[c-nsp] Backup/redundant internet connection
Shakeel Ahmad
shakeelahmad at gmail.com
Tue Dec 12 02:17:30 EST 2006
Um isn't it possible to assign seperate /30's to both fiber & DSL
connections and move the original /30 (which customer wants) to customer's
router's outside interface so that he can overload the NAT on its own router
...
basically i am confuse why we are natting on Loopback ? Using loopback in
OSPF is reasonably understandable but for NAT in this scenario .. if someone
can explain ?
On 12/12/06, Joseph Jackson <JJackson at aninetworks.com> wrote:
>
> Yes you are going to have to accept their netblock and then send it out
> to their peers. I would check that they have atleast a /24 from
> bellsouth.net before doing this as a lot of people filter anything
> smaller than a /24 and sometimes even /24's.
>
>
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
> Sent: Monday, December 11, 2006 6:44 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Backup/redundant internet connection
>
> At my first attempt at this I connected the fiber and DSL as they
> normally connect to anyone. This required a static /30 on the fiber and
> a
> static DHCP address on the DSL. I then put a loopback address on the
> customers router. This method used only one router so it's not exactly
> like
> the diagram referred to.
>
> After that I setup NAT to use the loopback as the outside interface.
> The
> problem here was the outgoing packets didn't seem to use the loopback
> interface. Nothing was ever NAT'd, traffic didn't flow until I setup NAT
> normally on the fiber interface. How can I get the traffic to utilize a
> loopback interface for NAT'ing?
>
> Also, can someone explain the BGP setup a little more? I manage the
> BGP
> on our edge routers with route-maps and ACLs but I've never used it in
> this
> fashion. Would the BGP routes on the ISP router redistribute the BGP
> routes
> into the ISP's OSPF routes?
>
> Related, I have another customer that is wanting this type of setup
> but
> they want two internet connections on two different ISPs. Since this is
> a
> small company with existing Bellsouth.net IP addresses wouldn't I need
> to
> redistribute their Bellsouth IP addresses out my BGP?
>
> Bill
>
>
>
>
> ----- Original Message -----
> From: Alex Campbell
> To: 'Bill'
> Sent: Monday, December 11, 2006 5:02 PM
> Subject: RE: [c-nsp] Backup/redundant internet connection
>
>
>
> Give them a /30 on each link, a /29 of their own, and a private AS
> number.
> Have them send you the /29 (or whatever) via BGP, and send them 2
> default
> routes via BGP. (of course, you could do the same with OSPF but I think
> using IGPs for talking to external parties - even customers - is a scary
> idea).
>
> How did you setup NAT? Was the outside NAT address one of the /30s that
> are
> in the diagram? This would explain the problem you were having. I
> would
> use an address from the /29 as the NAT outside address.
>
> Load balancing between a fibre circuit and a DSL line seems pretty
> insane.
> If they need more capacity then why not just increase the speed on the
> fibre
> circuit?
>
> 100% uptime with only one transit provider is close to impossible.
>
> Hope this helps...
>
> Alex
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
> Sent: Tuesday, 12 December 2006 9:48 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Backup/redundant internet connection
>
> I have a customer who wants a backup internet connection. Right now
> they
> have a fiber circuit. We can offer them a DSL line to serve as a backup.
> The
> fiber and DSL line would terminate on two seperate OSPF capable on the
> ISP
> side (all in the same OSPF backbone). The customer has VPN as well as
> mail
> and a web site. They want their IP address to remain the same regardless
> of
> which internet connection is being used. I have a diagram demonstrating
> a
> proposal I've made to my boss but I am wondering if there is a simpler
> method - http://www.vci.net/Images/net.gif
>
> I've tried a similar method using a single router (not two routers
> as
> shown in the diagram) that I couldn't get to work. This alternate method
> used a loopback interface that would perform the NAT functions. The
> problem
> was I couldn't get the outbound traffic to be NAT'd. It went directly to
> the
> physical outbound interface.
>
> This method, with one or two routers, is based on using two seperate
> internet connections tied to the same ISP but using another IP address
> that
> would represent the customer's public IP address and do the NAT'ing.
> This
> way either internet connection could be down without interrupting
> service to
> the customer. Load balancing might be nice but not required. 100% uptime
> is
> the goal.
>
> Anyone have experience with this? Is there a simpler way to set this
> up?
> Any recommendations?
>
> Bill
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list