[c-nsp] ISP Failover and/or Load Balancing with 2801

Rodney Dunn rodunn at cisco.com
Thu Aug 18 09:43:09 EDT 2005


You must have some form of detection to know that one
of the ISP's is not reachable.

The best solution to that is BGP or either
IP SLA with object tracking.

You could have two default routes in the 2801 each
pointing to the different ISP's.
That would give you CEF loadsharing by default.

However, your return traffic would be a problem
because depending on what your source address is going
out that is what your return path would be.

Most people get around this by doing PAT on the ISP
interface address so that makes sure the return traffic
for that flow comes back via that same link.

I don't see anyway you can fix the VPN problem if
the clients are pointing to an address you got from
ISPA and that link goes down.

Maybe some DNS hack where they point to the name
and if it goes away you update the DNS record to
an ip address you are translating on the ISPB connection
or something?

I don't know how to make that work.


On Wed, Aug 17, 2005 at 10:11:08AM -0500, Eric Helm wrote:
> I have been approached by a customer wanting to do Failover/Load
> Balancing with 1 Cisco 2801 router.
> The 2801 has a 4 port HWIC installed.
> 
> The network looks like the following:
> 
> ISP A		ISP B
>     |		 |
>      |	        |
>       |	       |
>      Cisco 2801
> 	  |
> 	  |
>   Cisco PIX Firewall
> 
> For failover only, I've thought about just a floating static default
> route. Any better ideas for failover only?
> 
> For failover and load balancing, I've looked a little at Cisco's
> Optimized Edge Routing solution. But it appears that I need a minimum of
> 2 routers to achieve what I need.
> 
> An additional potential caveat is that the PIX is terminating several
> IPSec VPNs using the IP from ISP A.
> Oh, and ISP A is using PPPoE, and I'm not sure about ISP B, but PPPoE
> could definitely be used as well.
> 
> Any and all suggestions are welcome.
> 
> Thanks,
> Eric
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list