[c-nsp] Backup/redundant internet connection
Joseph Jackson
JJackson at aninetworks.com
Mon Dec 11 22:53:30 EST 2006
Yes you are going to have to accept their netblock and then send it out
to their peers. I would check that they have atleast a /24 from
bellsouth.net before doing this as a lot of people filter anything
smaller than a /24 and sometimes even /24's.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
Sent: Monday, December 11, 2006 6:44 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Backup/redundant internet connection
At my first attempt at this I connected the fiber and DSL as they
normally connect to anyone. This required a static /30 on the fiber and
a
static DHCP address on the DSL. I then put a loopback address on the
customers router. This method used only one router so it's not exactly
like
the diagram referred to.
After that I setup NAT to use the loopback as the outside interface.
The
problem here was the outgoing packets didn't seem to use the loopback
interface. Nothing was ever NAT'd, traffic didn't flow until I setup NAT
normally on the fiber interface. How can I get the traffic to utilize a
loopback interface for NAT'ing?
Also, can someone explain the BGP setup a little more? I manage the
BGP
on our edge routers with route-maps and ACLs but I've never used it in
this
fashion. Would the BGP routes on the ISP router redistribute the BGP
routes
into the ISP's OSPF routes?
Related, I have another customer that is wanting this type of setup
but
they want two internet connections on two different ISPs. Since this is
a
small company with existing Bellsouth.net IP addresses wouldn't I need
to
redistribute their Bellsouth IP addresses out my BGP?
Bill
----- Original Message -----
From: Alex Campbell
To: 'Bill'
Sent: Monday, December 11, 2006 5:02 PM
Subject: RE: [c-nsp] Backup/redundant internet connection
Give them a /30 on each link, a /29 of their own, and a private AS
number.
Have them send you the /29 (or whatever) via BGP, and send them 2
default
routes via BGP. (of course, you could do the same with OSPF but I think
using IGPs for talking to external parties - even customers - is a scary
idea).
How did you setup NAT? Was the outside NAT address one of the /30s that
are
in the diagram? This would explain the problem you were having. I
would
use an address from the /29 as the NAT outside address.
Load balancing between a fibre circuit and a DSL line seems pretty
insane.
If they need more capacity then why not just increase the speed on the
fibre
circuit?
100% uptime with only one transit provider is close to impossible.
Hope this helps...
Alex
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
Sent: Tuesday, 12 December 2006 9:48 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Backup/redundant internet connection
I have a customer who wants a backup internet connection. Right now
they
have a fiber circuit. We can offer them a DSL line to serve as a backup.
The
fiber and DSL line would terminate on two seperate OSPF capable on the
ISP
side (all in the same OSPF backbone). The customer has VPN as well as
mail
and a web site. They want their IP address to remain the same regardless
of
which internet connection is being used. I have a diagram demonstrating
a
proposal I've made to my boss but I am wondering if there is a simpler
method - http://www.vci.net/Images/net.gif
I've tried a similar method using a single router (not two routers
as
shown in the diagram) that I couldn't get to work. This alternate method
used a loopback interface that would perform the NAT functions. The
problem
was I couldn't get the outbound traffic to be NAT'd. It went directly to
the
physical outbound interface.
This method, with one or two routers, is based on using two seperate
internet connections tied to the same ISP but using another IP address
that
would represent the customer's public IP address and do the NAT'ing.
This
way either internet connection could be down without interrupting
service to
the customer. Load balancing might be nice but not required. 100% uptime
is
the goal.
Anyone have experience with this? Is there a simpler way to set this
up?
Any recommendations?
Bill
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list