[c-nsp] Simple NAT based IOS failover between providers

Robert Boyle robert at tellurian.com
Mon Sep 26 11:44:34 EDT 2005


At 11:25 AM 9/26/2005, Chris Moore wrote:
>Just as a "general architecture" comment:
>
>First, understand exactly what you are trying to do. For outgoing

Thanks. I do understand what I'm trying to do. Perhaps I haven't expressed 
myself clearly enough.

>traffic, it's really easy. You just have two default routes out two
>public interface and tell them both to NAT. Use route metrics to
>determine primary/secondary. That's what your $79 consumer router is
>doing. Really simple.

However, it doesn't work like that with IOS. I need it to fail over from 
the primary to the secondary and simply changing the routes doesn't 
accomplish that with IOS NAT in the test configs we have used. The $79 
consumer router actively monitors the primary link for end to end 
connectivity and switches when connectivity is lost. This is what I need 
from the IOS based router as well.

>Incoming traffic is a different story. Sure - it's easy enough to have
>two NATing interfaces and just have two sets of NAT mappings. But how
>does "the world" know to go to the other set of addresses? You need DNS
>for that. SO that means doing your own DNS or working with someone who
>will let you run scripts to do DNS updates. Then have a script that goes
>out and changes DNS when one of the links goes down. The script is
>pretty simple - you should be able to find plenty of examples online.
>Some ISPs and other companies (DynDNS.org comes to mind) offer managed
>functionality like this.

I don't need anything inbound. These are remote offices which simply need 
to be up 100% of the time.

-Robert


Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin



More information about the cisco-nsp mailing list