Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Basic load balancing and fault tolerance on Cisco Router

Posted on 2002-05-07
7
Medium Priority
?
582 Views
Last Modified: 2013-11-29
What we have,

Two T-1's to the Internet,
Cisco 3620 w/two WIC's, T-1 CSU/DSU
IOS Version 12.0(7)T

I want to set up basic load balancing and fault tolerance for these two connections.  Can I round-robin my outgoing connections and also configure the router to redirect all traffic should one T-1 go down?  We do no hosting here, so we are only concerned with internal user connectivity to the Internet.

Thanks,
M
0
Comment
Question by:mangia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:ymash
ID: 6995339
you should talk to your ISP and have them set you up with BGP. for better up time, I would get the two T'1 from different ISPs, but be sure that both ISPs agree to use BGP for you between them. I set this up once between UUNet and SAVVIS. SAVVIS agreed to announce my UUNet address space through their network. So you need an ISP that would do that for you.

It's alot less of a headache to use one ISP for bith T1's but it's not as fault tolerant!

Good luck.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6995516
BGP is ONLY necessary when hosting is involved or multiple ISP's are used to ensure that inbound traffic is routed over the live link.  You should be able to put two static default routes on the router.  By default, equal cost routes will load balance, and if a link goes down, the corresponding route will drop from the table forcing all traffic over the live link.

Assuming you are using a single ISP, you should be able to coordinate this with them and you will be fine.  You could still do it with multiple ISP's without BGP if you use a good NAT scenario (NAT from the Internet router).  Anyway, if you want more details on that let us know.

Either way, I would try to work around using BGP if you are not very experienced with routing.

Hope that helps!
0
 
LVL 1

Author Comment

by:mangia
ID: 6996143
We are using two different ISP's in this case, so we do have two different IP address spaces and, currently, two seperate paths out. I will combine the two on a single router.  This is a concern for me because of NATing issues.  I'm still trying to work out those details.  We do have a PIX behind our primary router which is where the clients are being NATed and currently we have everyone pointed to that connection, with the secondary available for a manual switchover should the primary fail.  But this is not the right way to do things. Which is why I'm here.  BGP my be the way to go if I can get one of the ISP's to announce the others network.  I heard that can be some work though.

Thanks
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 8

Expert Comment

by:scraig84
ID: 6996290
You certainly CAN do BGP - and will have to if you are going to keep things the way they currently are with NAT.  However, this is a fairly painful way to go in my opinion.  Also, if you go with BGP and leave things the way they are, you are not doing yourself any favors from a load balancing perspective.  All incoming traffic will flow over 1 T1 until it is down and then BGP will decide to send everything down the other.  You will only be able to load balance in an outbound direction.  The problem here is that pretty much the majority of Internet traffic is in the inbound direction so you really don't have a load balanced situation at all.

If I were you, I would NAT on the Internet router.  This way, the source of each packet will belong to the corresponding ISP link.  This will mean that inbound traffic will be coming back to 2 different addresses residing on 2 different ISP networks.  This will force some load balancing in the inbound direction.  This will also make it so that failover is automatic without the need for BGP.  

You can continue to NAT on the PIX if you don't want to have rebuild all your rules.  Each packet will be NAT'ed twice.  Personally, I would probably eventually change it over so that NAT only occurs once on the Internet router for a little better efficiency, but that's up to you.  There's no law against a double NAT.
0
 
LVL 1

Expert Comment

by:ymash
ID: 6996974
scraig's way is one way of doing it, but I wouldn't do any translation on the router, I would let the PIX do that. Let the router route and have the PIX do it's job. Also, BGP will choose the shortest/fastest route to come into and leave your network. Traffic will go through both routers depending on where the destination/source is. Not all incoming traffic will flow through one T1 untill it goes down, that is not how BGP works.

Also, if you are concerned with performance, you shouldn't do double NATing.
0
 
LVL 8

Accepted Solution

by:
scraig84 earned 300 total points
ID: 6997024
Ymash - you are correct depending on the config.  However, when was it determined that a PIX's "job" is to NAT and a router's is not?  I didn't read that anywhere in my trusty copy of the International Law of Networking.

My concern here is the user's level of expertise and ability to set up a working BGP configuration.  Also, it does cost money to purchase an AS and register for a block of IP addresses.  This seems like an awful lot of work for a company that wants to keep browsing when a T1 goes down.  Hosting is another story.

Either way will work.  I'm not saying that BGP won't work or is not the right answer.  However, for as simple of a setup that is presented here, BGP seems to be the equivelant of killing an ant with a sledgehammer.
0
 
LVL 1

Author Comment

by:mangia
ID: 6998799
I do have an IE from our ISP that will assist us with any BGP we may employ.  So I will most likely end up working with him and implement BGP with CEF to resolve these issues.

I guess scraig84 will get the points.  Even though I still don't have a definite solution yet, I do appreciate the help you all provided.

Thanks
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question