[c-nsp] redundant link question

Adam Greene maillist at webjogger.net
Thu Aug 9 15:00:05 EDT 2007


Hi,

I have a customer with a T1 connection to an existing provider (Provider A). 

We're supplying them with an additional Internet connection to the same location. They want to run the two links redundantly for awhile until they decide to drop the T1. 

The customer has a /28 from the existing provider and a /28 from us. 

Their network connects to the Internet first through a PIX (which NATs their internal IP's to the /28) and then through a Cisco router (which also terminates some VPNs for them). The Cisco router terminates the T1 and will terminate our link as well.

The PIX has only (2) interfaces and is running 6.3(1).

In order to configure the network for redundant Internet connections, the idea came up to 
-    configure (2) NAT maps on the PIX outside interface, one NATing to Provider A and the other NATing to us (from a different set of private IP's). 
-    configure a secondary IP address on the LAN interface of the router (for our /28)
-    set up PBR on the router so that outbound traffic coming from our /28 gets sent to us and outbound traffic from Provider A's /28 gets sent to them

Then hosts on their network would communicate with one ISP or another based on what private IP subnet the host is on. 

Does this sound realistic? 

I'm thinking an alternative might be to 
-    let the PIX continue to NAT to Provider A's /28 
-    configure PBR on the router to route from selected hosts to us. The rest would go through Provider A
-    configure NAT on the router so that any traffic coming to us gets NATed to our /28 (on the outside interface of the router) 

Any other creative suggestions are welcome.

Thanks,
Adam


More information about the cisco-nsp mailing list