Static NAT On 2 Routers - Different Public IP's Pointing to Same Private IP?

Discussion in 'Cisco' started by s.fenster, Sep 21, 2007.

  1. s.fenster

    s.fenster Guest

    Hi,

    I have a general networking question regarding static NAT. My
    question is:

    Is it possible to have two routers, each connected to a different ISP,
    with static NAT (aka one-to-one NAT) setup to point to the same
    internal ip address? If it is possible, will it yield bad
    performance / packet collisions, or will there be any other unforeseen
    issues?


    My situation is the following:

    I am trying to setup a server for network redundancy. I already have
    2 similar routers that support static NAT. I would like to give my
    server a private ip address, say 10.0.1.100. I would then like to
    setup static NAT on each router as follows:

    Router 1 (connected to ISP 1):

    (public address) xxx.xxx.xxx.xxx <----------> 10.0.1.100 (private
    address)

    Router 2 (connected to ISP 2):

    (public address) xxx.xxx.xxx.xxx <----------> 10.0.1.100 (private
    address)


    So my logic is the following:

    If traffic comes into my server through the public IP address on
    router 1, it will be translated to the private address and sent to
    that server.

    If traffic comes into the server through the public address on router
    2, it will be translated to the private address and sent to that same
    server.


    Will the server be able to send the return packets back out through
    the correct router? Does the server use its default gateway to
    determine which router to send the packets to, or does it know to send
    it back to the router who sent it the traffic originally?

    Both routers will be on the same internal network: 10.0.1.0\24 (I
    think I did that correctly). So will it not use the default gateway
    since both routers are on the same network as the server?

    Thanks,

    Seth
     
    s.fenster, Sep 21, 2007
    #1
    1. Advertisements

  2. The server will send the packet out via the default gateway. So you
    will have an issue with asynchronous routing. This will lead to issues
    when you have people trying to connect to the server due how xlate
    tables work and the TCP handshake. If you need network redundancy you
    have three options:

    1. Least Expensive, and least redundant. Get a SONE protected line.
    Dependent on one provider and one POP
    2. Have one ISP that has two POPs several miles apart. Have multiple
    lines coming from them and setup BGP. Dependent on one Provider.
    3. Have multiple ISPs. For this to work you would have to get your
    address space directly from IANA. And then setup BGP peering
    relationships with multiple ISPs. Single point of failure is your
    single facility.

    You could tell the server where to send certain packets in its route
    table, but this solution would not be reliable and will lead to you
    having many nights of little sleep.

    In summation:

    Will the server be able to send the return packets back out through
    the correct router? NO

    Does the server use its default gateway to
    determine which router to send the packets to, or does it know to send
    it back to the router who sent it the traffic originally? Default
    Gateway

    So will it not use the default gateway
    since both routers are on the same network as the server? Default
    Gateway.

    The only time what you propose might work is if you had multiple
    internal networks that had to connect to the server. With complete
    knowledge and control of the source and destination addressing you
    could make this work (I say this form academic reasons, and do not
    recommend it)
     
    heath.parrott, Oct 14, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.