[c-nsp] Backup/redundant internet connection

[Bill]

    At my first attempt at this I connected the fiber and DSL as they
normally connect to anyone. This required a static /30 on the fiber and a
static DHCP address on the DSL. I then put a loopback address on the
customers router. This method used only one router so it's not exactly like
the diagram referred to.

    After that I setup NAT to use the loopback as the outside interface. The
problem here was the outgoing packets didn't seem to use the loopback
interface. Nothing was ever NAT'd, traffic didn't flow until I setup NAT
normally on the fiber interface. How can I get the traffic to utilize a
loopback interface for NAT'ing?

    Also, can someone explain the BGP setup a little more? I manage the BGP
on our edge routers with route-maps and ACLs but I've never used it in this
fashion. Would the BGP routes on the ISP router redistribute the BGP routes
into the ISP's OSPF routes?

    Related, I have another customer that is wanting this type of setup but
they want two internet connections on two different ISPs. Since this is a
small company with existing Bellsouth.net IP addresses wouldn't I need to
redistribute their Bellsouth IP addresses out my BGP?

      Bill




----- Original Message ----- 
From: Alex Campbell
To: 'Bill'
Sent: Monday, December 11, 2006 5:02 PM
Subject: RE: [c-nsp] Backup/redundant internet connection



Give them a /30 on each link, a /29 of their own, and a private AS number.
Have them send you the /29 (or whatever) via BGP, and send them 2 default
routes via BGP.  (of course, you could do the same with OSPF but I think
using IGPs for talking to external parties - even customers - is a scary
idea).

How did you setup NAT?  Was the outside NAT address one of the /30s that are
in the diagram?  This would explain the problem you were having.  I would
use an address from the /29 as the NAT outside address.

Load balancing between a fibre circuit and a DSL line seems pretty insane.
If they need more capacity then why not just increase the speed on the fibre
circuit?

100% uptime with only one transit provider is close to impossible.

Hope this helps...

Alex


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
Sent: Tuesday, 12 December 2006 9:48 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Backup/redundant internet connection

    I have a customer who wants a backup internet connection. Right now they
have a fiber circuit. We can offer them a DSL line to serve as a backup. The
fiber and DSL line would terminate on two seperate OSPF capable on the ISP
side (all in the same OSPF backbone). The customer has VPN as well as mail
and a web site. They want their IP address to remain the same regardless of
which internet connection is being used. I have a diagram demonstrating a
proposal I've made to my boss but I am wondering if there is a simpler
method - http://www.vci.net/Images/net.gif

    I've tried a similar method using a single router (not two routers as
shown in the diagram) that I couldn't get to work. This alternate method
used a loopback interface that would perform the NAT functions. The problem
was I couldn't get the outbound traffic to be NAT'd. It went directly to the
physical outbound interface.

    This method, with one or two routers, is based on using two seperate
internet connections tied to the same ISP but using another IP address that
would represent the customer's public IP address and do the NAT'ing. This
way either internet connection could be down without interrupting service to
the customer. Load balancing might be nice but not required. 100% uptime is
the goal.

    Anyone have experience with this? Is there a simpler way to set this up?
Any recommendations?

      Bill


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/