN: pppoe dialup adsl
    >LAN: 192.168.27.1/24
    >
    >R2:
    >WAN: pppoe dialup adsl with ISP #2
    >LAN: 192.168.27.2/24
    >
    >I have one Cisco router 2621 that does NAT and "manages" a pool of wi-fi
    >users.
    >
    >I have this routers configured as the following:
    >FAST0/0 192.168.27.100/24 ("WAN" SIDE)
    >FAST0/1 10.0.0.1/24 (LAN SIDE)
    >I do NAT between fast0/0 and fast0/1, I do DHCP, and an ACL.
    >
    >My question is:
    >
    >is there a way to let my c2621 to connect to the internet, sharing load
    >between R1 and R2?
    >
    >I dont want per-packet load sharing because it can broke HTTPS connections,
    >or SIP calls.
    >
    >Anyone has suggestions?
    >thank you


    you can try allocating different users / IP addresses to the 2 routers
    http://www.cisco.com/en/US/prod/col...ecd801790a3_ps6600_Products_Presentation.html

    anything that help an individual PC is going to need session load
    balancing....
    --
    Regards

    - replace xyz with ntl
     
    Stephen, Aug 29, 2011
    #1
    1. Advertising

  2. Stephen

    Rob Guest

    Elia S. <> wrote:
    > Hello
    > thank you for your answer.
    > The problem actually is that I have no control on R1 and R2. I just have my
    > 2600 router behind them, and I would like to balance my users (in NAT, DHCP
    > behind the 2600) to go out someone via R1 and others via R2 in a balanced
    > manner...


    There are cheap routers from companies like Draytek that perform this
    function out-of-the-box. To do it on a Cisco is possible, but quite
    a bit more difficult.

    If you do not want to buy something else, you will need to setup
    the router in such a way that half of the addresses go out via one link
    and half via the other (you will need to setup policy routing where a
    different default gateway is chosen depending on the source address of
    the traffic).

    There are solutions from Cisco that claim to do what you need, like:

    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

    While I have not tested this particular solution on recent IOS software,
    my experience in general with having two default routes in IOS is that
    it does not work in practice, because it sends internet trafic randomly
    over the two interfaces specified as default, without looking at the
    source address. Your internet provider will likely block the traffic
    you send on one link with the source IP address of the other.
    That is why the policy routing is (in my experience) always required.
     
    Rob, Aug 29, 2011
    #2
    1. Advertising

  3. Stephen

    Rob Guest

    Elia S. <> wrote:
    > Hello Rob.
    >
    > After well reading your message I think that this could be an idea:
    >
    >
    > R1: 192.168.27.1
    > R2: 192.168.27.2
    >
    > R1 and R2 do NAT.
    >
    > c2651XM:
    > WAN side: 192.168.27.200/24
    > LAN side: 192.168.0.254/24
    > DHCP enabled.
    >
    > I have a pool of DHCP addresses from
    >
    > 192.168.0.1 to 200
    >
    > I would like to create a route map that does this:
    >
    > route-map PBR permit 100
    > match ip address TO-R1
    > set ip next-hop 172.16.0.1
    >
    > route-map PBR permit 100
    > match ip address TO-R2
    > set ip next-hop 172.16.0.2


    I thin you must mean 192.168.27.1 as your next hop...

    > ip access-list extended TO-R1
    > permit ip host 192.168.0.1 any
    > permit ip any host 192.168.0.1
    > permit ip host 192.168.0.2 any
    > permit ip any host 192.168.0.2
    >
    >
    > ip access-list extended TO-R2
    > permit ip host 192.168.0.100 any
    > permit ip any host 192.168.0.100
    > permit ip host 192.168.0.101 any
    > permit ip any host 192.168.0.101


    It should be sufficient to have only the permit ip host x.x.x.x any lines.

    > The route-map PBR should be enabled to the LAN interface of the c2651XM.
    >
    > My question now is how about NAT ?
    >
    >
    > How can I setup NAT ?


    With NAT you can use route-map as well.

    Like this:

    ip nat inside source route-map map-1 interface ... overload
    ip nat inside source route-map map-2 interface ... overload

    route-map map-1 permit 10
    match ip address adsl-1-overload
    set interface ...
    set ip next-hop ...

    route-map map-2 permit 10
    match ip address adsl-2-overload
    set interface ...
    set ip next-hop ...

    ip access-list extended adsl-1-overload
    permit ip host 192.168.1.2 any
    permit ip host 192.168.1.4 any

    ip access-list extended adsl-2-overload
    permit ip host 192.168.1.3 any
    permit ip host 192.168.1.5 any
     
    Rob, Sep 2, 2011
    #3
  4. Stephen

    Rob Guest

    Elia S. <> wrote:
    > Wich default route do I put in the router? Just R1... because NAT is handled
    > by route map.
    >
    > right?


    This route-map directs the traffic that you are NATting the right way.
    Any default route that you put in is only used for other traffic from
    the router.
    (e.g. when you have setup ntp)

    When you want to balance all the traffic you can use a loopback interface
    and use a route-map as you have made before for traffic flowing via that
    loopback interface and then route default to the loopback interface.
     
    Rob, Sep 2, 2011
    #4
  5. Stephen

    Rob Guest

    Elia S. <> wrote:
    > Hello
    > I would like to balance the traffic between R1 and R2, but my fear is that
    > some connections go out from R1 and others via R2, and for example an HTTPS
    > connection will be broken.
    >
    > I would like to do a load balancing but source-based...


    When I used it some years back (the examples are cut from my config of that
    time) I concluded after a lot of reading that such a static mapping was
    the only possibility on IOS.
    With a Linux system it would not have been a problem to balance based on
    "sessions", so that each TCP or UDP session would be fixed to a single
    external connection, but outgoing sessions would be dynamically allocated
    to the two connections. (e.g. a webpage with several images would be
    loaded partly over one and partly over the other connection).
    The "out of the box" solutions also do that.

    It seems that the mechanisms to do this were not present in IOS, but it looks
    like this has been improved later. It may well be that with a modern IOS
    version you can do this.

    I have seen examples of configs that improve on the static mapped config
    in that they perform a "failover", i.e. when one of the lines is down it
    does not mean half your internal computers have no internet, but all the
    internet traffic is routed over the other line.

    However, I have become wary of configs that solve it using two default
    routes, as my experience is that two default routes means all outgoing
    traffic is packet-by-packet balanced over the two outgoing interfaces.
    This does not work unless the two lines as sold by one ISP specifically
    for the purpose of balancing. And of course you buy your two lines from
    two different ISPs anyway.

    But maybe this problem has been solved as well...
     
    Rob, Sep 2, 2011
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill F
    Replies:
    11
    Views:
    1,473
    Gert Doering
    Feb 14, 2004
  2. Replies:
    1
    Views:
    2,400
    Vincent C Jones
    Nov 21, 2005
  3. pshemko
    Replies:
    1
    Views:
    573
  4. Big Phil
    Replies:
    3
    Views:
    1,851
    NetExpert
    May 1, 2007
  5. palas_123
    Replies:
    1
    Views:
    2,193
    donjohnston
    Dec 28, 2009
Loading...

Share This Page