(2) different ISP's - Load balancing with one router...
Hi Everyone,
I’ve been asked to upgrade a client’s router from a 3845 to 3945. Easy enough, grab the old config and put it on the new one.
However, they’ve added a 2nd ISP and want me to setup load balancing on the router.
Both ISPs are handing off Ethernet connections… I believe ISP1 is 60mb and ISP2 is 40mb/s. Very nice!
My 1st thought would be to use (2) routers – 1 for each ISP and load balance with a virtual gateway. However, I don’t believe they are going to allow me to do that.
Is there a way to do unequal load balancing from two different ISPs on one router? No owed IP addresses… both circuits have a range of IPs that were given to them from each ISP. They are also NAT'ing and have VPN's setup.
Any comments/suggestions are greatly appreciated. BTW, this kind of job (while working from home on my couch) is why I keep studying for my Cisco certs. I can't wait to be able to do this full-time!
Thanks!
-Paul
I’ve been asked to upgrade a client’s router from a 3845 to 3945. Easy enough, grab the old config and put it on the new one.
However, they’ve added a 2nd ISP and want me to setup load balancing on the router.
Both ISPs are handing off Ethernet connections… I believe ISP1 is 60mb and ISP2 is 40mb/s. Very nice!
My 1st thought would be to use (2) routers – 1 for each ISP and load balance with a virtual gateway. However, I don’t believe they are going to allow me to do that.
Is there a way to do unequal load balancing from two different ISPs on one router? No owed IP addresses… both circuits have a range of IPs that were given to them from each ISP. They are also NAT'ing and have VPN's setup.
Any comments/suggestions are greatly appreciated. BTW, this kind of job (while working from home on my couch) is why I keep studying for my Cisco certs. I can't wait to be able to do this full-time!
Thanks!
-Paul
Comments
Today I was able to accomplish migrating over to the 3945 and have shutdown the 3845. Now on to the last piece of the puzzle.
I'm looking at the following URL for advice...
https://supportforums.cisco.com/docs/DOC-8313
I've setup both interfaces and also setup the "ip sla"s.
However, the next command
track 10 rtr...
does not work for me on this 3945 running IOS 15.x. Using help, it does not list "rtr" as an available option. It does give me the ability to use an Interface (ie. g0/0 or g0/2 for the two ISP circuits).
Would either of you (or anyone) be interested in a $$ via PayPal to help me complete my config for this router? I can post the current config here OR email it over.
Thanks everyone. I really do appreciate it.
ptl
threshold metric through weight (real server) [Support] - Cisco Systems
My blog: mybraindump.co.uk
2 interfaces, 3 static routes... for example, if you have int g0/0 (60Mb) and g0/1 (40Mb):
ip route 0.0.0.0 0.0.0.0 g0/0
ip route 0.0.0.0 0.0.0.0 "IP address of ISP interface on g0/0 subnet"
ip route 0.0.0.0 0.0.0.0 g0/1
after that, "sh ip route 0.0.0.0" will show that each route gets a traffic share of 1. Meaning that 33% of bandwidth will go out each route... or, 66% out g0/0 and 33% out g0/1. If you send 100Mb of traffic, that works out to 66Mb on g0/0, and 33Mb on g0/1. Close enough ratio? This method will also allow a down link to automatically withdraw a route without any additional config.
The only thing you should use tracking for, is if you want to track the connectivity all the way through your provider's network (ie, tracking google or opendns out a specific interface, via the "sla" feature tied to a track statement on your static routes).
Am I right in saying though that the route would only be withdrawn if the interface went down? That would mean that if your modem or whatever kept the interface up but there was no actual connection, you'd end up dropping a percentage of your traffic...wouldn't "sla"'s be a better way to go to track the actual connectivity to the ISP?
My blog: mybraindump.co.uk
Also addressing is a problem if you don't have PI space meaning you can't use ISP's one ip range on ISP's 2s network. I would consider getting your own PI / AS or at least PI and run BGP with both, you could run full feed for better load balancing this way.
The following tracks the reachability through (NOT TO) your providers... to google DNS and OpenDNS... common practice
ip sla 3
icmp-echo 8.8.8.8 source-int g0/0
ip sla 4
icmp-echo 208.67.222.222 source-int g0/0
ip sla 5
icmp-echo 8.8.8.8 source-int g0/1
ip sla 6
icmp-echo 208.67.222.222 source-int g0/1
!
track 3 ip sla 3 reachability
track 4 ip sla 4 reachability
track 5 ip sla 5 reachability
track 6 ip sla 6 reachability
!
track 1 list boolean and
object 3
object 4
track 2 list boolean and
object 5
object 6
!
ip route 0.0.0.0 0.0.0.0 g0/0 track 1
ip route 0.0.0.0 0.0.0.0 "IP address of ISP interface on g0/0 subnet" track 1
ip route 0.0.0.0 0.0.0.0 g0/1 track 2
!
!!Then activate your SLAs.
!
ip sla schedule 3 start-time now life forever
ip sla schedule 4 start-time now life forever
ip sla schedule 5 start-time now life forever
ip sla schedule 6 start-time now life forever
deth1k, lol... they don't want to put a redundant router there, but they're going to buy provider independent space and an AS?
My blog: mybraindump.co.uk
You don't have to "buy" PI space if you have a decent ISP you can get it on their behalf. Also you don't want "and" in you boolean statement otherwise if one goes down whole track object will go down, better option would be an "or".
Either way, you have an issue with IP addresses from two different ISP's and failure scenario where devices on one side will be without any connectivity. You could do a work around with policy based NAT but devices with static IP's will still have problems.
ip route 0.0.0.0 0.0.0.0 g0/0 10.0.0.1 track 1
ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 1
ip route 0.0.0.0 0.0.0.0 11.0.0.1 track 2
Keep that in mind.
deth1k,
You told him to get his own PI and AS... You're going to get your own AS without a /18 - /20 block of public addresses? And seriously, your provider isn't going to charge you for that many IPv4 addresses? Who's your provider? I'd like to get an AS for my house.
I told him he had the option of using an "and" or an "or". The reason I used "and" in my config, is because while some people determine that their circumstances merit the behavior that a boolean "or" would provide that config.... 99% of the time... an "or" is a terrible choice. You really want to statically send traffic to a provider that could potentially only have access to half of the internet? If you're concerned about falsely killing a route because your sla target itself went down (which is why I chose two targets, google and openDNS that are clusters of servers, spread throughout the world)... Yes, that would kill both sets of static routes. In that case of paranoia, probably be best to also configure an identical set of everything I showed... but using "floating" static routes and "or" statements.
My blog: mybraindump.co.uk
Who said anything about /18 or /20? Working closely with your provider you can get /23 and split that into two /24's announcing both to your providers with prepends etc depending on how you'd like to load balance inbound traffic. This way you will maintain connectivity regardless of which uplink has failed. I'm not trying to argue here with you.