how to route 2 internet providers 3

[luisc2004]

HI!, I´m new with Cisco. I´ve a 2611 router with 4 Ethernet interfaces.
Interfase 1, connects the LAN.
Interfase 2, connects to the Internet provider, so the default route, points to that interfase.
Interfase 3, connects to a WAN (wireless).

Now, we´ve suscribed to a second Internet provider, connected to Interfase 4.

I would like to configure the router so some computers may surf with provider A (interfase 1) and the other computers may surf with provider B (interfase 4).

Any help will bi appreciated.

TIA,

Luis (luis-carrizo@grupovierci.com)

 

[pmesjar]

I think in your case configuring another default route pointing to interface 4 should be enough. Just make sure you configure it the same way as the first one (but change the interface), eg:

ip route 0.0.0.0 0.0.0.0 ethernet2
ip route 0.0.0.0 0.0.0.0 ethernet4

then check you routing table using "show ip route". Router will add both of these routes into its routing table and will automatically try to load-balance per destination. However if you need strict policy that this half of users must go this way and other half must go that way, you will need to dig a little deeper into Cisco router configuration and configure Policy Based Routing.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[gconnect]

pmesjar is right, but one more thing
MAKE SURE that you turn off route caching/fast switching,

 interface INTERNET1
   no ip route-cache

 interface INTERNET2
   no ip route-cache

because if you do not the traffic WILL NOT be load balanced correctly. Once a destination is learned out of one interface all subsequent traffic will keep going out that interface without a route table lookup. Once you turn that off, traffic will be truly load balanced.
Policy Based Routing is pretty simple, if you have anymore questions.........holler


-gC_

 

[luisc2004]

Peter: thaks you for your help, but we need to specify that certain users go by one ISP and other user go by the other.
How complex is the configuration for Policy Based routing?

Best regards,
Luis

 

[luisc2004]

Gc: thanks for your reply. I´ll really want to hear more about Plicy bases routing. Would you please send me more information?

TIA

Luis

 

[gconnect]

sure, lets say you have a network that consist of 2 internal subnets and all internet traffic from 1 is to leave out one Internet interface and traffic from the other should leave out the other Internet interface

subnet1 - 10.1.1.0/25 (10.1.1.1-126)
subnet2 - 10.1.1.128/25 (10.1.1.129-254)

First configure ACL's that define what traffic to be acted upon
.......Don't apply the policy to internal traffic (deny)
.......Apply it to everything else (permit)
access-list 101 deny ip 10.1.1.0 0.0.0.127 10.1.1.128 0.0.0.127
access-list 101 permit ip 10.1.1.0 0.0.0.127 any

access-list 102 deny ip 10.1.1.128 0.0.0.127 10.1.1.0 0.0.0.127
access-list 102 permit ip 10.1.1.128 0.0.0.127 any

.......Define the policy globally
ip local-policy ENGINEERTRAFFIC route-map MAKEITHAPPEN

.......Define the Actual Policy
route-map MAKEITHAPPEN permit 10
 match ip address 101
 set ip next-hop IPofROUTERhangingOFFfirstINETinterface
   "you could also use 'set interface'"

route-map MAKEITHAPPEN permit 20
 match ip address 102
 set ip next-hop IPofROUTERhangingOFFsecondINETinterface
   "you could also use 'set interface'"

.........Bind All the stuff to the input interface
interface LAN
 ip policy route-map MAKEITHAPPEN
 no ip route-cache (if IOS before 12.1)
 -or-
 ip route-cache policy (if 12.1 and up)

some info......

http://www.cisco.com/en/US/products...on_guide_chapter09186a00800c75d1.html#1000990

http://www.cisco.com/en/US/tech/tk364/tk871/technologies_configuration_example09186a00801f3b54.shtml

-gC-

 

[pmesjar]

Gconnect... first I was wondering why you did put those deny entries in the route-map acls... and then I got it! We surely don't need to route traffic between our two subnets via ISPs

If I was writing that configuration, I would certainly forget adding those two permit statements into acls. Thanks for refreshing my routing know-how

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[Narizz28]

hehehe, Nothing like accidentally becoming a MAE! ;-)

 

[luisc2004]

Gconnect: thank syou for your help! I tried the PBR configuration, but I have this question: Do I have to configure a default static route, pointing to one of the ISP? (like ip route 0.0.0.0 0.0.0.0 66.110.105.73 )

I´ve tried without a default route and no traffic is routed to the Internet.

Then we tried with a double default route, but we found perfomance issues (there were lost packets).

T.I.A.

Luis

 

[pmesjar]

The performance issues were not because you set up the default routes. That was something you needed to do. I think your performance issues were caused by command "no ip route-cache", which turned off fast-switching of IP packets on the interfaces, as gconnect suggested. Probably your router experienced heavy traffic load and with fast switching turned off, every packet needed to be examined by router's CPU in order to get it forwarded, and teh router simply didn't catch up.

If you turn fast switching back on, your router will do less in terms of load-balancing, but you will offload router's CPU from examining every packet.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[mikes999]

Hello, folks;

I am reading all the forums I can find since I have similar problem: two ISP routers, two PIXs, one Catalyst 4006 which is routing traffic for the whole company. Adding default static to "new" ISP pretty much shuts down all Internet traffic, even if I tag links with different weight. "no ip route-cache" line is of no help either.

I have a heluva subnets, and I am not inclined at the time to go with PBR; what I need is a basic functionality (load balancing would be nice, though...).

The problem is - 4006 is the only one of a kind I've got, and playing with routing on live network doesn't raise my popularity with users...

Here is the layout:

ISP(old) ISP(new)
\ /
\ /
| |
PIXold PIXnew
\ /
(static) (no route)
\ /
Catalyst4006
/ \
(OSPF) (OSPF)
/ \
Core1 Core2
\ /
\ /
INTRANET

Looks simple. But doesn't work...

BTW: when I tryed to learn gateway routs via OSPF (enabling on PIX), the effecy is the same: external routing shuts down.

Any help greatly appreciated.

Thanks,

M.S.