• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

Bonding 2 T1 lines

I am little baffled with the idea of bonding to t1 lines.

I have 1 T1 from AT&T and another from XO communications  

I have 1 cisco 2811 router with 2 wic cards.

Is this even possible with the equipment that i have?
0
Jiggens
Asked:
Jiggens
  • 9
  • 4
  • 3
  • +1
1 Solution
 
Andres PeralesCommented:
possible with your router, but your T1 lines would need to be terminated on the same router at your isp location.  You can not bond two t1's from separate providers.
0
 
kf4zmtCommented:
I agree with peralesa. In order to bond multiple T1s they must be provisioned from the same carrier.
0
 
JiggensAuthor Commented:
Well what are my options than?
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
JiggensAuthor Commented:
Would load balancing help any?
0
 
Andres PeralesCommented:
What are you trying to do?
0
 
kf4zmtCommented:
Its difficult to load balance in your situation unless you use BGP. What exactly are you trying to achieve with the two circuits? Fault tolerance? Load balancing? Increased bandwidth?

A possible solution to your question really depends on what you are trying to achieve.
0
 
JiggensAuthor Commented:
I want to increase bandwidth mainly.
0
 
Andres PeralesCommented:
You might be better off, getting with your service provider and getting new circuits with increased bandwidth and do a migration.
Even if you asked to bond two T1's the will not give you one T1 they will want to give you two new ones, with new IP's and all...
0
 
kf4zmtCommented:
The simplest solution to more bandwidth is to get two T1s from the same provider. If this isn't an option you might be able to load balance through your existing circuits by doing some "creative" router configs. I really don't recommend do this as its bound to create problems in the future.

A couple of T1s from the same carrier really is your best bet.
0
 
JFrederick29Commented:
First off, are these Internet T1's?  Is the 2811 doing NAT?  If so, you can use the following config to achieve load balancing of both T1's.

                 
ip nat inside source route-map xo interface serial0/0/0 overload  <--specify XO T1 interface                
ip nat inside source route-map att interface serial0/1/0 overload  <--specify ATT T1 interface            

access-list 1 permit 192.168.0.0 0.0.0.255     <--specify your LAN subnets                                
access-list 2 permit 192.168.0.0 0.0.0.255     <--specify your LAN subnets  

route-map xo permit 10
 match ip address 1
 match interface Serial0/0/0  <--again specify the XO T1 interface

route-map att permit 10
 match ip address 2
 match interface Serial0/1/0   <--again specify the ATT T1 interface

ip route 0.0.0.0 0.0.0.0 x.x.x.x    <--where x.x.x.x is the next hop to XO
ip route 0.0.0.0 0.0.0.0 y.y.y.y    <--where y.y.y.y is the next hop to ATT
0
 
JiggensAuthor Commented:
Its not using NAT yet.  This is a new router configuration but i will give it a try.

thanks,
0
 
JiggensAuthor Commented:
What is the correct  way to setup the NAT.  I am using NAT on my sonic wall though
0
 
JFrederick29Commented:
Okay, well that is an issue.  The NAT load balancing won't work unless you moved your NAT to the router (off the Sonicwall) but that probably isn't ideal for your situation.

The fundamental problem with the T1's being from different providers is you can't bond them or achieve both inbound and outbound load balancing.  Plus in a failover situation, unless you change the NAT on the Sonicwall to the other ISP address space, your return traffic will never get back to you unless you were to run BGP with both providers and announce both ISP blocks of addresses to both ISP's.  With BGP, you can achieve load balancing.  If you truly don't need the ISP redundancy, you are better off getting two T1's from one ISP and either having them bond them or work with you to do MLPPP or equal cost routing to achieve inbound and outbound load balancing.
0
 
JiggensAuthor Commented:
I agree, that having them from the same ISP would be ideal, but it will not work because unfortunately the configuration with XO is under contract and i cant afford to get another t1 from the other provider quite yet.

I have been having problems off and on with XO.  Do you think if i move my NAT to my Router that would better.  I can do that, that is not a problem.  I just want to still use the content filtering with my sonicwall still and other services that i have on it.

Is that possible?
0
 
JFrederick29Commented:
What services other than Content Filtering are you running?  VPN?  Do you have inbound connections to servers (web, email, etc...) from the Internet?

In the end, if you are having problems with XO, you may just want to change your NAT statement(s) on the Sonicwall to AT&T address space.  You can then route outbound and inbound using the AT&T T1.  In a pinch, you can failover to the XO T1 manually.  I know you would like to utilize both T1's but in the end, you can only control outbound load balancing and that may not even work as XO may filter traffic sourced with an AT&T IP address and vice versa.  Moving NAT to the router will take care this issue but may overly complicate things depending on what you are doing with the Sonicwall.  Are you utilizing all the T1 bandwidth currently? or is it just a matter of "I am paying for the XO T1, I would like to use it" situation?
0
 
JiggensAuthor Commented:
Thanks for getting back to me so quickly.

I am using VPN and Content Filtering.  all in all i would like to do away with the sonicwall but the content filtering is bought a paid for.  and like you said i want to utilize what i have with my 2 T1s .  

As for servers i have a Webserver and EXchange  that will need NAT for.  I am using my bandwidth right now and i would like to use both T1s so i can optimize my network a little more.
0
 
JFrederick29Commented:
This looks like a possibility...

http://www.sonicwall.com/downloads/Configuring_WAN_Failover_SonicOS_Enhanced.pdf

Do you have the enhanced license on the Sonicwall?  Looks like you can achieve the same functionality on the Sonicwall as the "NAT Load Balancing" on the router using the WAN Failover feature.  Looks like you can setup an active/active configuration and it should take care of the NAT portion.  You would need to connect one interface on the Sonicwall (AT&T IP address) to one FastEthernet port on the 2811 and a second interface on the Sonicwall (XO IP address) to the second FastEthernet port on the 2811.  Policy routing on the 2811 could then take care of the proper outbound routing.  The only caveat is the Sonicwall has no knowledge of the health of the two T1's so redundancy may not be the greatest with this setup (manual), i.e. if the XO T1 goes down, you would need to manually "shutdown" the FastEthernet port connected to the XO Sonicwall interface so all traffic goes out the ATT T1.

You can do NAT on the 2811 and turn NAT off on the Sonicwall.  You can readdress the Sonicwall external interface to a private IP address and setup routing on the Cisco to reach the internal networks.  You get better redundancy with this method but need to be comfortable with NAT on the 2811.
0
 
JiggensAuthor Commented:
JFred,

You have been a great help, thank you so much.  I might need some help so i will open another case.

Thanks again,


Cory
0
 
JiggensAuthor Commented:
Awesome Job!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 9
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now