DSL connections to 2(two) different ISPs. Redundancy????

Discussion in 'Cisco' started by AP, May 28, 2004.

  1. AP

    AP Guest

    Is there any way to configure Cisco 3620 to get a redundant internet
    connection for our small office without AS, BGP, etc involved? If BGP is
    the only option what is recommended corse of actions?

    Firewall -> Router -> DSL_Modem_1 -> ISP1
    |
    |---> DSL_Modem_2 -> ISP2


    Thank you.
    AP.
     
    AP, May 28, 2004
    #1
    1. Advertisements

  2. AP

    AP Guest

    Ideally automatic failover and recovery.
     
    AP, May 28, 2004
    #2
    1. Advertisements

  3. :Is there any way to configure Cisco 3620 to get a redundant internet
    :connection for our small office without AS, BGP, etc involved? If BGP is
    :the only option what is recommended corse of actions?

    :Firewall -> Router -> DSL_Modem_1 -> ISP1
    : |
    : |---> DSL_Modem_2 -> ISP2

    Define 'redundant'.

    Seriously -- there are a number of different things you could mean
    by 'redundant' and some of them are possible and some of them are not.
     
    Walter Roberson, May 28, 2004
    #3
  4. :Ideally automatic failover and recovery.

    You won't be able to do that without BGP or equivilent.

    In order for your 3620 to have any chance of moving traffic
    between the two DSL devices, it is going to have to be able to
    detect that the the DSL has gone done. Unfortunately, DSL often
    goes down one hop away from the customer, rather than taking
    the direct link (attached to the 3620) down. The 3620 isn't going
    to be able to detect that.

    There's a new feature that Aaron has been talking about in very
    very new IOS versions, that is able to determine route reachability
    via ping. I don't recall the name of that feature, but I would tend
    to have doubts that it would be supported on the 3620, as the 3620
    is an older router and not a leading-feature model.

    In the cases where you -were- able to detect that a link had gone
    down, if you do not have BGP or equivilent, you are going to lose all
    your current connections, as there isn't going to be any way to
    cut over the current traffic to the second router complete with having
    any replies in transit suddenly appear at the second router. All
    TCP will be disrupted, all firewall entries will be disrupted, and
    if you are running UDP applications and they -aren't- disrupted then
    you likely have spoofing security issues waiting to be exploited.


    What you -can- do with the dual DSL setup is have low-priority routes
    set up on the other interfaces, with the routes normally overshadowed
    by the more direct routes of the "usual" interface for that particular
    traffic. When the link goes down [detectably] then router is going
    to stop internally advertising the routes on the down interface,
    leaving only the normal routes to the second interface plus whatever
    lower-priority fallbacks you have set up. Combine this with a different
    outgoing NAT on each of the two interfaces, so that the packets that
    go out a particular interface will be replied to back to that
    interface. [This is important. If you just try to keep using the
    old IP addresses on outgoing traffic, then the packets might make
    it out to the other end, but the replies are going to try to
    come back via the downed interface!] This will, of course, entail
    setting up new connections for everything that got failed over --
    and the router isn't going to have any good way of notifying the
    application layers that things got failed over, so you are going to
    have to rely on keep-alives to get the failures to happen in
    a reasonable time.
     
    Walter Roberson, May 28, 2004
    #4
  5. AP

    Brian Dennis Guest

    Brian Dennis, May 28, 2004
    #5
  6. AP

    Guest Guest

    I knew I had it someplace.

    http://www.cisco.com/univercd/cc/td...123/123newft/123limit/123x/123xe/dbackupx.htm

    As I recall it was strictly the 1700 series an was not in the IP Only IOS.
    With this you can get the fail-over and recovery for outbound traffic. Add a
    second MX record and your inbound email will work. As for any other inbound
    traffic, your SOL without BGP. I've been through this a hundred times,
    getting BGP from an ISP isn't easy unless you're one of the big boys that
    owns your own IP subnet.

     
    Guest, May 28, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.