Solved

Basic load balancing and fault tolerance on Cisco Router

Posted on 2002-05-07
7
567 Views
Last Modified: 2013-11-29
What we have,

Two T-1's to the Internet,
Cisco 3620 w/two WIC's, T-1 CSU/DSU
IOS Version 12.0(7)T

I want to set up basic load balancing and fault tolerance for these two connections.  Can I round-robin my outgoing connections and also configure the router to redirect all traffic should one T-1 go down?  We do no hosting here, so we are only concerned with internal user connectivity to the Internet.

Thanks,
M
0
Comment
Question by:mangia
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Expert Comment

by:ymash
ID: 6995339
you should talk to your ISP and have them set you up with BGP. for better up time, I would get the two T'1 from different ISPs, but be sure that both ISPs agree to use BGP for you between them. I set this up once between UUNet and SAVVIS. SAVVIS agreed to announce my UUNet address space through their network. So you need an ISP that would do that for you.

It's alot less of a headache to use one ISP for bith T1's but it's not as fault tolerant!

Good luck.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6995516
BGP is ONLY necessary when hosting is involved or multiple ISP's are used to ensure that inbound traffic is routed over the live link.  You should be able to put two static default routes on the router.  By default, equal cost routes will load balance, and if a link goes down, the corresponding route will drop from the table forcing all traffic over the live link.

Assuming you are using a single ISP, you should be able to coordinate this with them and you will be fine.  You could still do it with multiple ISP's without BGP if you use a good NAT scenario (NAT from the Internet router).  Anyway, if you want more details on that let us know.

Either way, I would try to work around using BGP if you are not very experienced with routing.

Hope that helps!
0
 
LVL 1

Author Comment

by:mangia
ID: 6996143
We are using two different ISP's in this case, so we do have two different IP address spaces and, currently, two seperate paths out. I will combine the two on a single router.  This is a concern for me because of NATing issues.  I'm still trying to work out those details.  We do have a PIX behind our primary router which is where the clients are being NATed and currently we have everyone pointed to that connection, with the secondary available for a manual switchover should the primary fail.  But this is not the right way to do things. Which is why I'm here.  BGP my be the way to go if I can get one of the ISP's to announce the others network.  I heard that can be some work though.

Thanks
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 8

Expert Comment

by:scraig84
ID: 6996290
You certainly CAN do BGP - and will have to if you are going to keep things the way they currently are with NAT.  However, this is a fairly painful way to go in my opinion.  Also, if you go with BGP and leave things the way they are, you are not doing yourself any favors from a load balancing perspective.  All incoming traffic will flow over 1 T1 until it is down and then BGP will decide to send everything down the other.  You will only be able to load balance in an outbound direction.  The problem here is that pretty much the majority of Internet traffic is in the inbound direction so you really don't have a load balanced situation at all.

If I were you, I would NAT on the Internet router.  This way, the source of each packet will belong to the corresponding ISP link.  This will mean that inbound traffic will be coming back to 2 different addresses residing on 2 different ISP networks.  This will force some load balancing in the inbound direction.  This will also make it so that failover is automatic without the need for BGP.  

You can continue to NAT on the PIX if you don't want to have rebuild all your rules.  Each packet will be NAT'ed twice.  Personally, I would probably eventually change it over so that NAT only occurs once on the Internet router for a little better efficiency, but that's up to you.  There's no law against a double NAT.
0
 
LVL 1

Expert Comment

by:ymash
ID: 6996974
scraig's way is one way of doing it, but I wouldn't do any translation on the router, I would let the PIX do that. Let the router route and have the PIX do it's job. Also, BGP will choose the shortest/fastest route to come into and leave your network. Traffic will go through both routers depending on where the destination/source is. Not all incoming traffic will flow through one T1 untill it goes down, that is not how BGP works.

Also, if you are concerned with performance, you shouldn't do double NATing.
0
 
LVL 8

Accepted Solution

by:
scraig84 earned 100 total points
ID: 6997024
Ymash - you are correct depending on the config.  However, when was it determined that a PIX's "job" is to NAT and a router's is not?  I didn't read that anywhere in my trusty copy of the International Law of Networking.

My concern here is the user's level of expertise and ability to set up a working BGP configuration.  Also, it does cost money to purchase an AS and register for a block of IP addresses.  This seems like an awful lot of work for a company that wants to keep browsing when a T1 goes down.  Hosting is another story.

Either way will work.  I'm not saying that BGP won't work or is not the right answer.  However, for as simple of a setup that is presented here, BGP seems to be the equivelant of killing an ant with a sledgehammer.
0
 
LVL 1

Author Comment

by:mangia
ID: 6998799
I do have an IE from our ISP that will assist us with any BGP we may employ.  So I will most likely end up working with him and implement BGP with CEF to resolve these issues.

I guess scraig84 will get the points.  Even though I still don't have a definite solution yet, I do appreciate the help you all provided.

Thanks
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now