routing between two internet access lines

hi all

 

if you have two networks in same building.

both of them have seperate DSL modem and ISA servers and different IP schema.

 

 

incase if you want to make a redundancy.

how can we do the design so if Modem-1 was down, Modem-2 will take the role.

initially if both modems are working fine, then no need for backup. just let them work as they are (separately).

 

regards,

Comments

  • You can have a Cisco router and deploy policy NAT with Object tracking feature to effectively fulfill your objective.

    Good luck!

     

  • hi Hari.sapkota

     

    I will read about your suggestion,

    I was thinking about to put an ethernet switch in the middle, and configure two Vlans (one for each modem)

    and then set a router to route between the vlans.

    but the only thing I am worry about is, how the router will detect if Modem-1 connection to the internet is down to start route network 1 to Modem-2 ?

     

    because sometimes, if the modem is down, you still able to ping its local IP address. (which means the modem is unable to fetch the public network)

    ??

  • IP SLA with object tracking. Point route out primary interface and ping something like 8.8.8.8. Make sure to source packets out primary interface.

    Put a floating static route out secondary interface with a higher AD.

    If the primary route fails it will be pulled from the RIB:

  • hi Hari.sapkota

     

    I will read about your suggestion,

    I was thinking about to put an ethernet switch in the middle, and configure two Vlans (one for each modem)

    and then set a router to route between the vlans.

    but the only thing I am worry about is, how the router will detect if Modem-1 connection to the internet is down to start route network 1 to Modem-2 ?

     

    because sometimes, if the modem is down, you still able to ping its local IP address. (which means the modem is unable to fetch the public network)

    ??

     

    As you configure static route to your ISP and it doesn't get removed even if you loose the connectivity to your ISP in the middle, you can follow the instruction which daniel gave. You are trying to achieve the failover with static configuration on your modems which doesn't make it dynamic in the case of failure. So, just put a floating static route with higher AD on your secondary one and lower AD on your primary link, it would help you to achieve dynamic features with static routes if you go for IP SLA configuration.

    Good luck!

  • Unless the issue is a shortage of fe ports in the router, all adding a switch will do is add complexity and another SPOF (IMO - I'm sure someone has a different POV). 

    Do you have services hosted on your network that clients outside of your network use?  If so, simple outbound sla won't fix.

    Are your DSL modems NATing or do you have static IPs from the ISP(s)?  Unless you have two bridged static IPs from the ISP(s), you're probably looking at double NATing, even with ip sla.

    How do you do things currently?

  • peetypeety ✭✭✭

    Unless the issue is a shortage of fe ports in the router, all adding a switch will do is add complexity and another SPOF (IMO - I'm sure someone has a different POV). 

    Do you have services hosted on your network that clients outside of your network use?  If so, simple outbound sla won't fix.

    8 is right on both points.

    Have you googled this subject yet? Across a variety of forums, people ask this very question on a daily basis, and the answers are still the same.

  • hi guys,

    I drawed what is in my mind and with the advice of daniel to use IP SLA process.

    image

    so Vlan 1 for right side (network 192.168.1.0/24)

    and Vlan 2 for left side (network 172.22.1.0/24)

     

    and we configure R1 to use IP SLA to track 8.8.8.8
    so if interface Fas 0/0 fails to reach 8.8.8.8, then it will route network 192.168.1.0 to interface Fas 0/1
    and Vice versa.


    is that good ? 

  • I see you are lacking ports on your routers right? [:D] Otherwise you could have connected your ISA servers directly to the routers and then routers to your ISPs without switch which would occupy few more ports.

    I believe you are trying to achieve different connection for different network. So, this design works for your requirement which really depends on your configuration.

    1) First of all configure floating static route on your R1:

    R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.x

    R1(config)#ip route 0.0.0.0 0.0.0.0 172.22.1.x 10

    2) Configure NAT.

    3) Object tracking (8.8.8.8) with IP SLA.

    R1(config)#do sh ruN | SEC ip sla

    ip sla monitor 1

     type echo protocol ipIcmpEcho 8.8.8.8 source-ipaddr 192.168.1.x

    ip sla monitor schedule 1 life forever start-time now


    (IP SLA commands could be different on different Cisco IOS)



    R1(config)#do sh run | sec track

    track 1 rtr 1 reachability




    Now, bind the track on R1 fro your primary static route:


    R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.x





    You can also have load sharing with PBR which you can bind with NAT.

     

    Good luck!

  • ip route 0.0.0.0 0.0.0.0  G1/1 192.168.10.10 track 1   -> Primary

    ip route 0.0.0.0 0.0.0.0  G1/2 192.168.20.10 5  --> Secondary

     

    //2 default routes, one primary and one secondary, using tracked object

    !

    track 1 ip sla 1 reachability

     delay down 10 up 5

    !

     

    ip sla 1

     icmp-echo 8.8.8.8 source-ip 192.168.10.20

     timeout 4000

     frequency 8

    ip sla schedule 1 life forever start-time now

    !

    /// IP sla object and tracked object

    !

    !

    route-map ROUTE_MAP-DEFAULT-ROUTE-POLICY permit 10

     match ip address ACL-LOCAL-POLICY-DEFAULT-ROUTING

     set interface Null0

     set ip next-hop 192.168.10.10

    !

    ip access-list extended ACL-LOCAL-POLICY-DEFAULT-ROUTING

     permit icmp any host 8.8.8.8 echo

    !

    ip local policy route-map ROUTE_MAP-DEFAULT-ROUTE-POLICY

    !

    ///local policy routing to send out IP SLA probes only out of the primary. If this is not in place, the probes will start working as soon as the switch over to  the other interface occurs (Traffic will flow out the SECONDARY interface, Track object will come up, and the route out the primary will make it back into the RIB. This policy routing prevents that =)

     

     

    ip nat inside source route-map PRIMARY interface G1/1 overload

    ip nat inside source route-map SECONDARY interface G1/2 overload

     

    route-map PRIMARY permit 10

     match ip address NAT

     match interface G1/1

    route-map SECONDARY permit 10

     match ip address NAT

     match interface G1/2

    !

    ip access-list extended NAT

     permit ip 192.168.0.0 0.0.255.255 any

     

    ///NAT using route-maps to NAT traffic after routing takes place. 

     

    I use something similar in one of my setups, works great for me. 

     

    Pablo 

     

     

     

     

  • I also complement it with some EEM to send me an email whenever the main link goes down, also when it comes back up:

     

    event manager applet LINK-DOWN trap

     event tag 1.0 syslog pattern "TRACKING-5-STATE:.*1.*Up->Down"

     action 1.0 syslog msg "COMCAST DOWN!"

     action 2.0 cli command "enable"

     action 3.0 cli command "show ip route"

     action 4.0 mail server "username:[email protected]" to "[email protected]" from "[email protected]" subject "COMCAST DOWN! BACKUP WORKING!" body "Comcast Down! Current routing table:   $_cli_result"

    !

    //EEM to send email when primary (Comcast) goes down

    !

    event manager applet COMCAST-LINK-UP trap

     event tag 1.0 syslog pattern "TRACKING-5-STATE:.*1.*Down->Up"

     action 1.0 syslog msg "COMCAST UP!"

     action 2.0 cli command "enable"

     action 3.0 cli command "show ip route"

     ction 4.0 mail server "username:[email protected]" to "[email protected]" from "[email protected]" subject  "COMCAST UP! PRIMARY WORKING AGAIN!" body "Comcast Up! Current routing table:   $_cli_result"

    !

     

    //EEM to send email when primary (Comcast) comes back up

    Hope it helps!

  • thanks all for this

    I will return to you on this after completing IP service level aggrement.

    in fact I am a CCNP candidate not CCIE,

    some of the concepts I need to read them very well before starting implement them.

     

Sign In or Register to comment.