[afnog] Dual ISP NAT Failover using PBR and Object Tracking
Righa Shake
righa.shake at gmail.com
Fri Jul 15 11:36:18 UTC 2011
Hi,
Scenario:
Two ISP's providing an Internet connection.Point to point connections are on
public IP address.
LAN is on Private address space.
Targetted Setup.
Have automatic redundancy where ISP A is backup to ISP B.
>From my setup when ISP B goes down traffic is not beign NATed to ISP A.Hence
the redundancy is not there.
I have the following configuration.
I have set my NAT translation timers to as follows:
ip nat translation timeout 30
ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
ip nat translation icmp-timeout 30
*CONFIGURATION EXTRACT*
ip sla monitor 1
type echo protocol ipIcmpEcho 4.2.2.2 source-interface FastEthernet0/0
<<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
timeout 1000
frequency 3
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 8.8.8.8 source-interface FastEthernet0/1.15
<<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
timeout 1000
frequency 3
ip sla monitor schedule 2 life forever start-time now
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
interface FastEthernet0/0
description <<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
ip address X.X.X.X 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1.10
description LAN Interface fastEthernet 0/1.10
encapsulation dot1Q 10
ip address Y.Y.Y.Y 255.255.255.0
ip nat inside
ip policy route-map LAN_POLICY
ip virtual-reassembly
!
!
interface FastEthernet0/1.15
description <<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
encapsulation dot1Q 15
ip address W.W.W.W 255.255.255.252
ip nat outside
ip nat enable
ip virtual-reassembly
!
!
ip route 0.0.0.0 0.0.0.0 W.W.W.W track 2 <<<<<<<<<<<<< ISP 2 >>>>>>>>>>>>>>
ip route 0.0.0.0 0.0.0.0 X.X.X.X 250 <<<<<<<<<<<<<< ISP 1 >>>>>>>>>>>>>>
!
ip nat translation timeout 30
ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
ip nat translation icmp-timeout 30
ip nat inside source list LAN interface FastEthernet0/0 overload
ip nat inside source list LAN interface FastEthernet0/1.15 overload
!
access-list LAN permit ip Y.Y.Y.Y 0.0.0.255 any
!
route-map LAN_POLICY permit 10
match ip address LAN
set ip next-hop verify-availability W.W.W.W 10 track 2 <<<<<<<<<<<<< ISP 2
>>>>>>>>>>>>>>
set ip next-hop verify-availability X.X.X.X 20 track 1 <<<<<<<<<<<<<< ISP 1
>>>>>>>>>>>>>>
!
*OBJECT TRACKING
router#show track brief
Track Object Parameter Value
1 rtr 1 reachability Up
2 rtr 2 reachability Up
router#
*
Kindly assist in pointing me in the right direction.
The insertion of the default route using the tracking objects is working
fine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110715/67a62849/attachment.html>
More information about the afnog
mailing list