Solved

Capabilities of the Cisco 2600 series router.

Posted on 2004-10-19
18
360 Views
Last Modified: 2013-11-29
Hello,

We currently have a T1 line which terminates at the 2600 router. We are planning to get another line (T1 or DSL??) for backup purposes. Is it possible that with this router it will switch from T1 to T1 if one goes down. Is it possible to do load balancing with this router. It currently only has one WAN card. If I install another one, will this be possible. If not, what do you suggest as a replacement. The T1's are used for internet access not a site to site connection.

Thanks in advance!!
0
Comment
Question by:firstheartland
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Yes, well, maybe..
Sorry, I couldn't resist.
Yes, this router is capable of handling two T1's quite easily.
Yes, they can load balance - if both T1's go to the same ISP
Maybe, if you have two different ISP's and you enable BGP with default route only, and you own your own IP block
Yes, you have failover easier than you can have load sharing if you have different ISP's.
Same ISP and you get the both load-sharing and failover. Make sure you explain to the ISP what you want so they can provision their end appropriately. You may have to enable BGP using their private AS number.
If you go the DSL route, then you have even bigger issues because the don't 'do' BGP over dsl. That makes it all more difficult.
0
 
LVL 10

Expert Comment

by:ngravatt
Comment Utility
BGP is a good idea.  I would suggest using OSPF and giving each T1 the same 'cost'.  This will enable load balancing.  See this article for more info:

http://www.cisco.com/warp/public/105/46.html
0
 
LVL 1

Author Comment

by:firstheartland
Comment Utility
We want to go with two different ISP's, incase one goes down. How can this be done. Is it easier to go the failover route, or can load balancing work w/o too much hassel.
Thanks.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Load-balancing can work, but you have to use BGP.
To use BGP between two ISP's, you have to own your own IP subnet, and get your own BGP AS number. This can get expensive (in the $15,000 range)
The ISP's will not enable OSPF on border routers.

One question is - do you have publicly accessible servers (ie. www, email, etc) that have a public IP address published in DNS? If yes, then you have other issues to deal with for the inbound (BGP fixes this, too).

Failover can work if you don't have any inbound traffic (except email which uses MX DNS records to provide easy failover), but you have to get creative with route-maps and double-nat situations. You might be able to use something like SAA probes and "track" commands along with the route maps. These are highly advanced router configurations and require Enterprise IOS.

A couple of alternatives:
Radware appliance: http://www.radware.com/content/products/lpb/default.asp
FatPipes appliance: http://www.fatpipeinc.com/xtreme/

The easiest, least expensive solution by far is to use the same ISP, but with T1 local loops from two different providers with diverse paths.
Even if you have two ISP's, and they both use the same local loop provider, your local loop may go through the same local provider switch and you have a great chance that if one goes down, so will the other.
Else, go with a different ISP that offers a better SLA and get two from them.
0
 
LVL 10

Expert Comment

by:ngravatt
Comment Utility
load balancing will provide fail over.  In OSPF, if the link goes down, the cost will go up, and the packets always choose the path with the lowest cost.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
While OSPF will by itself provide these capabilites, that only applies if you own both ends of both T1s.

I've never dealt with any ISP that will enable OSPF with a customer premesis border router. BGP is "the" protocol between customers and ISP's.
I've worked with AT&T, Sprint, MCI, XO, Global Crossing, Savvis, and many small regional ISP's. Without exception, they do not "do" OSPF or anything but BGP with a customer. Some will even charge extra for the BGP setup.
0
 
LVL 1

Author Comment

by:firstheartland
Comment Utility
Ok, I was looking at the FatPipe products. Will I not run into the same protocol problems here?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
No. With the FatPipes you don't have those issues to deal with.
0
 
LVL 1

Expert Comment

by:Musfa
Comment Utility
I would suggest getting another cisco 2600 series router (I have 2 2620 router). Plug each router with a T1 from different ISP. Enable BGP and then enable HSRP (Hot Standby Routing Protocol). You can not load balance but you will be able to load share a bit after some tweaking but its not perfect loadsharing either. Having two router gives you not only T1 redundancy but also router redundancy.

As far as the above OSPF is concerned, ISP won't let you redistribute routes into their tables. You can use OSPF internally but from you to ISP, its all BGP. The configurations are simple and i can post some if you need them.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Author Comment

by:firstheartland
Comment Utility
But how will having two different routers help with failover? I will have to reconfigure my firewall once one line goes down?? I mean I will not be abel to utilize both lines at the same time.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
HSRP creates a single 'virtual' ip address across both routers. HSRP provides failover only. It is not designed for load-balancing or load-sharing. Yes, you can fudge that a little in some cases by using mulitple hsrp addresses and have some users default gateway point to one virtual and others point to the other virtual. However, with these out in front of your pix, you can't do that.
0
 
LVL 1

Expert Comment

by:Musfa
Comment Utility
HSRP Creates a single virtual router out of two routers. Your firewall only knows the address of one router which is the virtual router. Using the HSRP, the cisco router keep heartbeat of each other and switch between themselves if the connection fails on one router.

What you do is that you give each router its own IP address. Then you define a virtual router IP address using HSRP in both routers and point your firewall towards that IP address. If one line goes down, HSRP switches over to other router with good line, the virtual IP address is maintained and your users don't see the connection drop except for a few seconds while the router switches over.

Both of your lines are in use, you can monitor them and then tweak BGP. But its not a true load balancing solution. Great redundancy solution but only minor load balancing solution. The Fat pipe and radware mentioned above will give load balancing/sharing, but from what i last read, fat pipe was limited to 2mbps and for radware, if you want HA (high availability) then you have to put two devices in. Usually at $4000+ for each device, thats expensive solution.

Load Sharing can be done using HSRP. Here is a document from cisco on Load Sharing using HSRP:
http://www.cisco.com/en/US/customer/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

But in your case, if you have a single firewall and all users behind that firewall then you won't be able to do sharing but only balancing by tweaking BGP. Even in BGP case, the traffic would flow more from the bigger provider i.e. in my network more traffic comes from spring then from qwest. Also you don't have control over return traffic but only outgoing traffic.



0
 
LVL 1

Author Comment

by:firstheartland
Comment Utility
Ok, lets say I buy another 2620, and enable HSRP between the two routers and assign a virutal IP.
We will be having some VPN clients sitting behind the routers and before the firewall. The clients will connect to the VPN serves in another location. The VPN traffic will be inbound and outbound, mostly outbound (connection will be initiated from both ends). What affect will this have if I enable HSRP. When the connection is inbound it will be targeted at an IP address.
I am asking becasue I found that FatPipe will not do loadbalancing or failover for the incomming VPN traffic, only interent traffic. They have what they call a dynamic DNS which is only helpful if the incomming traffic is pointing at a Domain Name rather than an IP address.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
0
 
LVL 1

Expert Comment

by:Musfa
Comment Utility
First, your virtual IP address is same no matter you connect from outside or inside. Next, the subnet that you are routing using BGP will be routed over both lines. BGP will take care of your IP routing, so if the VPN traffic can not come in from one ISP , BGP will send it through the other ISP. Your VPNs will not see the difference. Your IP addresses subnet will be announced as available from two networks and without tweaking, BGP will use the shortest path as given by the router. If not available, it will use the other path.

Fatpipe use DDNS instead of BGP. Its usually pitched as an alternative to BGP. But BGP is more powerful and very useful in VPN situation. I've the HQ VPN connecting multiple branches using ip address of the firewalls for point to point VPN and they are routed over BGP and HSRP without any problem.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
Any progress? Are you still working on this? Do you need more information?
0
 
LVL 1

Author Comment

by:firstheartland
Comment Utility
I am still trying to work things out and see what will be best.
I thank all of you for your input. If I have any further questions, I will post back on this thread.
Thanks.
0
 
LVL 1

Author Comment

by:firstheartland
Comment Utility
Ok,

I spoke with my ISP. They are willing to use BGP. So now I am getting another T1. I am going to use the 2600 (will add another T1 CSU/DSU card), and enable BGP.

Thanks all!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now