Solved

Setup Cisco router with two ISP (active -active)

Posted on 2014-12-23
17
921 Views
1 Endorsement
Last Modified: 2015-01-04
Hello Experts,

We have two ISP. the first ISP is providing our company internet using our IP range (185.X.X.X). and second ISP use his IP rage (Y.Y.Y.Y) to provide us internet. we use Cisco router 2801.My questions are

1- What configuration I need to do to publish our rang (185.X.X.X) to other networks. Do I need to use OSPF or another protocol and what configuration I need to do that

2- I need to combine both ISP  (185.X.X.X) and (Y.Y.Y.Y) in the router. And I need both service to work together as (Active -Active). I mean I do not want to use (Active-Passive) . I need to be able to use both service at same time (one service is 15 M and second one is 20 M) so when user work I need to use all 35 M.

Any help will be appreciate

Regards
1
Comment
Question by:maryam_adnan
  • 6
  • 6
  • 2
  • +2
17 Comments
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40516267
Check with your ISP what can be done, I guess you don't have your own AS number yet (your ISP already advertises your IP range to internet).
In case that you can advertise your IP range to internet:
1. You need BGP not OSPF
2. With BGP both your routes will be active, and routers can advertise both your networks to internet, but check do you have enough memory and processing power on your router to have whole internet routing table (I am not sure, but I don't think that 2801 is not good enough router for this). So, you will probably need your ISP to filter routing table for you..
So... check your possibilities with your ISP.
0
 
LVL 4

Assisted Solution

by:askincakir
askincakir earned 250 total points
ID: 40516318
Hi,

1-) Internet routing protocol is BGP. You definately have to use it.
2-) To use Active Active you need to get another /24 ip address range and add it to your BGP AS number.
3-) To use active active you need to do some configurations on your BGP protocol as a AS-PATH prepending.
    your first block ip address will be annonced better from ISP1 and the orher ip address block will be annonced better from ISP-2. Then some of your systems will use block 1 ip address, and the other will use block 2 ip address.
From my experience you can use active active but traffic  is not always %50-%50 equal load balanced.

About device you need to use: if you need full BGP table ( which in your situation may be good) you need at least 4GB ram router. I suggest you to get Cisco 3900 series router and you should check the ram amount.
As far as i remember full BGP table contains more than 500.000 routes amd 7 Million paths.

Br,
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40516357
I don't think you need BGP.  Here why:

There are a few scenarios where BGP is called for. Here are the significant ones:
A) multiple internet connections (this one is a requirement since without two connections, there's no benefit to BGP).
Then you have to need at least one of the following:
B) you want traffic to transit your AS,
C) you want to provide optimal routing to the destination outside your AS and
D) you want to control how traffic enters your AS.

In your case, while you have two connections, you don't need any of the other benefits.

So here's how I would do it.

Create static, default routes for both connections. Assign a higher administrative distance to one to make it preferred.

Use object tracking so that in the event of a failure with the preferred route, all traffic will use the functional link.

If you want to use both links, setup PBR (Policy Based Routing) to identify certain traffic to prefer one connection over the other.  For example, you could specify that traffic from certain networks use ISP1 while others use ISP2.  Or you could do it by traffic type.  Web browsing and email uses ISP1 while all other traffic uses ISP2.

SLA Object tracking
Configuring PBR
0
 

Author Comment

by:maryam_adnan
ID: 40516450
Hello Experts,
Thank you for all replies. Please here is my scenario

ISP1 (our Range we need to announced it 185.55.X.X/24)-----
                                                                                      Cisco Router 2801------Internal network 192.168.0.0
ISP2 (ISP Range it is announced by ISP2 (Y.Y.Y.Y)----------------
 
ISP1-- must announced in our router and we have block (/24) (we have AS number)
ISP2-- we have just (10 Public IP address provide from ISP2) it is already announced by ISP2

Need Active-Active (Both connection use at same time)

Can any one help me with configuration step by step

Regards
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40516453
@Don - I think the OP mentions using their own IP range.
We have two ISP. the first ISP is providing our company internet using our IP range (185.X.X.X)
If that's the case, BGP will need to be used to advertise to ISP-B.  We should probably clarify this.

@maryam_adnan - When you say "our IP range", do you mean you have a BGP AS and some PI address space, or do you just mean that ISP-A gave you a block of IPv4 addresses to use?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40516458
^^^ just beat me to it...

So we do have an AS to distribute.

In that case ISP-B will need to do some sort of BGP with you in order to learn your /24.  If you don't do this you'll get outbound redundancy at best.
0
 

Author Comment

by:maryam_adnan
ID: 40516465
Hello craigbeck,

Thank you for your reply.

1- ISP1- We have AS and our range is (185.55.X.X/4). We bought this range and must be announced in our router
2- ISP2- We do not have AS (we have just 10 IP public IP address from our ISP2 )

Regards
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40516467
Thanks, maryam_adnan.

I posted just as you were summarizing a few minutes ago, but ISP-B will need to do some sort of BGP with you in order to learn your /24.  If you don't do this you'll only get outbound redundancy/load-balancing.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 50

Expert Comment

by:Don Johnston
ID: 40516469
Or... you could ask ISP-B to advertise your AS (without using BGP).
0
 

Author Comment

by:maryam_adnan
ID: 40516473
Hello craigbeck,

Thank you so much for your reply.

Please can you guide me what configuration I need to do in our router. Step by step. any example will help. How I announced our Range- how I configure BGP - How I configure route

what configuration that must done in ISP2

Regards
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40516573
Hmmm - I don't think ISPs are allowed to statically advertise a route for a subnet that they don't own unless it's been dynamically learned from the AS that owns the range.  I'm sure that would be classed as IP hijacking, and thinking about it that would also remove a lot of the control from you in terms of routing anyway.
0
 

Author Comment

by:maryam_adnan
ID: 40516619
Hello,

I think the best way is to do that is announced our range in our router. But I need help with configuration to accomplish this job. Are there any document help with it

Regards
0
 

Author Comment

by:maryam_adnan
ID: 40517929
Hello Experts,

Please below my configuration in my router for ISP1 which is our network and we announced it and its work. I test it. Now I need to add ISP2 to router and make them work together. what configuration I need to add to my router

Any help will be very appreciate

Regards

interface FastEthernet0/0
 ip address 10.15.X.X 255.255.255.252 secondary
 ip address 10.15.Y.Y 255.255.255.252
interface FastEthernet0/1
 ip address 185.Z.Z.Z 255.255.255.0
router bgp QQQQQ
 no synchronization
 bgp log-neighbor-changes
 network 185.Z.Z.Z mask 255.255.255.0
 redistribute connected
 redistribute static
 neighbor 10.15.X.X remote-as WWWWW
 neighbor 10.15.X.X ebgp-multihop 5
 neighbor 10.15.X.X next-hop-self
 neighbor 10.15.X.X route-map NIC-IN in
 neighbor 10.15.X.X route-map NIC-OUT out
 neighbor 10.15.Y.Y remote-as WWWWW
 no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.15.X.X
ip route 0.0.0.0 0.0.0.0 10.15.Y.Y 100
ip prefix-list NIC seq 10 permit 185.Z.Z.Z/24
route-map NIC-OUT permit 10
 match ip address prefix-list NIC
 match nlri unicast multicast
route-map NIC-IN permit 10
 match nlri unicast multicast
 set weight 200
control-plane
scheduler allocate 20000 1000
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40521932
Like I said, unless ISP2 will do BGP with you only outbound redundancy is possible.  You cant just add ISP2 as a BGP neighbour and expect it to work - it wont.
0
 

Author Comment

by:maryam_adnan
ID: 40523020
Hello,
Thank you for your reply craigbeck. Please what command I need to add in router to use redundancy option.

Regards
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 250 total points
ID: 40523028
It's not as simple as that.

You'd need to use NAT to use the ISP2 link as it won't route for the IP range you have assigned to ISP1's link.  This would mean you need to do some NAT at the ISP2 router then configure multiple gateways at your LAN firewall/router.

I'm assuming that you don't use the BGP router as your actual LAN router - that would be bad!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now