skip to main | skip to sidebar

Monday, March 28, 2011

Load-balancing with 2 ISPs

Load-balancing with 2 ISPs






All hosts with IP addresses ranging from 192.168.1.1 - 192.168.1.126 (first-half) will be using ISP-1 while all hosts with IP addresses ranging from 192.168.1.129 - 192.168.1.254 (second-half) will be using ISP-2. In case of failover, hosts will be using the active ISP to access the Internet. NAT (NAT-overload) is applied on Edge routers to hide the inside network from the ISPs. The customer is using OSPF within the network. Both Edge routers use eBGP connection with the ISPs. Both ISPs only advertise default-route to the customer.


Splitting Host-traffic at Internal router:

On the Internal router, host-traffic is split based on the IP address of the host. Policy-based routing is used on the LAN interface and decision is made based on the IP address. If host IP address falls in the first-half, Internal router will forward the traffic over to Edge-1 router, while if host IP address falls in the second-half, Internal router will forward the traffic over to Edge-2 router. The set ip next-hop verify-availability command is used with tracking object to ensure the next-hop is available. If tracking-object fails, traffic is forwarded based on IP routing.


Splitting host-traffic
route-map Divide_Traffic permit 10
match ip address 110
set ip next-hop verify-availability 10.3.3.2 10 track 10
!
route-map Divide_Traffic permit 20
match ip address 120
set ip next-hop verify-availability 10.4.4.2 10 track 20
!
access-list 110 permit ip 192.168.1.0 0.0.0.127 any
access-list 120 permit ip 192.168.1.128 0.0.0.127 any
!
interface FastEthernet0/0
description LAN Interface
ip address 192.168.1.1 255.255.255.0
ip policy route-map Divide_Traffic
ip ospf 1 area 0
speed 100
full-duplex
!



Policy-Based Routing (PBR):

IP SLA is used to ensure the availability of next-hops. The IP address 4.2.2.2 is a global IP address on the Internet. To ensure the Internal router check both next-hops, two instances of IP SLAs are created on the router. Local policy-based routing is implemented to ensure packets originated by Internal router takes proper interfaces i.e. IP SLA packets with source address of 10.3.3.1 should go through Edge-1 router while IP SLA packets with source address of 10.4.4.1 should go through Edge-2 router.


PBR & Next-Hop availability
ip sla 1
icmp-echo 4.2.2.2 source-interface FastEthernet2/0
timeout 3000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 4.2.2.2 source-interface FastEthernet3/0
timeout 3000
threshold 2
frequency 3
ip sla schedule 2 life forever start-time now
!
track 10 rtr 1 reachability
!
track 20 rtr 2 reachability
!
access-list 198 permit ip 10.4.4.0 0.0.0.255 any
access-list 199 permit ip 10.3.3.0 0.0.0.255 any
!
route-map LOCAL_TRAFFIC permit 10
match ip address 199
set ip next-hop 10.3.3.2
set interface FastEthernet2/0
!
route-map LOCAL_TRAFFIC permit 20
match ip address 198
set ip next-hop 10.4.4.2
set interface FastEthernet3/0
!
ip local policy route-map LOCAL_TRAFFIC
!
interface FastEthernet2/0
description Connection to Edge-1 router
ip address 10.3.3.1 255.255.255.0
ip ospf 1 area 0
speed 100
full-duplex
!
interface FastEthernet3/0
description Connection to Edge-2 router
ip address 10.4.4.1 255.255.255.0
ip ospf 1 area 0
speed 100
full-duplex
!



NAT on Edge routers:

On Edge-1 & Edge-2 routers, NAT is applied. The interesting traffic includes 192.168.1.0/24 network, 10.3.3.0/24 (on Edge-1) and 10.4.4.0/24 (on Edge-2).


NAT on Edge routers
Edge-1 router:

access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 10.3.3.0 0.0.0.255 any
!
ip nat inside source list 110 interface Serial0/0 overload
!
interface Serial0/0
description To ISP-1
ip address 172.64.1.1 255.255.255.252
ip nat outside
!
interface FastEthernet0/1
ip address 10.3.3.2 255.255.255.0
ip nat inside
ip ospf 1 area 0
!

Edge-2 router:

access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 10.4.4.0 0.0.0.255 any
!
ip nat inside source list 110 interface Serial0/0 overload
!
interface Serial0/0
description To ISP-2
ip address 172.64.2.1 255.255.255.252
ip nat outside
!
interface FastEthernet0/1
ip address 10.4.4.2 255.255.255.0
ip nat inside
ip ospf 1 area 0
!



In action:

The following output shows that both tracking-objects are UP.


Tacking Objects
Internal# show track
Track 10
Response Time Reporter 1 reachability
Reachability is Up
9 changes, last change 00:00:04
Latest operation return code: Over threshold
Latest RTT (millisecs) 48
Tracked by:
ROUTE-MAP 0
Track 20
Response Time Reporter 2 reachability
Reachability is Up
11 changes, last change 00:40:34
Latest operation return code: Over threshold
Latest RTT (millisecs) 32
Tracked by:
ROUTE-MAP 0


When a host (IP address: 192.168.1.129) tries to reach global IP address 4.2.2.2, the Internal router forwards the traffic over to Edge-2 router. While when a host (IP address 192.168.1.3) tries to reach same global IP address 4.2.2.2, the Internal router forwards the traffic over to Edge-1 router. The following output on Edge-2 & Edge-1 routers shows that NAT is applied on the source address (host IP address).


NAT on Edge routers
Edge-1# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.64.1.1:1 10.3.3.1:1 4.2.2.2:1 4.2.2.2:1
icmp 172.64.1.1:7 192.168.1.3:7 4.2.2.2:7 4.2.2.2:7

Edge-2# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.64.2.1:2 10.4.4.1:2 4.2.2.2:2 4.2.2.2:2
icmp 172.64.2.1:6 192.168.1.129:6 4.2.2.2:6 4.2.2.2:6



Testing failover:

While host address (IP address 192.168.1.3) is continuously sending Ping packets to 4.2.2.2, ISP-1 fails. The tracking-object on the Internal router fails and packets are forwarded over to Edge-1 router.


Text Box
Edge-1# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.64.1.1:1 10.3.3.1:1 4.2.2.2:1 4.2.2.2:1
icmp 172.64.1.1:10 192.168.1.3:10 4.2.2.2:10 4.2.2.2:10

Internal#
01:54:19.171: %TRACKING-5-STATE: 10 rtr 1 reachability Up->Down

Edge-2# show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.64.2.1:2 10.4.4.1:2 4.2.2.2:2 4.2.2.2:2
icmp 172.64.2.1:10 192.168.1.3:10 4.2.2.2:10 4.2.2.2:10

Host# ping 4.2.2.2 repeat 500

Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 98 percent (494/500), round-trip min/avg/max = 1/65/264 ms
Host#

0 comments: