[c-nsp] Simple NAT based IOS failover between providers

[Robert Boyle]

At 12:32 PM 9/26/2005, Rodney Dunn wrote:
>Setup your NAT with route-maps to match on interface.
>Depending on which interface the traffic is routed out
>of will govern which interface your traffic gets nat'ed
>to (ie: overload or pool) specific to that ISP.

Thanks, Rodney! Do you have an article or an example? I've never seen an 
actual IOS config for anything this complicated before.

>Then you implement a way to make the route failover via
>IP SLA (previously called SAA) to float your static route
>from being up on the primary to switching over to the backup.
>
>If the IP SLA object comes back the primary route will come
>back in and your NAT will follow.

Excellent. I'll search for this on CCO. Does anyone have a working config 
like this or is there a magic word I need need to say to TAC to get an 
engineer on the phone who understands this and can help come up with a 
working config?

When the T1 and DSL are both on our network, we just use a private AS and 
BGP and it works fine because the loopback IP address (which is the 
overloaded outside NAT interface) is always the same. In this situation, we 
don't have that option.

>The gotcha I think with this is that any existing flow that
>is being NAT'ed will fail until it times out because
>a new translation on the new interface will have to be created.

The NAT timer can be set to a low value such as 1 minute, correct? If so, I 
don't think this will be a problem. A momentary 1-2 minute loss is 
acceptable. Client machines will lose their connections and simply reconnect.

-Robert


Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin