Solved

Load balancing 4x ADSL MAX Lines on a Cisco 2811 Router

Posted on 2008-09-29
8
1,776 Views
Last Modified: 2013-12-14
Hi there,

Basically what it says in the title, I'm completely new to this whole subject and I'm looking to get all 4 lines load balancing effectively.
I've got one friend who has taken a look at the server to no full solution.

My current config is as follows:

sh run
Building configuration...

Current configuration : 5098 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname **
!
boot-start-marker
boot system flash c2800nm-ipbase-mz.124-8a.bin
boot-end-marker
!
logging buffered 8192 debugging
enable password **
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
ip name-server 135.196.0.6
ip name-server 135.196.0.14
!
username admin password 0 **
!
!
track 1 interface ATM0/0/0 line-protocol
!
track 2 interface ATM0/1/0 line-protocol
!
track 3 interface ATM0/2/0 line-protocol
!
track 4 interface ATM0/3/0 line-protocol
!
!
interface Loopback0
 ip address 92.*.*.* 255.255.255.255
 shutdown
!
interface FastEthernet0/0
 description Customer LAN$ETH-LAN$
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Backup Interface (Unused)
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface ATM0/3/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 4
 !
!
interface Dialer1
 description PPP for ATM0/0/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer2
 description PPP for ATM0/1/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 2
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer3
 description PPP for ATM0/2/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 3
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer4
 description PPP for ATM0/3/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 4
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
ip route 0.0.0.0 0.0.0.0 Dialer3 track 3
ip route 0.0.0.0 0.0.0.0 Dialer4 track 4
ip dns server
!
no ip http server
ip nat translation timeout 600
ip nat inside source route-map line1 interface Dialer1 overload
ip nat inside source route-map line2 interface Dialer2 overload
ip nat inside source route-map line3 interface Dialer3 overload
ip nat inside source route-map line4 interface Dialer4 overload
ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable
ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable
ip nat inside source static tcp 10.0.0.217 80 92.*.*.* 80 extendable
ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable
ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable
!
access-list 15 permit 192.168.50.0 0.0.0.255
access-list 15 permit 192.168.33.0 0.0.0.255
access-list 15 permit 10.0.0.0 0.0.0.255
access-list 15 permit 10.0.1.0 0.0.0.255
snmp-server community ** RO
no cdp run
route-map line4 permit 10
 match ip address 15
 match interface Dialer4
!
route-map line2 permit 10
 match ip address 15
 match interface Dialer2
!
route-map line3 permit 10
 match ip address 15
 match interface Dialer3
!
route-map line1 permit 10
 match ip address 15
 match interface Dialer1
!
!
control-plane
!
banner login ^CC
** Authorised Users Only **
^C
!
line con 0
 login local
 transport output none
line aux 0
 transport output none
line vty 0 4
 login local
 transport output all
line vty 5 15
 login local
 transport output none
!
scheduler allocate 20000 1000
!
end

----------

As I say, please excuse my lack of knowledge I'm only just delving into the world of cisco! I'm just looking to be able to either attempt some solutions myself, or pass the suggestions onto someone more able than myself!
Thanks in advance.
0
Comment
Question by:espoke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22602599
route-map MYMAP1 permit 10
 match ip address 15
 match interface Dialer4
!
route-map MYMAP1 permit 20
 match ip address 15
 match interface Dialer2
!
route-map MYMAP1 permit 30
 match ip address 15
 match interface Dialer3
!
route-map MYMAP1 permit 40
 match ip address 15
 match interface Dialer1
!
Interface FastEthernet0/0
 ip policy route-map MYMAP1
Interface FastEthernet0/1
 ip policy route-map MYMAP1

If that doesn't work, I would take it a step further:
access-list 16 permit 10.0.0.0 0.0.0.255
access-list 17 permit 10.0.0.0 0.0.0.255
access-list 18 permit 10.0.0.0 0.0.0.255
access-list 19 permit 10.0.0.0 0.0.0.255

access-list 10 permit 10.0.1.0 0.0.0.255
access-list 11 permit 10.0.1.0 0.0.0.255
access-list 12 permit 10.0.1.0 0.0.0.255
access-list 13 permit 10.0.1.0 0.0.0.255

route-map MYMAP1 permit 10
 match ip address 16
 match interface Dialer4
!
route-map MYMAP1 permit 20
 match ip address 17
 match interface Dialer2
!
route-map MYMAP1 permit 30
 match ip address 18
 match interface Dialer3
!
route-map MYMAP1 permit 40
 match ip address 19
 match interface Dialer1


route-map MYMAP2 permit 10
 match ip address 10
 match interface Dialer4
!
route-map MYMAP2 permit 20
 match ip address 11
 match interface Dialer2
!
route-map MYMAP2 permit 30
 match ip address 12
 match interface Dialer3
!
route-map MYMAP2 permit 40
 match ip address 13
 match interface Dialer1

Interface FastEthernet0/0
 ip policy route-map MYMAP1

Interface FastEthernet0/1
 ip policy route-map MYMAP2

0
 

Author Comment

by:espoke
ID: 22604220
Hi there,

Apologies but is it possible you could explain the above configuration a bit further? As far as I gather won't it just stick all traffic down the first one..being dialer4?

The issues we were having is that it's just not working when we either bind the 4 ATM interfaces to 1 Dialer, OR bring all 4 dialers up with the 4 seperate interfaces, there's just ridiculous packet loss.
Maybe you or someone else may be able to advise me?

Thankyou.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22605291
Also don't use the match interface DialerX lines in your existing route-maps..
Your existing route-maps determine which networks are being natted to which interfaces.
With all default routes same cost, you may be getting poor performance because of per-packet load sharing behavior

What I'm trying to do is match traffic multiple times, then using the policy based routing, send that traffic out multiple interfaces. The policy is applied to the LAN interfaces as it comes into the router.

I also think there's a better way than what I posted last night. Instead of the instances of "match interface Dialerx" in each section, use "set default interface Dialerx" as demonstrated below.

First, try enabling IP CEF
It is a simple global command that changes the per-packet load sharing to a per-destination scenario
  ip cef

If that does not help, then apply the route-maps as below..


route-map MYMAP1 permit 10
 match ip address 16
 set default interface Dialer4
!
route-map MYMAP1 permit 20
 match ip address 17
 set default interface Dialer2
!
route-map MYMAP1 permit 30
 match ip address 18
 set default interface Dialer3
!
route-map MYMAP1 permit 40
 match ip address 19
 set default interface Dialer1
 
 
route-map MYMAP2 permit 10
 match ip address 10
 set default interface Dialer4
!
route-map MYMAP2 permit 20
 match ip address 11
 set default interface Dialer2
!
route-map MYMAP2 permit 30
 match ip address 12
 set default interface Dialer3
!
route-map MYMAP2 permit 40
 match ip address 13
 set default interface Dialer1
 
Interface FastEthernet0/0
 ip policy route-map MYMAP1
 
Interface FastEthernet0/1
 ip policy route-map MYMAP2

Open in new window

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:espoke
ID: 22605843
Thanks lrmoore, I'll give it a go now and get back to you
0
 

Author Comment

by:espoke
ID: 22606967
Still got the issue with packet loss, whenever we bring up another dialer interface there's 50% packet loss.
Hmm...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22607441
Sounds like it is still trying to do per-packet load balancing...
0
 

Author Comment

by:espoke
ID: 22620255
Me again!

I've just been speaking to the guy that's working on the router, he tried to implement the route maps you said above but I believe changed it in the end because it still wasn't working effectively.
What he has changed is the access-list apparently it was set to standard and has now changed it to extendable which has helped a great deal.
It seems to be load balancing the 3 lines we have up (other one is setup on a static route so that we can work on the router)...

I've pased the config, interface summaries and nat statistics. So yeah, it does seem to be load balancing the lines.....by the looks of it, not too effectively, but then that might just be because not many people are using it.
The problem we're now having is that pinging outside in to any of the IP's that are up, we're getting about 65-70% packet loss.
Where as from the router to outside it's perfect, 100%.

Have you any idea why it would be doing this with the config shown? Also if you have any advice on the load balancing side.

Thank you expert(s)!
on 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname **
!
boot-start-marker
boot system flash c2800nm-spservicesk9-mz.124-3g.bin
boot-end-marker
!
logging buffered 8192 debugging
enable password **
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
ip name-server 135.196.0.6
ip name-server 135.196.0.14
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!         
!
!
!
!
!
!
username admin password 0 **
!
!
track 1 interface ATM0/0/0 line-protocol
!
track 2 interface ATM0/1/0 line-protocol
!
track 3 interface ATM0/2/0 line-protocol
!
track 4 interface ATM0/3/0 line-protocol
!
!
!
interface FastEthernet0/0
 description Customer LAN$ETH-LAN$
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Backup Interface (Unused)
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 description ADSL connection to Exa Networks
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 description ADSL connection to Exa Networks
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 description ADSL connection to Exa Networks
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface ATM0/3/0
 description ADSL connection to Exa Networks
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 4
 !
!
interface Dialer1
 description PPP for ATM0/0/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer2
 description PPP for ATM0/1/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 2
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer3
 description PPP for ATM0/2/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 3
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer4
 description PPP for ATM0/3/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 4
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
ip route 0.0.0.0 0.0.0.0 Dialer3 track 3
ip route 213.230.209.0 255.255.255.0 Dialer4
!
ip dns server
!
ip http server
no ip http secure-server
ip nat inside source route-map di1 interface Dialer1 overload
ip nat inside source route-map di2 interface Dialer2 overload
ip nat inside source route-map di3 interface Dialer3 overload
ip nat inside source static tcp 10.0.0.217 80 92.*.*.* 80 extendable
ip nat inside source static udp 10.0.0.217 161 92.*.*.* 161 extendable
ip nat inside source static tcp 10.0.0.217 1300 92.*.*.* 1300 extendable
ip nat inside source static tcp 10.0.0.217 2210 92.*.*.* 2210 extendable
ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable
ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable
!
access-list 115 permit ip 192.168.0.0 0.0.255.255 any
access-list 115 permit ip 10.0.0.0 0.0.0.255 any
access-list 115 permit ip 10.0.1.0 0.0.0.255 any
snmp-server community ** RO
no cdp run
route-map di1 permit 10
 match ip address 115
 match interface Dialer1
!
route-map di3 permit 10
 match ip address 115
 match interface Dialer3
!
route-map di2 permit 10
 match ip address 115
 match interface Dialer2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CC
** Authorised Users Only **
^C
!
line con 0
 login local
 transport output none
line aux 0
 transport output none
line vty 0
 logging synchronous
 login local
 transport output all
line vty 1 4
 logging synchronous
 login local
 transport output none
line vty 5 15
 logging synchronous
 login local
 transport output none
!
scheduler allocate 20000 1000
!
end
 
 
 
Interface Summaries
 
* ATM0/0/0                 0     0    0     0 2414000  240 62000  105    0
* ATM0/1/0                 0     0    0     0 1124000  139 232000  118    0
* ATM0/2/0                 0     0    0     0 1044000  108 60000   69    0
 
 
 
NAT Statistics
 
[Id: 14] route-map di1 interface Dialer1 refcount 262
[Id: 15] route-map di2 interface Dialer2 refcount 619
[Id: 16] route-map di3 interface Dialer3 refcount 204

Open in new window

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22620503
Looks like it is working as designed. I have a note to self about the extended acl vs standard acl...
That's about as close to perfect load sharing as you'll ever get with this type setup. The CEF is balancing on a per-connection bases. Some connections are downloads, some connections are quick dns querries or web page hits. For true load balancing, you have to own both ends of all 4 links, or the ISP has to support multilink PPP.
The inbound pings probably get lost as the router responds to them and load-shares the responses, so when replies come back from the wrong IP, they get lost.

0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question