[afnog] Dual ISP NAT Failover using PBR and Object Tracking

Righa Shake righa.shake at gmail.com
Fri Jul 15 11:36:18 UTC 2011


Hi,

Scenario:

Two ISP's providing an Internet connection.Point to point connections are on
public IP address.
LAN is on Private address space.

Targetted Setup.

Have automatic redundancy where ISP A is backup to ISP B.
>From my setup when ISP B goes down traffic is not beign NATed to ISP A.Hence
the redundancy is not there.
I have the following configuration.

I have set my NAT translation timers to as follows:

ip nat translation timeout 30
ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
ip nat translation icmp-timeout 30


*CONFIGURATION EXTRACT*

ip sla monitor 1
 type echo protocol ipIcmpEcho 4.2.2.2 source-interface FastEthernet0/0
<<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
 timeout 1000
 frequency 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
 type echo protocol ipIcmpEcho 8.8.8.8 source-interface FastEthernet0/1.15
<<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
 timeout 1000
 frequency 3
ip sla monitor schedule 2 life forever start-time now
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!

interface FastEthernet0/0
 description <<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
 ip address X.X.X.X 255.255.255.252
  ip nat outside
 ip nat enable
 ip virtual-reassembly
 ip route-cache flow
 speed 100
 full-duplex
!
interface FastEthernet0/1
  no ip address
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 description  LAN Interface fastEthernet 0/1.10
 encapsulation dot1Q 10
  ip address Y.Y.Y.Y 255.255.255.0
 ip nat inside
 ip policy route-map LAN_POLICY
 ip virtual-reassembly
!
!
interface FastEthernet0/1.15
 description <<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
 encapsulation dot1Q 15
 ip address W.W.W.W 255.255.255.252
 ip nat outside
 ip nat enable
 ip virtual-reassembly
!

!
ip route 0.0.0.0 0.0.0.0 W.W.W.W track 2 <<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
ip route 0.0.0.0 0.0.0.0 X.X.X.X 250 <<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
!


ip nat translation timeout 30
ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
ip nat translation icmp-timeout 30
ip nat inside source list LAN interface FastEthernet0/0 overload
ip nat inside source list LAN interface FastEthernet0/1.15 overload
!
access-list LAN permit ip Y.Y.Y.Y 0.0.0.255 any


!
route-map LAN_POLICY permit 10
 match ip address LAN
 set ip next-hop verify-availability W.W.W.W  10 track 2 <<<<<<<<<<<<< ISP 2
>>>>>>>>>>>>>>
 set ip next-hop verify-availability X.X.X.X 20 track 1 <<<<<<<<<<<<<< ISP 1
>>>>>>>>>>>>>>
!


*OBJECT TRACKING

router#show track brief
Track   Object                         Parameter        Value
1       rtr       1                    reachability     Up
2       rtr       2                    reachability     Up
router#

*
Kindly assist in pointing me in the right direction.
The insertion of the default route using the tracking objects is working
fine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110715/67a62849/attachment.html>


More information about the afnog mailing list