This lab I will show how we can load-balance traffic based
on protocols between two ISP’s while using each ISP provided IP.
|
Device
|
Role
|
|
R1
|
Customer router
|
|
R2
|
ISP1
|
|
R3
|
ISP2
|
|
R4
|
Internet
|
|
R5
|
Emulate customer node on LAN
|
The customer requirements are:
1. All HTTP and telnet
traffic will go through ISP2
2. All other traffic will go through ISP1
3. In case of failure in one of the ISP’s all traffic will go
through the other one
This is the network topology:
After configuring all interfaces with the correct IP’s we
need to configure default route:
|
ip route 0.0.0.0 0.0.0.0
10.1.12.2 name PRIMARY
ip route 0.0.0.0 0.0.0.0
10.1.13.3 150 name BACKUP
|
Here I configured a default route to ISP1 as primary while
configuring floating static route with AD of 150 to ISP2.
Next configuring ACL which will capture the appropriate
traffic:
|
ip access-list extended
ACL_HTTP
permit tcp 192.168.15.0 0.0.0.255 any eq
telnet
permit tcp 192.168.15.0 0.0.0.255 any eq www
deny
ip any any
|
This ACL will capture all HTTP and telnet traffic from
network 192.168.15.0/24.
And configuring track object for ISP2 interface:
|
track 3 interface
FastEthernet0/1 ip routing
|
Next configuring PBR (Policy-Based Route) with attached
track object:
|
Route-map RM_HTTP_PBR permit
10
match ip address ACL_HTTP
set ip next-hop verify-availability
10.1.13.3 10 track 3
!
route-map RM_HTTP_PBR deny 20
!
|
In case of failure in ISP2 link the PBR won’t take in
affect.
Now attach this PBR to interface Fa1/0 which connected to
customer’s LAN:
|
interface FastEthernet1/0
ip address 192.168.15.1 255.255.255.0
ip virtual-reassembly
ip policy route-map RM_HTTP_PBR
speed 100
full-duplex
!
|
Now for the NAT part, configuring two route-maps, one for
each ISP with the corresponding interface:
|
route-map RM_ISP1 permit 10
match interface FastEthernet0/0
!
route-map RM_ISP2 permit 10
match interface FastEthernet0/1
!
|
And last configuring the NAT statements:
|
ip nat inside source
route-map RM_ISP1 interface FastEthernet0/0 overload
ip nat inside source
route-map RM_ISP2 interface FastEthernet0/1 overload
|
The NAT statement will take place only if the interface,
which I configured on the route-map, is matched else it will be ignored.
Summary
R1 will use IP 10.1.13.1 for NAT to all HTTP and telnet
traffic from R5 and IP 10.1.12.1 for NAT to all traffic from R5 except HTTP and
telnet.
In case of failure of ISP2, the PBR won’t work and R1 will use
NAT IP 10.1.12.1 for all traffic. In case of failure of ISP1, the static route
to ISP2 will take over and R1 will use NAT IP 10.1.13.1 for all traffic.
Verification
In case of both links are up, Ping from R5 (192.168.15.5) to R4 (192.168.41.1):
|
R5#ping 192.168.41.1
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.41.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 52/76/112 ms
|
Result:
Telnet from R5 (192.168.15.5) to R4 (192.168.41.1):
|
R5#telne
R5#telnet 192.168.41.1
Trying 192.168.41.1 ... Open
User Access Verification
Username:
|
Result:
Note the source IP on each capture.
Now shutting down interface Fa0/1 on R1 and testing again, Ping
from R5 (192.168.15.5) to R4 (192.168.41.1):
|
R5#ping 192.168.41.1
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.41.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 52/76/112 ms
|
Result:
Telnet from R5 (192.168.15.5) to R4 (192.168.41.1):
|
R5#telne
R5#telnet 192.168.41.1
Trying 192.168.41.1 ... Open
User Access Verification
Username:
|
Result:
On the captures both source IP's are 10.1.12.1.
|
R5#ping 192.168.41.1
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.41.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5), round-trip min/avg/max = 52/76/112 ms
|
Result:
Telnet from R5 (192.168.15.5) to R4 (192.168.41.1):
|
R5#telne
R5#telnet 192.168.41.1
Trying 192.168.41.1 ... Open
User Access Verification
Username:
|
Result:
