How to properly load balance two ISP's and two NATs
I currently have 2800 Series router connected to CEF by Destination balanced T1's and 2ndary provider Broadband Cable. I've configured 2 NAT out going ACL's one for each provider, and configured 3 static routes (2xt1's 1xcable).
At this point if I enable all lines/routes I end up with failed packets leaving the router and I'm 90% sure its due to NAT being applied to the wrong line. IE the Cable NAT applied on the T1 lines or the T1's NAT being applied to packets on the cable.
What is the proper configuration to allow for load balancing across two different providers with seperate NAT's? IF this isn't possible what is the proper configuration to allow for failover?
In both situations I end up running into failed packet transmission and I'm unsure as to how to proceed.
I can provide any data required beyond that listed below.
Thanks,
Postie.
At this point if I enable all lines/routes I end up with failed packets leaving the router and I'm 90% sure its due to NAT being applied to the wrong line. IE the Cable NAT applied on the T1 lines or the T1's NAT being applied to packets on the cable.
What is the proper configuration to allow for load balancing across two different providers with seperate NAT's? IF this isn't possible what is the proper configuration to allow for failover?
In both situations I end up running into failed packet transmission and I'm unsure as to how to proceed.
I can provide any data required beyond that listed below.
Thanks,
Postie.
ip route 0.0.0.0 0.0.0.0 Serial0/0/0:0 permanent - t1#1
ip route 0.0.0.0 0.0.0.0 Serial0/0/1:0 permanent - t1#2
ip route 0.0.0.0 0.0.0.0 gigabitethernet0/1 10 permanent - cable
ip nat inside source list ECCL1 interface Loopback0 overload - T1 NAT
ip nat inside source list ECCL2 interface GigabitEthernet0/1 overload -Cable NAT
ip access-list standard ECCL1 - T1 NAT
remark Company
remark SDM_ACL Category=2
permit 192.168.1.0 0.0.0.255
ip access-list standard ECCL2 - CABLE NAT
remark Company
remark SDM_ACL Category=2
permit 192.168.1.0 0.0.0.255
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good evening.
With the changes as listed above I can do extended pings out all interfaces without any lost traffic.
However if I ping extended using the loopback0 interface that is translated to the T1 provided IP range, I recieve an alternating .!.!. response from the test.
Also current continuous pings from a workstation inside the network to outside 4.2.2.2 see large amounts of failed pings, perhaps over 50%.
Pings to the router itself recieve no loss.
I removed the gigabit route and the NAT related too it and see the same data loss.
I'm reviewing ACLs now to make sure nothing else could be blocking the pings.
Thanks,
Post
Browsing on the internet and connectivity to remote sites along with incoming requests to mail server seem to be working fine. Strangely.
With the changes as listed above I can do extended pings out all interfaces without any lost traffic.
However if I ping extended using the loopback0 interface that is translated to the T1 provided IP range, I recieve an alternating .!.!. response from the test.
Also current continuous pings from a workstation inside the network to outside 4.2.2.2 see large amounts of failed pings, perhaps over 50%.
Pings to the router itself recieve no loss.
I removed the gigabit route and the NAT related too it and see the same data loss.
I'm reviewing ACLs now to make sure nothing else could be blocking the pings.
Thanks,
Post
Browsing on the internet and connectivity to remote sites along with incoming requests to mail server seem to be working fine. Strangely.
ip route 0.0.0.0 0.0.0.0 Serial0/0/1:0
ip route 0.0.0.0 0.0.0.0 Serial0/0/0:0
ip route 0.0.0.0 0.0.0.0 gigabitethernet0/1 10
ip nat inside source route-map cable interface GigabitEthernet0/1 overload
ip nat inside source route-map t1 interface Loopback0 overload
ip access-list standard ECCL1
remark Company
remark SDM_ACL Category=2
permit 192.168.1.0 0.0.0.255
ip access-list standard ECCL2
remark Company
remark SDM_ACL Category=2
permit 192.168.1.0 0.0.0.255
route-map t1 permit 10
match ip address ECCL1
match interface Serial0/0/0:0
!
route-map t1 permit 20
match ip address ECCL1
match interface Serial0/0/1:0
!
route-map cable permit 10
match ip address ECCL2
match interface GigabitEthernet0/1
Below is a sample ping from the PC: (actually one of the better batches)
Request timed out.
Request timed out.
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Request timed out.
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Request timed out.
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Request timed out.
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Reply from 4.2.2.2: bytes=32 time=18ms TTL=56
Request timed out.ASKER
Thanks for the info Working well!
ASKER
Excellent sir, I'll put that information into the router tonight and see what breaks!
Will let you know as soon as I know one way or another.
post