[c-nsp] Need some guidance for T1 / wireless ethernet handoff load balancing/failover setup

Derick Winkworth dwinkworth at att.net
Mon Aug 18 22:16:37 EDT 2008 


Well, it seems whatever NAT you need to do will happen on the ISP router
or the ASA... so you could load-balance with EIGRP...  using an
GRE/IPSec tunnel over the wireless part...  EIGRP would be nice because
you could do load-variance...




Ryan Lambert wrote:
> Hi Scott,
>
> Hopefully I am understanding your challenge correctly. It appears to me like
> you're having trouble chatting dynamic routing protocols directly with the
> wireless network, among some other various nitty-gritty that is not "just as
> simple" as the SE tries to make it sound.
>
> Looking at your diagram, it seems that the 7204 also should have a route to
> the 1841 via the mysterious cloud there, albeit a few more hops in between.
> For obvious reasons (lack of link state awareness), plain old static routing
> isn't a reliable option in your scenario. With that said, OSPF may not even
> be necessary. Have you considered the possibility of running ebgp-multihop
> from the Cisco 7204XVR to the 1841's interface directly connected to the
> wireless network? You could also establish a private BGP session with the
> other 1841 via the directly connected T1 link, and announce the same prefix
> out of both sessions. 
>
> As for the VRRP question: If memory serves, I want to say yes, you can use a
> "real" IP address that does not exist in the same subnet as the floating
> virtual; at least, this worked the last time I tried to do it so far as I
> can recall. Unfortunately for the past year and change, I've been dealing
> with a limitation on a never-to-be-named hardware/software platform that
> just recently started allowing this... uhm, feature.
>
> I'm still kind of scratching my head on a good, clean way to "load-balance"
> this outbound for you, given only one of the routers is going to serve as
> the ASA's default route out in a VRRP/HSRP configuration. I'm sure there is
> an answer, it just doesn't look pretty in my head. Maybe the answer here is
> to do OSPF between the 1841s and the ASA, all in NBMA mode so that the 1841s
> aren't trying to share a default to one another. The only thing the 1841s
> should need to do are A) create an adjacency with the ASA, and b) advertise
> it a default route. In that case, it may be necessary to expand to a /28 if
> everything else is in use on that subnet. Maybe someone else has a better
> solution -- that's at least the one I'd try to lab out first, if it were me.
>
> Just something to think about, I guess... :)
>
> -Ryan
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Lambert
> Sent: Monday, August 18, 2008 7:36 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Need some guidance for T1 / wireless ethernet handoff load
> balancing/failover setup
>
> I have a customer who went directly to cisco to ask about how to load
> balance two WAN connections to their Cisco PIX 515E.  Cisco sold them an
> ASA 5510 and two 1841s and suggested VRRP or GLBP for the LAN with the
> ASA and 1841s.  Apparantly, the customer didn't even mention that the
> two connections were to the same ISP, me.  The customer just ordered the
> equipment and said "Make it work."
>
> The WANs are T1 (existing) and 4Mbps ethernet delivered via a wireless
> network.
>
> Cisco sales tech guy said:
>   
>> What we discussed was the ASA having a default route to the virtual   
>> IP address of the routers and they would be running either VRRP or    
>> GLBP (whatever they decided they wanted to do) going out to the       
>> service provider.  Then the routers would simply have a default route 
>> going out to the service provider to hit the 'Net.                    
>>     
>
> The network design is supposed to be something like :
>
>     Cisco 7204VXR NPE G1 (ISP)
>        |                |
>       T1        Wireless network cloud
>        |                |
>    Cisco 1841       Cisco 1841
>        |                |
>       -+-------+--------+-
>                |
>          Cisco ASA 5510  (Customer)
>
> The wireless network cloud is creating logistical issues for me.  The
> wireless ethernet makes multiple hops through StarOS based routers
> which do not speak OSPF, yet.  I have to staticly route traffic to the
> wireless cloud.  The wireless network is handled by a different group
> here and I don't have much influence over how they run it.
>
> I've been running ISP routers for 10 years, but have not had this
> configuration come up before.  99.9999% of my customers have been single
> homed to me.  Also, ASA/PIX devices haven't been common for me until the
> past couple of years and I keep running into areas where they seem to
> try very hard to avoid having common routing features.  I'm primarily a
> servers guy but when you work in small ISPs, you get to do everything.
>
> I could use some guidence in the best way to make these links load
> balance with graceful degradation if one link should fall down.
>
> I've been considering bringing up an IPSec VPN from the 7204VXR to the
> 1841 handling the wireless ethernet connection, just to bypass the need
> for dynamic routing in the wireless network.  Then I could run OSPF or
> other magic between the 1841s and my 7204.
>
> Is OSPF going to be enough to load balance the links, or will I need
> something else?  
>
> If not, could an MLPPP bundle be brought up which uses the T1 and an
> IPSec tunnel?  But then, how would I use the 1841s redundantly?
>
> To keep the 1841s redundant, do I need to use their existing router to
> act as a T1 to ethernet bridge?
>
> Also, on the VRRP front, the customer currently has a /29 LAN subnet
> outside their ASA.  The current T1 router has one IP and the rest of
> the IPs are in use on the ASA.  Will we need to renumber them to a /28
> subnet?  Or, can the virtual router address be from their current subnet
> with the individual routers having their primary IPs from another, RFC
> 1918, subnet?
>
> The 7204VXR is running at 55% CPU load handling about 1800 PPPo(A|E)
> connections.
>
> If I configure the VirtualTemplates to permit CEF, which lowers CPU
> utilization to about 30%, the router hangs in an ininite loop at random
> intervals, at least with c7200-ik91s-mz.122-28.SB5.bin.  Any of the 12.2
> SB series images at the time I last tried CEF did the same thing and I
> haven't had enough nerve to try again since. 
>
> Hopefully, that is not important right now.  The only reason I mention
> it is in case an IPSec tunnel, or whatever the necessary magic ends up
> being, might make a significant impact on the CPU.
>
>

More information about the cisco-nsp mailing list