Cisco ISR4431 Router WAN Failover

I plan on connecting a 2nd ISP to my Cisco ISR4431 and would like to configure it as a failover link.  In other words, if the primary WAN link goes down then this secondary WAN link will take over.  Something like ...

interface GigabitEthernet0/0/2
 description ATT-Primary-WAN
 ip address yyy.yyy.yyy.yyy
 ip nat outside
 no shutdown
 negotiation auto
interface GigabitEthernet0/0/3
 description Comcast-Backup-WAN
 ip address dhcp
 ip nat outside
 no shutdown
 negotiation auto
command "tell Cisco4431 to activate Comcast-Backup-WAN when ATT-Primary-WAN goes dead ... and reconfigure NAT/PAT :-) "

Is this possible on the 4431?  

As I think this through I was wondering:

1. How will the router determine the primary link has failed?
-- a hard failure is obvious, as the interface will go down (just like unplugging the CAT5 cable)
-- a soft failure could be complicated, such as the ISP's Gateway goes down

2. How will the router auto-configure to activate the backup link?
-- the default route will need to change to the backup ISP's gateway (ip route
-- the NAT/PAT configuration will need to change to the backup ISP's configuration

Seems like this may be very complicated ...

Any insights would be welcomed.  Thanks!
Jody LemoineNetwork ArchitectCommented:
It's not too hard. What you need to do is set up an IP SLA using ICMP echo to track the default gateway. Once that's done, you can establish a track based on the IP SLA and use a tracked static route to the primary gateway. Add a high-cost floating static route to the backup gateway so that when the track fails, the backup will become the default gateway until the primary becomes available again. In addition, you need to use route maps to maintain separate NAT tables to cover both.
Jody LemoineNetwork ArchitectCommented:
To be a little clearer, here's an outline of how I would go about it. The first step is to set a local policy to ensure that your IP SLA traffic only goes out the interface you want it to:

ip access-list extended ACL_Policy_AT&T
 permit icmp any host echo
route-map RM_Policy_Local permit 10
 match ip address ACL_Policy_AT&T
 set ip next-hop
 set interface Null0
ip local policy route-map RM_Policy_Local

Replace the with the default gateway for your AT&T service.

Next, set up the IP SLA and tracking:

ip sla 10
 threshold 500
 timeout 1000
 frequency 15
ip sla schedule 10 life forever start-time now
track 10 ip sla 10
 delay down 50
 delay up 50

Again, replace the with the AT&T default gateway.

Lastly, set a tracked static route to the AT&T gateway:

ip route GigabitEthernet0/0/2 track 10

In this configuration, the IP SLA will ping the AT&T default gateway every 15 seconds. Should these pings fail for more than 50 seconds, the default route will go down and the DHCP route (installed by default with a cost of 254) will take over. When the connection comes up and is stable for 50 seconds, the AT&T default route will re-install itself and traffic will once again go through AT&T.

That covers the routing, but NAT is another story. Route maps must be used for the NAT configuration in order to provide separate NAT tables for the two connections. If this doesn't happen, your AT&T NAT entries will continue to be used when failover occurs, causing traffic with invalid sources to leave your Comcast connection. You may already be doing this, but most just use ACLs for NAT, so it's worth mentioning.

MacShopAuthor Commented:
Jody, thanks a bunch for the info.  This will definitely get me headed in the right direction!
