Basic load balancing and fault tolerance on Cisco Router

What we have,

Two T-1's to the Internet,
Cisco 3620 w/two WIC's, T-1 CSU/DSU
IOS Version 12.0(7)T

I want to set up basic load balancing and fault tolerance for these two connections.  Can I round-robin my outgoing connections and also configure the router to redirect all traffic should one T-1 go down?  We do no hosting here, so we are only concerned with internal user connectivity to the Internet.

Who is Participating?
scraig84Connect With a Mentor Commented:
Ymash - you are correct depending on the config.  However, when was it determined that a PIX's "job" is to NAT and a router's is not?  I didn't read that anywhere in my trusty copy of the International Law of Networking.

My concern here is the user's level of expertise and ability to set up a working BGP configuration.  Also, it does cost money to purchase an AS and register for a block of IP addresses.  This seems like an awful lot of work for a company that wants to keep browsing when a T1 goes down.  Hosting is another story.

Either way will work.  I'm not saying that BGP won't work or is not the right answer.  However, for as simple of a setup that is presented here, BGP seems to be the equivelant of killing an ant with a sledgehammer.
you should talk to your ISP and have them set you up with BGP. for better up time, I would get the two T'1 from different ISPs, but be sure that both ISPs agree to use BGP for you between them. I set this up once between UUNet and SAVVIS. SAVVIS agreed to announce my UUNet address space through their network. So you need an ISP that would do that for you.

It's alot less of a headache to use one ISP for bith T1's but it's not as fault tolerant!

Good luck.
BGP is ONLY necessary when hosting is involved or multiple ISP's are used to ensure that inbound traffic is routed over the live link.  You should be able to put two static default routes on the router.  By default, equal cost routes will load balance, and if a link goes down, the corresponding route will drop from the table forcing all traffic over the live link.

Assuming you are using a single ISP, you should be able to coordinate this with them and you will be fine.  You could still do it with multiple ISP's without BGP if you use a good NAT scenario (NAT from the Internet router).  Anyway, if you want more details on that let us know.

Either way, I would try to work around using BGP if you are not very experienced with routing.

Hope that helps!
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

mangiaAuthor Commented:
We are using two different ISP's in this case, so we do have two different IP address spaces and, currently, two seperate paths out. I will combine the two on a single router.  This is a concern for me because of NATing issues.  I'm still trying to work out those details.  We do have a PIX behind our primary router which is where the clients are being NATed and currently we have everyone pointed to that connection, with the secondary available for a manual switchover should the primary fail.  But this is not the right way to do things. Which is why I'm here.  BGP my be the way to go if I can get one of the ISP's to announce the others network.  I heard that can be some work though.

You certainly CAN do BGP - and will have to if you are going to keep things the way they currently are with NAT.  However, this is a fairly painful way to go in my opinion.  Also, if you go with BGP and leave things the way they are, you are not doing yourself any favors from a load balancing perspective.  All incoming traffic will flow over 1 T1 until it is down and then BGP will decide to send everything down the other.  You will only be able to load balance in an outbound direction.  The problem here is that pretty much the majority of Internet traffic is in the inbound direction so you really don't have a load balanced situation at all.

If I were you, I would NAT on the Internet router.  This way, the source of each packet will belong to the corresponding ISP link.  This will mean that inbound traffic will be coming back to 2 different addresses residing on 2 different ISP networks.  This will force some load balancing in the inbound direction.  This will also make it so that failover is automatic without the need for BGP.  

You can continue to NAT on the PIX if you don't want to have rebuild all your rules.  Each packet will be NAT'ed twice.  Personally, I would probably eventually change it over so that NAT only occurs once on the Internet router for a little better efficiency, but that's up to you.  There's no law against a double NAT.
scraig's way is one way of doing it, but I wouldn't do any translation on the router, I would let the PIX do that. Let the router route and have the PIX do it's job. Also, BGP will choose the shortest/fastest route to come into and leave your network. Traffic will go through both routers depending on where the destination/source is. Not all incoming traffic will flow through one T1 untill it goes down, that is not how BGP works.

Also, if you are concerned with performance, you shouldn't do double NATing.
mangiaAuthor Commented:
I do have an IE from our ISP that will assist us with any BGP we may employ.  So I will most likely end up working with him and implement BGP with CEF to resolve these issues.

I guess scraig84 will get the points.  Even though I still don't have a definite solution yet, I do appreciate the help you all provided.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.