[c-nsp] Fwd: Load Balancing two different ISP's

Ted Mittelstaedt tedm at toybox.placo.com
Fri Sep 15 23:40:21 EDT 2006


----- Original Message ----- 
From: "Tim Franklin" <tim at colt.net>
To: <cisco-nsp at puck.nether.net>
Sent: Friday, September 15, 2006 6:49 AM
Subject: Re: [c-nsp] Fwd: Load Balancing two different ISP's


> In respect of comments like:
>
> > > Your sourcing packets with an IP address assigned from
> > > ISP #1, out the interface to ISP#2.  Whereupon they will
> > > get 1 hop then be killed by ISP #2's anti-spoof filter.
>
> And:
>
> > Gah! You're right, when working pretty much with only BGP folks all
> > day I forgot that fact, just took it for granted.  However, if they
> > have a /24 or larger space from ISP #1 they could get  ISP #2 to
> > announce it for them and still wouldn't have to run BGP.  But your
> > point is well made.
>
> Are people missing:
>
> > > > > We'll presume that the customer is running NAT of course....
>
> ?
>
> If the OP has two publicly-addressed WAN links from two different
providers,
> two different NAT outside interfaces on the two WANs, and two
corresponding
> NAT overload / PAT configs, they can quite happily send traffic out of
both
> interfaces.
>

Yup, they might as well get 2 independent Linksys Cable/DSL routers and
put 2 gateways on the internal network, for a hell of a lot less money.
Then
put half the PC's on the network to their default gateway on the first
linksys
and half the PC's on the network to the other default gateway on the other
Linksys.

> When it's going to ISP1, it'll be NAT'd to have an ISP1 source, likewise
for
> ISP2.
>
> It doesn't give you a lot of options for balancing incoming traffic,

It doesen't give you a lot of options for either in OR outbound traffic.

The only solution suggested that does anything like this is the fatpipe
router.
And you better not need to run servers.  Oh and I almost forgot too - the
fatpipe router (and indeed, any of these corn-pone solutions) only work
when the link failure is between you and the ISP.  If the ISP's upstream
feed to the rest of the world goes down, or gets really really slow, your
screwed.

> beyond
> putting both addresses in DNS and hoping, but you can get *something* out
of
> it.
>
> Obviously ASN / address block / BGP gives much more control, but it's not
> always an option, particularly if one or more of the ISPs you're trying to
> connect to has you in the "residential" category.
>

Obviously you need to be more selective of your ISPs.

Ted



More information about the cisco-nsp mailing list