Configuring Dual ISP load balancing on Single Cisco Router

Thanks to: http://www.techspacekh.com

1. Overview


For today network with multiple internet connections/dual ISP connections would need a network load balancer to load balance LAN IP subnets.  ISP load balancing is very important not only in the enterprise networks but even in some small networks also need ISP load balancing for LAN IP subnets. Most of the case, people want end user LAN can access to internet with different ISP from server farm LAN. To achieve the objective of ISP load balancing for LAN IP subnets of a network, we can use Policy Based routing PBR on Cisco router.
In this article will show how to configure dual ISP load balancing on single Cisco router with Policy Based routing PBR on Cisco router to load balance two IP subnet, end user LAN and server farm LAN. End user LAN will access to internet via ISP01 and  server farm LAN will access to the internet via ISP02.

2. Prerequisites


In this article of how to configure dual ISP load balancing on single Cisco router, it is assumed that:
a. you already have GNS3 VM virtual server installed up and running on your computer. 
b.  You know how to configure NAT, network address translation, on Cisco router.

3. Lab Scenario Setup

To demonstrate how to configure dual WAN load balancing on single Cisco router , we will set up a GNS3 lab as the following IP network diagram.
There are five Cisco routers. R1 is the router in customer network and the other two routers will act like two different ISP, so we have multiple internet connections for the customer network. ISP01 is used serve internet connection for end user computer LAN which is 10.10.10.0/24 and ISP02 is used serve internet connection for server farm LAN which is 20.20.20.0/24. There is one router PC1 within the LAN network acting as end user computer client and one router Server01 act as a dedicated server in server farm LAN.
Now let configure the IP address setting on PC1.
# int f0/0
    ip add 10.10.10.2 255.255.255.0
    no sh
# ip route 0.0.0.0 0.0.0.0 10.10.10.1
On Server01, configure the IP address setting as the following.
# int f0/0
     ip add 20.20.20.2 255.255.255.0
     no sh 
# ip route 0.0.0.0 0.0.0.0 20.20.20.1
On customer router R1 configure the following IP address settings
# int f0/0
      ip add 10.10.10.1 255.255.255.0
      no sh
# int f0/1
     ip add 20.20.20.1 255.255.255.0
     no sh
# int f1/0
     ip add 100.100.100.1 255.255.255.252
     no sh
# int f1/1
    ip add 200.200.200.1 255.255.255.252
    no sh
On ISP01 router, configure the following IP address settings
# int f0/0
    ip add 100.100.100.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.1 255.255.255.252
    no sh
On ISP02 router, configure the following IP address settings
# int f0/0
    ip add 200.200.200.2 255.255.255.252
    no sh
# int f0/1
    ip add 102.102.102.2 255.255.255.252
    no sh
To connect ISP01 to ISP02 we need to configure a routing protocol. It can be the static routing or dynamic routing protocol, but in our case now let use OSPF dynamic routing protocol to connect these two ISP.
On ISP01 router, configure OSPF dynamic routing protocol as the below.
# router ospf 1
    net 102.102.102.0 0.0.0.3 area 1
    net 100.100.100.0 0.0.0.3 area 1
On ISP02 router, configure OSPF dynamic routing protocol as the below.
# router ospf 1 
    net 102.102.102.0 0.0.0.3 area 1
    net 200.200.200.0 0.0.0.3 area 1

4. Configure Dual ISP load balancing on Single Cisco Router


The first thing that we need to do here to have ISP load balancing with multiple internet connections is to configure dynamic NAT, dynamic network address translation, on Cisco router R1 that connected directly to two ISP. So, clients computers in user LAN and servers in server farm LAN within the internal network can reach to internet.
To configure dynamic NAT on Cisco router R1,  we need to create an ACL to contain the IP address to be NATed. In below ACL, we allow all IP in the client computers in user LAN and servers in server farm LAN can access to the internet.
# ip access-list standard ACL-UserLAN
     permit 10.10.10.0 0.0.0.255
# ip access-list standard ACL-ServerLAN
 permit 20.20.20.0 0.0.0.25
After configured an access control list , then we need to configure dynamic NAT with the created ACL above.
# int f0/0
    ip nat inside
# int f0/1
    ip nat inside
# int f1/0
    ip nat outside
# int f1/1
    ip nat outside
# ip nat inside source list ACL-ServerLAN int fa1/1 overload
# ip nat inside source list ACL-UserLAN int fa1/0 overload
Then, we need to configure default routes on our dual wan connection Cisco router R1. So, end user computers in user LAN and servers in server farm LAN within the internal network can reach to internet.
# ip route 0.0.0.0 0.0.0.0 100.100.100.2
# ip route 0.0.0.0 0.0.0.0 200.200.200.2
Now we need to configure Policy-based routing PBR on Cisco router with dual wan connection R1. Policy-based routing PBR will manage to forward the traffic from end user computer LAN 10.10.10.0/24 to the internet via ISP01 and server farm LAN to the internet via ISP02.
# route-map PBR-UserLAN permit 10
    set ip next-hop 100.100.100.2
    match ip address ACL-UserLAN
# route-map PBR-SERVERLAN permit 10
    set ip next-hop 200.200.200.2
    match ip address ACL-ServerLAN
Then, we need to apply the Policy-based routing PBR configured above into the interface that connected to end user LAN and server farm LAN.
# int f0/0
      ip policy route-map PBR-UserLAN
# int f0/1
     ip policy route-map PBR-SERVERLAN

5. Verify and Test


To test if the configuration of  ISP load balancing with multiple internet connections work or not,  we can ping to the public IP address these two ISP which is 102.102.102.1 or 102.102.102.2 from end user computer LAN PC1 or Server01 in server farm LAN. We should get the following successful result.

PC1# ping 102.102.102.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 102.102.102.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/50/72 ms


Server01# ping 102.102.102.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 102.102.102.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/48 ms
After we know that ping to the public IP address of these two ISP is successful, we can check the traceroute command to see which path that it go to reach that  public IP address. Base on the following traceroute result, it reach 102.102.102.2 via ISP01.
PC1# traceroute 102.102.102.2

 1 10.10.10.1 36 msec 16 msec 8 msec
 2 100.100.100.2 8 msec 28 msec 16 msec
 3 102.102.102.2 52 msec 40 msec 44 msec
Server01# traceroute 102.102.102.1

 1 20.20.20.1 28 msec 20 msec 20 msec
 2 200.200.200.2 8 msec 36 msec 20 msec
 3 102.102.102.1 28 msec 36 msec 64 msec
Base on the following traceroute result, we can see that end user computer PC1 can reach 102.102.102.2 via ISP01 and Server01 in server farm can reach 102.102.102.1 via ISP02.
Let also check the NAT configuration of  ISP load balancing with multiple internet connections work or not. For end user LAN 10.10.10.0/24 should be NATed to the IP address of ISP01 and for server farm LAN 20.20.20.0/24 should be NATed to the IP address of ISP02 as the following.
# sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 100.100.100.1:49323 10.10.10.2:49323 102.102.102.2:33437 102.102.102.2:33437
udp 100.100.100.1:49327 10.10.10.2:49327 102.102.102.2:33441 102.102.102.2:33441
udp 100.100.100.1:49328 10.10.10.2:49328 102.102.102.2:33442 102.102.102.2:33442
udp 200.200.200.1:49264 20.20.20.2:49264 102.102.102.1:33437 102.102.102.1:33437
udp 200.200.200.1:49265 20.20.20.2:49265 102.102.102.1:33438 102.102.102.1:33438
udp 200.200.200.1:49266 20.20.20.2:49266 102.102.102.1:33439 102.102.102.1:33439

6. Conclusion


That’s all about how to configure dual ISP load balancing on single Cisco router from Tech Space KH. This is a cheap and simple method to achieve the objective of ISP load balancing with multiple internet connections. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

How to Fix Failed to Connect a Hyper-V Standalone to Veeam Backup

Imagen
 Thank to: https://bonguides.com/ Invalid Credentials Error Adding a Hyper-V Host When attempting to add a Hyper-V host to  Veeam Backup & Replication  using a local (non-domain) user account, the following error occurs: Failed to connect to host Access denied or timeout expired . Check if you have local administrator privileges on computer Possible reasons: 1 . Invalid credentials . 2 . Specified host is not a Hyper - V server . Solutions 1. Login into the Hyper-V host then open  Registry Editor . 2. Navigate to the following location then create a new  DWORD  value. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 3. Enter the name  LocalAccountTokenFilterPolicy  then double click on it and set the value data is  1. Or you can create a DWORD value using PowerShell, let run below command in PowerShell Admin. reg add HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system / v LocalAccountTokenFilterPolicy / t Reg_DWORD / d 1 Fin
Leer más