[c-nsp] Backup/redundant internet connection

Shakeel Ahmad shakeelahmad at gmail.com
Tue Dec 12 10:30:40 EST 2006 

I had the same situation when i wanted to NAT over one of my loopback
interfaces at home but was not successfull, if someone can NAT without
routing the packet on to Loopback , i too would like to have a look at that
config ?

On 12/12/06, VCI Help Desk <admin at vci.net> wrote:
>
>    Yes, I could ping the loopback interface. Are you using IP unnumbered
> with the physical interfaces and the loopback interface? I'm not
> understanding how you get the traffic to pass thru the loopback for
> NAT'ing
> instead of it passing directly thru to the physical interfaces.
>
>      Bill
>
>
>
> ----- Original Message -----
> From: Paul Stewart
> To: VCI Help Desk ; cisco-nsp at puck.nether.net
> Sent: Tuesday, December 12, 2006 8:54 AM
> Subject: RE: [c-nsp] Backup/redundant internet connection
>
>
> We do loopback natting at several sites...  make sure you are
> redistributing "connected" via OSPF so that your loopback is seen on the
> ISP backbone (presuming you have control over the CPE router)....
>
> Can you ping the loopback address from outside the customer network?
>
> Take care,
>
> Paul
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of VCI Help Desk
> Sent: Tuesday, December 12, 2006 9:31 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Backup/redundant internet connection
>
>    Let me try and explain the reason for using a Loopback.
>
>    When I tried this with a single router I needed three ethernet
> interfaces 1) fiber connection, 2) DSL connection, 3) customer's LAN. We
> wanted the customer's outbound NAT address to remain the same regardless
> of the status of their fiber or DSL connection status. The 3rd interface
> mentioned had an address of 192.168.1.1 for the customer's LAN gateway.
> So I was hoping to use a Loopback interface to do the NAT'ing so it
> would remain up regardless of the customer's internet connections. The
> problem I had was I couldn't get the Loopback to do the NAT'ing. The
> traffic never passed thru the Loopback interface. All outbound traffic
> went directly to the fiber or DSL WAN interface.
>
>    Basically, I believe I can get the network described at
> http://www.vci.net/Images/net.gif to work but I'd prefer a single router
> version of this.
>
>      Bill
>
>
>
>
> ----- Original Message -----
> From: Shakeel Ahmad
> To: Joseph Jackson
> Cc: Bill ; cisco-nsp at puck.nether.net
> Sent: Tuesday, December 12, 2006 1:17 AM
> Subject: Re: [c-nsp] Backup/redundant internet connection
>
>
> Um isn't it possible to assign seperate /30's to both fiber & DSL
> connections and move the original /30 (which customer wants) to
> customer's
> router's outside interface so that he can overload the NAT on its own
> router
> ...
>
> basically i am confuse why we are natting on Loopback ? Using loopback
> in
> OSPF is reasonably understandable but for NAT in this scenario .. if
> someone
> can explain ?
>
>
>
>
>
> On 12/12/06, Joseph Jackson <JJackson at aninetworks.com> wrote:
> Yes you are going to have to accept their netblock and then send it out
> to their peers.  I would check that they have atleast a /24 from
> bellsouth.net before doing this as a lot of people filter anything
> smaller than a /24 and sometimes even /24's.
>
>
>
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill
> Sent: Monday, December 11, 2006 6:44 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Backup/redundant internet connection
>
>   At my first attempt at this I connected the fiber and DSL as they
> normally connect to anyone. This required a static /30 on the fiber and
> a
> static DHCP address on the DSL. I then put a loopback address on the
> customers router. This method used only one router so it's not exactly
> like
> the diagram referred to.
>
>   After that I setup NAT to use the loopback as the outside interface.
> The
> problem here was the outgoing packets didn't seem to use the loopback
> interface. Nothing was ever NAT'd, traffic didn't flow until I setup NAT
> normally on the fiber interface. How can I get the traffic to utilize a
> loopback interface for NAT'ing?
>
>   Also, can someone explain the BGP setup a little more? I manage the
> BGP
> on our edge routers with route-maps and ACLs but I've never used it in
> this
> fashion. Would the BGP routes on the ISP router redistribute the BGP
> routes
> into the ISP's OSPF routes?
>
>   Related, I have another customer that is wanting this type of setup
> but
> they want two internet connections on two different ISPs. Since this is
> a
> small company with existing Bellsouth.net IP addresses wouldn't I need
> to
> redistribute their Bellsouth IP addresses out my BGP?
>
>     Bill
>
>
>
>
> ----- Original Message -----
> From: Alex Campbell
> To: 'Bill'
> Sent: Monday, December 11, 2006 5:02 PM
> Subject: RE: [c-nsp] Backup/redundant internet connection
>
>
>
> Give them a /30 on each link, a /29 of their own, and a private AS
> number.
> Have them send you the /29 (or whatever) via BGP, and send them 2
> default
> routes via BGP.  (of course, you could do the same with OSPF but I think
> using IGPs for talking to external parties - even customers - is a scary
> idea).
>
> How did you setup NAT?  Was the outside NAT address one of the /30s that
> are
> in the diagram?  This would explain the problem you were having.  I
> would
> use an address from the /29 as the NAT outside address.
>
> Load balancing between a fibre circuit and a DSL line seems pretty
> insane.
> If they need more capacity then why not just increase the speed on the
> fibre
> circuit?
>
> 100% uptime with only one transit provider is close to impossible.
>
> Hope this helps...
>
> Alex
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net ] On Behalf Of Bill
> Sent: Tuesday, 12 December 2006 9:48 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Backup/redundant internet connection
>
>   I have a customer who wants a backup internet connection. Right now
> they
> have a fiber circuit. We can offer them a DSL line to serve as a backup.
> The
> fiber and DSL line would terminate on two seperate OSPF capable on the
> ISP
> side (all in the same OSPF backbone). The customer has VPN as well as
> mail
> and a web site. They want their IP address to remain the same regardless
> of
> which internet connection is being used. I have a diagram demonstrating
> a
> proposal I've made to my boss but I am wondering if there is a simpler
> method - http://www.vci.net/Images/net.gif
>
>   I've tried a similar method using a single router (not two routers
> as
> shown in the diagram) that I couldn't get to work. This alternate method
> used a loopback interface that would perform the NAT functions. The
> problem
> was I couldn't get the outbound traffic to be NAT'd. It went directly to
> the
> physical outbound interface.
>
>   This method, with one or two routers, is based on using two seperate
> internet connections tied to the same ISP but using another IP address
> that
> would represent the customer's public IP address and do the NAT'ing.
> This
> way either internet connection could be down without interrupting
> service to
> the customer. Load balancing might be nice but not required. 100% uptime
> is
> the goal.
>
>   Anyone have experience with this? Is there a simpler way to set this
> up?
> Any recommendations?
>
>     Bill
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list