Network topology:
All hosts with IP addresses ranging from 192.168.1.1 - 192.168.1.126 (first-half) will be using ISP-1 while all hosts with IP addresses ranging from 192.168.1.129 - 192.168.1.254 (second-half) will be using ISP-2. In case of failover, hosts will be using the active ISP to access the Internet. NAT (NAT-overload) is applied on Edge routers to hide the inside network from the ISPs. The customer is using OSPF within the network. Both Edge routers use eBGP connection with the ISPs. Both ISPs only advertise default-route to the customer.
Splitting Host-traffic at Internal router:
On the Internal router, host-traffic is split based on the IP address of the host. Policy-based routing is used on the LAN interface and decision is made based on the IP address. If host IP address falls in the first-half, Internal router will forward the traffic over to Edge-1 router, while if host IP address falls in the second-half, Internal router will forward the traffic over to Edge-2 router. The set ip next-hop verify-availability command is used with tracking object to ensure the next-hop is available. If tracking-object fails, traffic is forwarded based on IP routing.
Policy-Based Routing (PBR):
IP SLA is used to ensure the availability of next-hops. The IP address 4.2.2.2 is a global IP address on the Internet. To ensure the Internal router check both next-hops, two instances of IP SLAs are created on the router. Local policy-based routing is implemented to ensure packets originated by Internal router takes proper interfaces i.e. IP SLA packets with source address of 10.3.3.1 should go through Edge-1 router while IP SLA packets with source address of 10.4.4.1 should go through Edge-2 router.
NAT on Edge routers:
On Edge-1 & Edge-2 routers, NAT is applied. The interesting traffic includes 192.168.1.0/24 network, 10.3.3.0/24 (on Edge-1) and 10.4.4.0/24 (on Edge-2).
In action:
The following output shows that both tracking-objects are UP.
When a host (IP address: 192.168.1.129) tries to reach global IP address 4.2.2.2, the Internal router forwards the traffic over to Edge-2 router. While when a host (IP address 192.168.1.3) tries to reach same global IP address 4.2.2.2, the Internal router forwards the traffic over to Edge-1 router. The following output on Edge-2 & Edge-1 routers shows that NAT is applied on the source address (host IP address).
Testing failover:
While host address (IP address 192.168.1.3) is continuously sending Ping packets to 4.2.2.2, ISP-1 fails. The tracking-object on the Internal router fails and packets are forwarded over to Edge-1 router.
Splitting Host-traffic at Internal router:
On the Internal router, host-traffic is split based on the IP address of the host. Policy-based routing is used on the LAN interface and decision is made based on the IP address. If host IP address falls in the first-half, Internal router will forward the traffic over to Edge-1 router, while if host IP address falls in the second-half, Internal router will forward the traffic over to Edge-2 router. The set ip next-hop verify-availability command is used with tracking object to ensure the next-hop is available. If tracking-object fails, traffic is forwarded based on IP routing.
IP SLA is used to ensure the availability of next-hops. The IP address 4.2.2.2 is a global IP address on the Internet. To ensure the Internal router check both next-hops, two instances of IP SLAs are created on the router. Local policy-based routing is implemented to ensure packets originated by Internal router takes proper interfaces i.e. IP SLA packets with source address of 10.3.3.1 should go through Edge-1 router while IP SLA packets with source address of 10.4.4.1 should go through Edge-2 router.
On Edge-1 & Edge-2 routers, NAT is applied. The interesting traffic includes 192.168.1.0/24 network, 10.3.3.0/24 (on Edge-1) and 10.4.4.0/24 (on Edge-2).
The following output shows that both tracking-objects are UP.
While host address (IP address 192.168.1.3) is continuously sending Ping packets to 4.2.2.2, ISP-1 fails. The tracking-object on the Internal router fails and packets are forwarded over to Edge-1 router.
0 comments:
Post a Comment