+ Reply to Thread
Results 1 to 20 of 20
  1. Diggin' 4 Cisco Gold ptlinva's Avatar
    Join Date
    Jan 2009
    Location
    Virginia, USA
    Posts
    124

    Certifications
    CCNA, CCENT, MCP, CNE, Red Hat Linux Admin - Diggin' for CCNA Voice!
    #1

    Question (2) different ISP's - Load balancing with one router...

    Hi Everyone,

    I’ve been asked to upgrade a client’s router from a 3845 to 3945. Easy enough, grab the old config and put it on the new one.

    However, they’ve added a 2nd ISP and want me to setup load balancing on the router.

    Both ISPs are handing off Ethernet connections… I believe ISP1 is 60mb and ISP2 is 40mb/s. Very nice!

    My 1st thought would be to use (2) routers – 1 for each ISP and load balance with a virtual gateway. However, I don’t believe they are going to allow me to do that.

    Is there a way to do unequal load balancing from two different ISPs on one router? No owed IP addresses… both circuits have a range of IPs that were given to them from each ISP. They are also NAT'ing and have VPN's setup.

    Any comments/suggestions are greatly appreciated. BTW, this kind of job (while working from home on my couch) is why I keep studying for my Cisco certs. I can't wait to be able to do this full-time!

    Thanks!
    -Paul
    Reply With Quote Quote  

  2. SS -->
  3. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #2
    Maybe using route-maps? Identify the heavy traffic types and send it out the 60mb pipe and have the rest sent to the 40mb? Is BGP being run between your routers and the ISPs?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jul 2011
    Posts
    311
    #3
    How about having 2 default routes tracking each ISP, won't this work?
    Reply With Quote Quote  

  5. Diggin' 4 Cisco Gold ptlinva's Avatar
    Join Date
    Jan 2009
    Location
    Virginia, USA
    Posts
    124

    Certifications
    CCNA, CCENT, MCP, CNE, Red Hat Linux Admin - Diggin' for CCNA Voice!
    #4

    Default Willing to PayPal you to assist me with finishing this config....

    I believe I'm going to take both of your advice. I'm going to route port 80 and 443 through the new circuit. Everything else will go through the current production circuit.

    Today I was able to accomplish migrating over to the 3945 and have shutdown the 3845. Now on to the last piece of the puzzle.

    I'm looking at the following URL for advice...

    https://supportforums.cisco.com/docs/DOC-8313

    I've setup both interfaces and also setup the "ip sla"s.

    However, the next command

    track 10 rtr...

    does not work for me on this 3945 running IOS 15.x. Using help, it does not list "rtr" as an available option. It does give me the ability to use an Interface (ie. g0/0 or g0/2 for the two ISP circuits).

    Would either of you (or anyone) be interested in a $$ via PayPal to help me complete my config for this router? I can post the current config here OR email it over.

    Thanks everyone. I really do appreciate it.
    ptl
    Last edited by ptlinva; 07-19-2013 at 04:40 AM. Reason: adding additional text
    Reply With Quote Quote  

  6. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #5
    Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS XE Release 2.4, the track rtr command is replaced by the track ip sla command. See the track ip sla command for more information.
    threshold metric through weight (real server)* [Support] - Cisco Systems
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #6
    Don't overcomplicate things.

    2 interfaces, 3 static routes... for example, if you have int g0/0 (60Mb) and g0/1 (40Mb):

    ip route 0.0.0.0 0.0.0.0 g0/0
    ip route 0.0.0.0 0.0.0.0 "IP address of ISP interface on g0/0 subnet"
    ip route 0.0.0.0 0.0.0.0 g0/1

    after that, "sh ip route 0.0.0.0" will show that each route gets a traffic share of 1. Meaning that 33% of bandwidth will go out each route... or, 66% out g0/0 and 33% out g0/1. If you send 100Mb of traffic, that works out to 66Mb on g0/0, and 33Mb on g0/1. Close enough ratio? This method will also allow a down link to automatically withdraw a route without any additional config.

    The only thing you should use tracking for, is if you want to track the connectivity all the way through your provider's network (ie, tracking google or opendns out a specific interface, via the "sla" feature tied to a track statement on your static routes).
    Reply With Quote Quote  

  8. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #7
    powmia - I actually never thought of using static routes like that.

    Am I right in saying though that the route would only be withdrawn if the interface went down? That would mean that if your modem or whatever kept the interface up but there was no actual connection, you'd end up dropping a percentage of your traffic...wouldn't "sla"'s be a better way to go to track the actual connectivity to the ISP?
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #8
    You still want route tracking with above setup as it's highly unlikely that ISP's NTU will fail which would mean your port would always be up and black hole 33% of your traffic as you've said. You could track the other end of your /30 ISP assigned for your WAN port.

    Also addressing is a problem if you don't have PI space meaning you can't use ISP's one ip range on ISP's 2s network. I would consider getting your own PI / AS or at least PI and run BGP with both, you could run full feed for better load balancing this way.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #9
    iamme4eva, read the last paragraph of my post. If you want to track the connectivity of your ISP, configure a tracking object that tracks the reachability of a remote site, and is sourced from your physical interfaces... tie those to a static route.
    The following tracks the reachability through (NOT TO) your providers... to google DNS and OpenDNS... common practice
    ip sla 3
    icmp-echo 8.8.8.8 source-int g0/0
    ip sla 4
    icmp-echo 208.67.222.222 source-int g0/0
    ip sla 5
    icmp-echo 8.8.8.8 source-int g0/1
    ip sla 6
    icmp-echo 208.67.222.222 source-int g0/1
    !
    track 3 ip sla 3 reachability
    track 4 ip sla 4 reachability
    track 5 ip sla 5 reachability
    track 6 ip sla 6 reachability
    !
    track 1 list boolean and
    object 3
    object 4
    track 2 list boolean and
    object 5
    object 6
    !
    ip route 0.0.0.0 0.0.0.0 g0/0 track 1
    ip route 0.0.0.0 0.0.0.0 "IP address of ISP interface on g0/0 subnet" track 1
    ip route 0.0.0.0 0.0.0.0 g0/1 track 2
    !
    !!Then activate your SLAs.
    !
    ip sla schedule 3 start-time now life forever
    ip sla schedule 4 start-time now life forever
    ip sla schedule 5 start-time now life forever
    ip sla schedule 6 start-time now life forever



    deth1k, lol... they don't want to put a redundant router there, but they're going to buy provider independent space and an AS?
    Last edited by powmia; 07-23-2013 at 03:04 PM.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #10
    You could also make that a boolean "or"... your call.
    Reply With Quote Quote  

  12. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #11
    That's really interesting, thanks. I didn't know you could reference a track object in a track object. Cheers for that!
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #12
    Quote Originally Posted by powmia View Post
    iamme4eva, read the last paragraph of my post. If you want to track the connectivity of your ISP, configure a tracking object that tracks the reachability of a remote site, and is sourced from your physical interfaces... tie those to a static route.
    The following tracks the reachability through (NOT TO) your providers... to google DNS and OpenDNS... common practice
    ip sla 3
    icmp-echo 8.8.8.8 source-int g0/0
    ip sla 4
    icmp-echo 208.67.222.222 source-int g0/0
    ip sla 5
    icmp-echo 8.8.8.8 source-int g0/1
    ip sla 6
    icmp-echo 208.67.222.222 source-int g0/1
    !
    track 3 ip sla 3 reachability
    track 4 ip sla 4 reachability
    track 5 ip sla 5 reachability
    track 6 ip sla 6 reachability
    !
    track 1 list boolean and
    object 3
    object 4
    track 2 list boolean and
    object 5
    object 6
    !
    ip route 0.0.0.0 0.0.0.0 g0/0 track 1
    ip route 0.0.0.0 0.0.0.0 "IP address of ISP interface on g0/0 subnet" track 1
    ip route 0.0.0.0 0.0.0.0 g0/1 track 2
    !
    !!Then activate your SLAs.
    !
    ip sla schedule 3 start-time now life forever
    ip sla schedule 4 start-time now life forever
    ip sla schedule 5 start-time now life forever
    ip sla schedule 6 start-time now life forever



    deth1k, lol... they don't want to put a redundant router there, but they're going to buy provider independent space and an AS?

    You don't have to "buy" PI space if you have a decent ISP you can get it on their behalf. Also you don't want "and" in you boolean statement otherwise if one goes down whole track object will go down, better option would be an "or".

    Either way, you have an issue with IP addresses from two different ISP's and failure scenario where devices on one side will be without any connectivity. You could do a work around with policy based NAT but devices with static IP's will still have problems.
    Last edited by deth1k; 07-23-2013 at 03:49 PM.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #13
    iamme4eva, no problem. One last thing, if your router has trouble with it's adjacency lookups (ie, you're not on a ptp link... which I assume you aren't)... it's safer to use something like the following instead of my above config:

    ip route 0.0.0.0 0.0.0.0 g0/0 10.0.0.1 track 1
    ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 1
    ip route 0.0.0.0 0.0.0.0 11.0.0.1 track 2

    Keep that in mind.


    deth1k,

    You told him to get his own PI and AS... You're going to get your own AS without a /18 - /20 block of public addresses? And seriously, your provider isn't going to charge you for that many IPv4 addresses? Who's your provider? I'd like to get an AS for my house.

    I told him he had the option of using an "and" or an "or". The reason I used "and" in my config, is because while some people determine that their circumstances merit the behavior that a boolean "or" would provide that config.... 99% of the time... an "or" is a terrible choice. You really want to statically send traffic to a provider that could potentially only have access to half of the internet? If you're concerned about falsely killing a route because your sla target itself went down (which is why I chose two targets, google and openDNS that are clusters of servers, spread throughout the world)... Yes, that would kill both sets of static routes. In that case of paranoia, probably be best to also configure an identical set of everything I showed... but using "floating" static routes and "or" statements.
    Last edited by powmia; 07-23-2013 at 07:45 PM.
    Reply With Quote Quote  

  15. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #14
    I'm not actually doing it - I'm just being nosey and learning from someone else's thread. . One of the reasons I hang out on here is for stuff like this...useful gems that may come in handy one day, and if nothing else, teach me something or give me a new perspective on something.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #15
    Quote Originally Posted by powmia View Post
    iamme4eva, no problem. One last thing, if your router has trouble with it's adjacency lookups (ie, you're not on a ptp link... which I assume you aren't)... it's safer to use something like the following instead of my above config:

    ip route 0.0.0.0 0.0.0.0 g0/0 10.0.0.1 track 1
    ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 1
    ip route 0.0.0.0 0.0.0.0 11.0.0.1 track 2

    Keep that in mind.


    deth1k,

    You told him to get his own PI and AS... You're going to get your own AS without a /18 - /20 block of public addresses? And seriously, your provider isn't going to charge you for that many IPv4 addresses? Who's your provider? I'd like to get an AS for my house.

    I told him he had the option of using an "and" or an "or". The reason I used "and" in my config, is because while some people determine that their circumstances merit the behavior that a boolean "or" would provide that config.... 99% of the time... an "or" is a terrible choice. You really want to statically send traffic to a provider that could potentially only have access to half of the internet? If you're concerned about falsely killing a route because your sla target itself went down (which is why I chose two targets, google and openDNS that are clusters of servers, spread throughout the world)... Yes, that would kill both sets of static routes. In that case of paranoia, probably be best to also configure an identical set of everything I showed... but using "floating" static routes and "or" statements.
    Who said anything about /18 or /20? Working closely with your provider you can get /23 and split that into two /24's announcing both to your providers with prepends etc depending on how you'd like to load balance inbound traffic. This way you will maintain connectivity regardless of which uplink has failed. I'm not trying to argue here with you.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #16
    Dude... think about it. If you get it from your provider, It's not provider independent! You need to go through a regional registry to get PI and an AS. If you're telling someone to get a PI and AS, you're going to send them on a goose chase that gets them laughed at by someone at ARIN. Using one provider's space, and getting them and another to punch a hole in their summarization is a completely different subject... and doesn't require an AS... and Most providers won't do that for a /24.
    Last edited by powmia; 07-24-2013 at 10:29 AM.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #17
    dude, i know what you are saying although i work for a provider and we have been able to request PI space on behalf of our customers, they don't necessarily need an AS as the prefix will be maintained by an ISP (ripe object type). so in this instance you could easily to get both ISP's to announce that /24 to the rest of the world.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #18
    Is/was that a common practice for you guys?
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Jun 2010
    Location
    UK
    Posts
    310

    Certifications
    CCIE R&S/CCNP/CCIP/CCDP/CMNA/JNCIA/NSE4
    #19
    It used to be for medium sized clients not sure how it is now with IP shortages
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Mar 2013
    Location
    .
    Posts
    319

    Certifications
    .
    #20
    That's what I thought. I imagine it's pretty hard to justify for almost any client now, if not impossible. The only reason I gave you such a hard time, is that the original poster appeared to be a pretty small customer. Though I do feel like calling his client and screaming at them for being willing to accept the recurring cost of a second line, but not the one time purchase of another 3900.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks