Re: router help needed ....urgent
- From: "@NOSPAMhod!SPAM.co(dot)uk" <""tim\"@NOSPAMhod!SPAM.co(dot)uk">
- Date: Thu, 05 Jul 2007 09:31:22 +0100
Brian V wrote:
<carlfugate@xxxxxxxxx> wrote in message news:1183559583.772191.16490@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jul 1, 9:21 pm, "Brian V" <diespam...@xxxxxxxxxx> wrote:
<carlfug...@xxxxxxxxx> wrote in message
news:1183340116.847975.26120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> On Jun 30, 1:58 pm, Trendkill <jpma...@xxxxxxxxx> wrote:
>> On Jun 30, 2:48 pm, TheGoD <tgupt...@xxxxxxxxx> wrote:
>> > Hi Techies....
>> > I'm stuck in a problem....as i'm not very well with cisco routers...
>> > I have a cisco router 1800 series with a 4 port fast ethernet card.
>> > now i have attached both the internet isp's (A and B) over ethernet >> > to
>> > this router, now what i need is that all my traffic for internet >> > from
>> > lan A (192.168.1.0/24) should be routed to isp A and all from lan B
>> > (10.220.16.0/24)should be routed to isp B.
>> > Please ckick the link for the
>> > diagram.http://img248.imageshack.us/my.php?image=drawing1jq5.jpg
>> > Thanks..............
>> Policy-based routing is your only option. Else all traffic will take
>> one path, the other, or both (depending on your configuration), but
>> will not be split based on source network. Search policy-based
>> routing or PBR on cisco, lots of good documentation.
> This only solves one part of the routing equation in that traffic out
> to the Internet will indeed leave the connection specified, however it
> does not influence the way the traffic will return to your network
> which is normally more important (load balancing inbound flows which
> are much larger normally than the outbound flows). That cannot be
> solved by the end customer without using some very creative routing
> and even then you are at the mercy of your provider to make it work.
> Normally you would use BGP for that and you would split your IP
> address pools in half or more and advertise one half to one provider,
> and the other half to the other. At the same time you would advertise
> a summary of the entire pool to both providers for failover purposes.
> This is a very complex problem in large networks which have large
> amounts of IP space that they can use to load balance. Even then, you
> have to look at what servers reside in that IP segment (or pool) and
> determine if you are truly load balancing (ie if your largest servers
> all sit in the same /24 and you are advertising /24 networks to your
> upstream provider then most of your traffic will still only use one
> link). If both links are to the same ISP router then you can use BGP
> MED (communities) to influence it but again provider dependent.
Where did the OP mention redundancy or the need to load balance anything?
They specifically stated that they want this subnet on ISP1 and this subnet
on ISP2. You're refering to corporations/businesses who "own" their own
block of IP's who want to multi-home to different ISP's. The OP mentioned an
1800 series, so thats most likely not the case here. In the OP's case there
is absolutely no need for BGP or any other routing protocol as the IP's will
be nat'd going out their designated interfaces and the return traffic would
follow that same path thru the appropriate ISP. As the first responder
stated already, policy based routing is the only available option without
adding more hardware such as a Radware type solution for what the OP
requested.
Hmm...I guess if I was paying for two links to the Internet even just
for Web browsing, it would be pretty silly not to very easily put in
the ability to use both links. My argument still stands though, it
doesn't matter if you PBR the traffic out one link or the other, your
at the mercy of the Internet routing tables to determine how its going
to come back to you so you may send it out on link 1, but everything
may come back in link 2.
When you are using PBR it specifically tells this internal subnet to go out this pipe and the other internal subnet to go out the other pipe. Each one of those pipes has a unique public subnet associated to it. Your traffic will ALWAYS come back in the correct pipe. You are again thinking enterprise class routing that owns it own class C (or greater) that is running BGP with multiple providors. These days business has shifted to smaller address blocks, takes an arm and a leg to get larger IP blocks and most providors won't route/advertise anything smaller than a /23.
Brian is correct. The traffic will return based on the IP address that it left with. If you try and spoof the IP address to use the other connection chances are that it won't work at all as almost all internet routers won't allow source addressing.
But why use PBR. I think that is too complicated for something so simple.
It is the NAT config that is most important here, and I would also suggest that there is no point in using 2 ethernet ports on the router. Why not just put the 2 internet feeds into a hub/switch and connect the router by 1 ethernet port and use IP routing and NAT to determine the best route to use.
If you NAT the traffic onto the relevant network and have 2 default routes only 1 default route will be legal for the NATed traffic so will be the one used.
try this >>>>>>>
ip nat pool ISPa <IP details for ISPa provided range>
ip nat pool ISPb <IP details for ISPb>
ip nat inside source list 1 pool ISPa overload
ip nat inside source list 2 pool ISPb overload
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.220.16.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 <ISPa router address>
ip route 0.0.0.0 0.0.0.0 <ISPb router address>
.
- Follow-Ups:
- Re: router help needed ....urgent
- From: Brian V
- Re: router help needed ....urgent
- References:
- Re: router help needed ....urgent
- From: carlfugate@xxxxxxxxx
- Re: router help needed ....urgent
- From: Brian V
- Re: router help needed ....urgent
- From: carlfugate@xxxxxxxxx
- Re: router help needed ....urgent
- From: Brian V
- Re: router help needed ....urgent
- Prev by Date: NEW AND ORIGINAL CISCO 2811HSEC/K9 PRICE US$2950
- Next by Date: Change native VLAN on ASA 5520
- Previous by thread: Re: router help needed ....urgent
- Next by thread: Re: router help needed ....urgent
- Index(es):
Relevant Pages
|
