Solved

Load balancing 4x ADSL MAX Lines on a Cisco 2811 Router

Posted on 2008-09-29
8
1,748 Views
Last Modified: 2013-12-14
Hi there,

Basically what it says in the title, I'm completely new to this whole subject and I'm looking to get all 4 lines load balancing effectively.
I've got one friend who has taken a look at the server to no full solution.

My current config is as follows:

sh run
Building configuration...

Current configuration : 5098 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname **
!
boot-start-marker
boot system flash c2800nm-ipbase-mz.124-8a.bin
boot-end-marker
!
logging buffered 8192 debugging
enable password **
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
ip name-server 135.196.0.6
ip name-server 135.196.0.14
!
username admin password 0 **
!
!
track 1 interface ATM0/0/0 line-protocol
!
track 2 interface ATM0/1/0 line-protocol
!
track 3 interface ATM0/2/0 line-protocol
!
track 4 interface ATM0/3/0 line-protocol
!
!
interface Loopback0
 ip address 92.*.*.* 255.255.255.255
 shutdown
!
interface FastEthernet0/0
 description Customer LAN$ETH-LAN$
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Backup Interface (Unused)
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface ATM0/3/0
 description ADSL connection
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 4
 !
!
interface Dialer1
 description PPP for ATM0/0/0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer2
 description PPP for ATM0/1/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 2
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer3
 description PPP for ATM0/2/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 3
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
interface Dialer4
 description PPP for ATM0/3/0
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 shutdown
 dialer pool 4
 dialer idle-timeout 0
 dialer persistent
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname **
 ppp chap password 0 **
!
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
ip route 0.0.0.0 0.0.0.0 Dialer3 track 3
ip route 0.0.0.0 0.0.0.0 Dialer4 track 4
ip dns server
!
no ip http server
ip nat translation timeout 600
ip nat inside source route-map line1 interface Dialer1 overload
ip nat inside source route-map line2 interface Dialer2 overload
ip nat inside source route-map line3 interface Dialer3 overload
ip nat inside source route-map line4 interface Dialer4 overload
ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable
ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable
ip nat inside source static tcp 10.0.0.217 80 92.*.*.* 80 extendable
ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable
ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable
!
access-list 15 permit 192.168.50.0 0.0.0.255
access-list 15 permit 192.168.33.0 0.0.0.255
access-list 15 permit 10.0.0.0 0.0.0.255
access-list 15 permit 10.0.1.0 0.0.0.255
snmp-server community ** RO
no cdp run
route-map line4 permit 10
 match ip address 15
 match interface Dialer4
!
route-map line2 permit 10
 match ip address 15
 match interface Dialer2
!
route-map line3 permit 10
 match ip address 15
 match interface Dialer3
!
route-map line1 permit 10
 match ip address 15
 match interface Dialer1
!
!
control-plane
!
banner login ^CC
** Authorised Users Only **
^C
!
line con 0
 login local
 transport output none
line aux 0
 transport output none
line vty 0 4
 login local
 transport output all
line vty 5 15
 login local
 transport output none
!
scheduler allocate 20000 1000
!
end

----------

As I say, please excuse my lack of knowledge I'm only just delving into the world of cisco! I'm just looking to be able to either attempt some solutions myself, or pass the suggestions onto someone more able than myself!
Thanks in advance.
0
Comment
Question by:espoke
  • 4
  • 4
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
route-map MYMAP1 permit 10
 match ip address 15
 match interface Dialer4
!
route-map MYMAP1 permit 20
 match ip address 15
 match interface Dialer2
!
route-map MYMAP1 permit 30
 match ip address 15
 match interface Dialer3
!
route-map MYMAP1 permit 40
 match ip address 15
 match interface Dialer1
!
Interface FastEthernet0/0
 ip policy route-map MYMAP1
Interface FastEthernet0/1
 ip policy route-map MYMAP1

If that doesn't work, I would take it a step further:
access-list 16 permit 10.0.0.0 0.0.0.255
access-list 17 permit 10.0.0.0 0.0.0.255
access-list 18 permit 10.0.0.0 0.0.0.255
access-list 19 permit 10.0.0.0 0.0.0.255

access-list 10 permit 10.0.1.0 0.0.0.255
access-list 11 permit 10.0.1.0 0.0.0.255
access-list 12 permit 10.0.1.0 0.0.0.255
access-list 13 permit 10.0.1.0 0.0.0.255

route-map MYMAP1 permit 10
 match ip address 16
 match interface Dialer4
!
route-map MYMAP1 permit 20
 match ip address 17
 match interface Dialer2
!
route-map MYMAP1 permit 30
 match ip address 18
 match interface Dialer3
!
route-map MYMAP1 permit 40
 match ip address 19
 match interface Dialer1


route-map MYMAP2 permit 10
 match ip address 10
 match interface Dialer4
!
route-map MYMAP2 permit 20
 match ip address 11
 match interface Dialer2
!
route-map MYMAP2 permit 30
 match ip address 12
 match interface Dialer3
!
route-map MYMAP2 permit 40
 match ip address 13
 match interface Dialer1

Interface FastEthernet0/0
 ip policy route-map MYMAP1

Interface FastEthernet0/1
 ip policy route-map MYMAP2

0
 

Author Comment

by:espoke
Comment Utility
Hi there,

Apologies but is it possible you could explain the above configuration a bit further? As far as I gather won't it just stick all traffic down the first one..being dialer4?

The issues we were having is that it's just not working when we either bind the 4 ATM interfaces to 1 Dialer, OR bring all 4 dialers up with the 4 seperate interfaces, there's just ridiculous packet loss.
Maybe you or someone else may be able to advise me?

Thankyou.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
Also don't use the match interface DialerX lines in your existing route-maps..
Your existing route-maps determine which networks are being natted to which interfaces.
With all default routes same cost, you may be getting poor performance because of per-packet load sharing behavior

What I'm trying to do is match traffic multiple times, then using the policy based routing, send that traffic out multiple interfaces. The policy is applied to the LAN interfaces as it comes into the router.

I also think there's a better way than what I posted last night. Instead of the instances of "match interface Dialerx" in each section, use "set default interface Dialerx" as demonstrated below.

First, try enabling IP CEF
It is a simple global command that changes the per-packet load sharing to a per-destination scenario
  ip cef

If that does not help, then apply the route-maps as below..


route-map MYMAP1 permit 10

 match ip address 16

 set default interface Dialer4

!

route-map MYMAP1 permit 20

 match ip address 17

 set default interface Dialer2

!

route-map MYMAP1 permit 30

 match ip address 18

 set default interface Dialer3

!

route-map MYMAP1 permit 40

 match ip address 19

 set default interface Dialer1
 
 

route-map MYMAP2 permit 10

 match ip address 10

 set default interface Dialer4

!

route-map MYMAP2 permit 20

 match ip address 11

 set default interface Dialer2

!

route-map MYMAP2 permit 30

 match ip address 12

 set default interface Dialer3

!

route-map MYMAP2 permit 40

 match ip address 13

 set default interface Dialer1
 

Interface FastEthernet0/0

 ip policy route-map MYMAP1
 

Interface FastEthernet0/1

 ip policy route-map MYMAP2

Open in new window

0
 

Author Comment

by:espoke
Comment Utility
Thanks lrmoore, I'll give it a go now and get back to you
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:espoke
Comment Utility
Still got the issue with packet loss, whenever we bring up another dialer interface there's 50% packet loss.
Hmm...
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Sounds like it is still trying to do per-packet load balancing...
0
 

Author Comment

by:espoke
Comment Utility
Me again!

I've just been speaking to the guy that's working on the router, he tried to implement the route maps you said above but I believe changed it in the end because it still wasn't working effectively.
What he has changed is the access-list apparently it was set to standard and has now changed it to extendable which has helped a great deal.
It seems to be load balancing the 3 lines we have up (other one is setup on a static route so that we can work on the router)...

I've pased the config, interface summaries and nat statistics. So yeah, it does seem to be load balancing the lines.....by the looks of it, not too effectively, but then that might just be because not many people are using it.
The problem we're now having is that pinging outside in to any of the IP's that are up, we're getting about 65-70% packet loss.
Where as from the router to outside it's perfect, 100%.

Have you any idea why it would be doing this with the config shown? Also if you have any advice on the load balancing side.

Thank you expert(s)!
on 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname **

!

boot-start-marker

boot system flash c2800nm-spservicesk9-mz.124-3g.bin

boot-end-marker

!

logging buffered 8192 debugging

enable password **

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

!

ip cef

!

!

ip name-server 135.196.0.6

ip name-server 135.196.0.14

!

voice-card 0

 no dspfarm

!

!

!

!

!

!

!

!         

!

!

!

!

!

!

username admin password 0 **

!

!

track 1 interface ATM0/0/0 line-protocol

!

track 2 interface ATM0/1/0 line-protocol

!

track 3 interface ATM0/2/0 line-protocol

!

track 4 interface ATM0/3/0 line-protocol

!

!

!

interface FastEthernet0/0

 description Customer LAN$ETH-LAN$

 ip address 10.0.0.1 255.255.255.0

 ip nat inside

 duplex auto

 speed auto

!

interface FastEthernet0/1

 description Backup Interface (Unused)

 ip address 10.0.1.1 255.255.255.0

 ip nat inside

 shutdown

 duplex auto

 speed auto

!

interface ATM0/0/0

 description ADSL connection to Exa Networks

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto 

 pvc 0/38 

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

 !

!

interface ATM0/1/0

 description ADSL connection to Exa Networks

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto 

 pvc 0/38 

  encapsulation aal5mux ppp dialer

  dialer pool-member 2

 !

!

interface ATM0/2/0

 description ADSL connection to Exa Networks

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto 

 pvc 0/38 

  encapsulation aal5mux ppp dialer

  dialer pool-member 3

 !

!

interface ATM0/3/0

 description ADSL connection to Exa Networks

 no ip address

 no atm ilmi-keepalive

 dsl operating-mode auto 

 pvc 0/38 

  encapsulation aal5mux ppp dialer

  dialer pool-member 4

 !

!

interface Dialer1

 description PPP for ATM0/0/0

 ip address negotiated

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside

 encapsulation ppp

 dialer pool 1

 dialer idle-timeout 0

 dialer persistent

 no cdp enable

 ppp authentication chap callin

 ppp chap hostname **

 ppp chap password 0 **

!

interface Dialer2

 description PPP for ATM0/1/0

 ip address negotiated

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside

 encapsulation ppp

 dialer pool 2

 dialer idle-timeout 0

 dialer persistent

 no cdp enable

 ppp authentication chap callin

 ppp chap hostname **

 ppp chap password 0 **

!

interface Dialer3

 description PPP for ATM0/2/0

 ip address negotiated

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside

 encapsulation ppp

 dialer pool 3

 dialer idle-timeout 0

 dialer persistent

 no cdp enable

 ppp authentication chap callin

 ppp chap hostname **

 ppp chap password 0 **

!

interface Dialer4

 description PPP for ATM0/3/0

 ip address negotiated

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip nat outside

 encapsulation ppp

 dialer pool 4

 dialer idle-timeout 0

 dialer persistent

 no cdp enable

 ppp authentication chap callin

 ppp chap hostname **

 ppp chap password 0 **

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1 track 1

ip route 0.0.0.0 0.0.0.0 Dialer2 track 2

ip route 0.0.0.0 0.0.0.0 Dialer3 track 3

ip route 213.230.209.0 255.255.255.0 Dialer4

!

ip dns server

!

ip http server

no ip http secure-server

ip nat inside source route-map di1 interface Dialer1 overload

ip nat inside source route-map di2 interface Dialer2 overload

ip nat inside source route-map di3 interface Dialer3 overload

ip nat inside source static tcp 10.0.0.217 80 92.*.*.* 80 extendable

ip nat inside source static udp 10.0.0.217 161 92.*.*.* 161 extendable

ip nat inside source static tcp 10.0.0.217 1300 92.*.*.* 1300 extendable

ip nat inside source static tcp 10.0.0.217 2210 92.*.*.* 2210 extendable

ip nat inside source static tcp 10.0.0.2 4444 92.*.*.* 4444 extendable

ip nat inside source static tcp 10.0.0.217 8291 92.*.*.* 8291 extendable

!

access-list 115 permit ip 192.168.0.0 0.0.255.255 any

access-list 115 permit ip 10.0.0.0 0.0.0.255 any

access-list 115 permit ip 10.0.1.0 0.0.0.255 any

snmp-server community ** RO

no cdp run

route-map di1 permit 10

 match ip address 115

 match interface Dialer1

!

route-map di3 permit 10

 match ip address 115

 match interface Dialer3

!

route-map di2 permit 10

 match ip address 115

 match interface Dialer2

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

banner login ^CC

** Authorised Users Only **

^C

!

line con 0

 login local

 transport output none

line aux 0

 transport output none

line vty 0

 logging synchronous

 login local

 transport output all

line vty 1 4

 logging synchronous

 login local

 transport output none

line vty 5 15

 logging synchronous

 login local

 transport output none

!

scheduler allocate 20000 1000

!

end
 
 
 

Interface Summaries
 

* ATM0/0/0                 0     0    0     0 2414000  240 62000  105    0

* ATM0/1/0                 0     0    0     0 1124000  139 232000  118    0

* ATM0/2/0                 0     0    0     0 1044000  108 60000   69    0
 
 
 

NAT Statistics
 

[Id: 14] route-map di1 interface Dialer1 refcount 262

[Id: 15] route-map di2 interface Dialer2 refcount 619

[Id: 16] route-map di3 interface Dialer3 refcount 204

Open in new window

0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Looks like it is working as designed. I have a note to self about the extended acl vs standard acl...
That's about as close to perfect load sharing as you'll ever get with this type setup. The CEF is balancing on a per-connection bases. Some connections are downloads, some connections are quick dns querries or web page hits. For true load balancing, you have to own both ends of all 4 links, or the ISP has to support multilink PPP.
The inbound pings probably get lost as the router responds to them and load-shares the responses, so when replies come back from the wrong IP, they get lost.

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now