NAT Overload and load sharing

Discussion in 'Cisco' started by Houston SBC, Mar 25, 2007.

  1. Houston SBC

    Houston SBC Guest

    I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast ethernet,
    and 2 Int T1 CSU/DSU cards.

    Verizon has just enabled the second T-1 line for constant operation--it was
    previosly just a backup line.

    Each T-1 is using frame relay on a serial sub-interface and has ip addresses
    assigned-- using a /30 subnet.
    The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are
    designated as ip nat outside.

    I was using" ip nat inside source list 10 interface s0/0.1 overload" to
    allow internal users access to the Internet.

    I can now use the
    ip nat pool test netmask 255.255.255.252
    address 100.100.100.1 100.100.100.1----ip address s0/0.1
    address 100.100.100.5 100.100.100.5 ip address s0/1.1

    and

    ip nat inside source list 10 pool test overload..

    This works but I only get T-1 speed inbound--one or the other serial
    interfaces-no load sharing. Outbound traffic is equally distributed (I have
    load-sharing per-packet on each serial sub-interface).

    Do I have to get Verizon to bond the T-1 lines or can I use NAT on a stick
    with some route map magic?

    Has anyone setup overload nat to load balance incoming traffic? Not incoming
    traffic to a server.

    It looks as though an internal user will get a global address from the pool,
    which seems to be the same ip address of the same serial interface and
    subsequently only goes out a single t-1 circuit.

    TIA

    Digital Doug
     
    Houston SBC, Mar 25, 2007
    #1
    1. Advertisements

  2. You only get to control your outbound traffic. Whatever Verizon has to
    send to you, they get to choose how it's sent.
    Not me. Perhaps PPP multilink might help. Makes your 2XT1s look like
    one interface instead of two.
    Yes, for any individual outbound connection. Multiple connections
    would/might be split between the two addresses so the aggregate b/w might
    be > 1 x T1.
     
    Martin Gallagher, Mar 26, 2007
    #2
    1. Advertisements

  3. You have a couple ways to do this. However you should coordinate this with
    your local Verizon loop crews.

    1. You can try to convince them to implement Multilink Frame Relay (you
    mentioned that you have Frame Relay on the Interface). However if Verizon
    does not support this, there is nothing you can do.

    2. You can configure a "NAT-on-a-Stick" on your router. Basically it will be
    doing NAT before it hits Serial Interface, and then process translated
    packet as a normal routed packet. After you configure NAT-on-a-Stick, you
    enable IP Load-Sharing (through either CEF or packet processing) to take
    place on your Serial interfaces.

    3. You should also talk to Verizon, how do they do load-balancing on your
    links. You may need to do something more complicated, like BGP.

    Good luck,

    Mike
     
    headsetadapter.com, Mar 26, 2007
    #3
  4. headsetadapter.com, Mar 26, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.