Load Balancing over unequal links 3

[osuman]

Hello again,
I have a 2811 I'm setting up with both a T1 and 5Mbps DSL WAN interface. Virtually all the traffic through the router will be to provide Internet connectivity to a group of users on a LAN behind it.

I know that IGRP (and EIGRP) include the bandwidth of the connection as part of it's metric. I also know that Cisco routers will load balance across interfaces by default without setting up anything special.

My questions are:
1) What is the best way to set this up to optimize the utilization from both links?

2) Is simply enabling IGRP enough?

3) If one of the links fail, will the router automatically force all the traffic through the other working link?

4) How can I monitor the utilization of the links once the system is turned up?

Thanks!

 

[KiscoKid]

Can you tell me if there are any routing protocols already in use via the T1 or DSL link? Or any kind of mechanism that provides failover/resilience. Can you also tell me if the DSL link is tunnel'ed to a remote site or is it just a standard Internet connection only.

 

[osuman]

By already in use, do you mean what routing protocol the providers are using?

There currently is no mechanism for providing failover other than the fact that the router will have 2 WAN intefaces.

The DSL link will be for a standard Internet connection.

Thanks for your help.

 

[KiscoKid]

I probably wouldnt use any routing protocols in this setup.

Instead I'd take a long look at Gateway Load Balancing Protocol (GLBP).

This is a static routing mechanism but allows you to load-balance over multiple links and can also detect WAN failure using object tracking.

Take a look at the following URl and see if you think it willdo what you want. If you need any assistance with configuration, let me know.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008042fb97.html

 

[osuman]

Exactly. For my application, I didn't really think I needed a routing protocol.

It looks like GLBP may do what. In their examples they are implementing it on 1 interface in multiple routers, but I suppose it could be enabled on multiple interfaces in one router?

Do you think I need to use the "weighting" keyword to properly load balance across the unequal WAN interfaces? I didn't quite understand what the numbers after the weighting keyword mean and how the thresholds worked.

Given my setup with a T1 and 5Mbps DSL, how do you think the command would look?

Again, your expertise is much appreciated.

 

[tech1994]

Well if this was for 2 routers you had access to with equal links I would have you try this

http://www.ciscohq.com/FAQs/Cisco-FAQs/Cisco---How-to-T1-Load-Balancing-DS1s-.html

But in your situation that wont work...what you are asking for isn't going to be a true "balance". The big issue is that you have no control over the other end of these circuits so you will be extremely limited by what you can do. You should be able to achieve failover but a true balance IMO isn't going to happen.

Wish I had better news for you

Can you post a config that you are currently using?

 

[techkiwi]

I'm not sure about IGRP, but EIGRP will load-balance across unequal cost links with the use of the variance command. There's an option to keep in mind, possibly?

 

[tech1994]

Yes you can use variance with EIGRP but the big issue is that there is no help from the ISP and hence no routing protocol (EIGRP) with the ISP.

I still strongly feel that failover or a crude attempt at a outbound traffic balance may be your best option.

Since you are using a 2811 I am going to assume that you have 12.4 with that said you may be able to look into Optimized Edge Routing (OER) a new 12.4 feature, and see if you can leverage that into a solution.

Read this.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008046460e.html

 

[tech1994]

Optimized Edge Routing (OER) provides automatic route optimization and load distribution for multiple ISP and WAN connections.

You will need CEF on but the nice point is OER can be deployed on a single router.

http://www.ciscohq.com

 

[osuman]

tech,
OER seems like it will do exactly what I want! A couple questions:

1) You mention "You will need CEF on but..". The way you word it makes it sound like CEF has some disadvantages?

2) Do you think GLBP suggested by Kisco will not work for what I'm after? If it will work, can you say why OER might be the better solution?

I've done a bit of reading on both, but not having any practical experience implementing it either way makes it tough to decide what's going to be best.

Thanks for your help.

 

[tech1994]

I don't see any disadvantages using CEF.

I would vote for trying OER just for the fact that it is capable of being deployed on a single router, since you have no control with the other ISP ends. OER is new, it was introducted in 12.3T and 12.4

I have not used it myself, so trial and error may be in order.

http://www.ciscohq.com

 

[osuman]

I will give it a try and post back here (with a running config if it works) with the results.

Thanks again for the suggestion. It definitely looks like it's designed for what I need.

 

[echang15]

have you had any progress with this? Im curious on this as well..

Are you using NAT on the interfaces?

 

[osuman]

Yes, I'm using NAT on the interfaces. I believe I have it working. I haven't generated any statistics on how well it's load balancing, but by watching the counters on the interfaces it looks like they are all being shared.

Here's my config if it helps you:

2811#show run brief
Building configuration...

Current configuration : 6240 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool everyone
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 4.2.2.2 4.2.2.1
lease 30
!
!
ip domain name yourdomain.com
ip name-server 4.2.2.2
!
!
!
key chain key1
key 1
key-string VertNet
!
crypto pki trustpoint TP-self-signed-2946453244
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2946453244
revocation-check none
rsakeypair TP-self-signed-2946453244
!
!
crypto pki certificate chain TP-self-signed-2946453244
certificate self-signed 01
oer master
port 4444
max-range-utilization percent 10
keepalive 1
!
border 192.168.2.1 key-chain key1
interface ATM0/2/0 external
interface FastEthernet0/0 external
interface FastEthernet0/1 external
interface Vlan1 internal
interface Serial0/0/0 external
interface Serial0/1/0 external
!
learn
throughput
periodic-interval 1
monitor-period 2
prefixes 200
aggregation-type prefix-length 32
!
oer border
local Loopback0
port 4444
active-probe address source interface Vlan1
master 192.168.2.1 key-chain key1
!
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Multilink1
description Internet to
ip address a.b.c.e 255.255.255.252
ip nat outside
ip virtual-reassembly
rate-limit input access-group 1 256000 37500 50000 conform-action transmit ex
ed-action drop
rate-limit output access-group 1 256000 37500 50000 conform-action transmit e
eed-action drop
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
description DSL(Modem)
ip address 10.0.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
rate-limit input access-group 1 256000 37500 50000 conform-action transmit ex
ed-action drop
rate-limit output access-group 1 256000 37500 50000 conform-action transmit e
eed-action drop
duplex auto
speed auto
!
interface FastEthernet0/1
description DSL(Modem)
ip address 10.0.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
rate-limit input access-group 1 256000 37500 50000 conform-action transmit ex
ed-action drop
rate-limit output access-group 1 256000 37500 50000 conform-action transmit e
eed-action drop
duplex auto
speed auto
!
interface FastEthernet0/3/0
description Local LAN access point
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Serial0/0/0
description T1 circuit id
bandwidth 1536
no ip address
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
description T1 circuit id
bandwidth 1536
no ip address
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
no fair-queue
ppp multilink
ppp multilink group 1
!
interface ATM0/2/0
description DSL(WIC-1ADSL)
no ip address
no ip mroute-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 1/150
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Vlan1
description Local LAN access
ip address 192.168.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
rate-limit input access-group 1 256000 37500 50000 conform-action transmit ex
ed-action drop
rate-limit output access-group 1 256000 37500 50000 conform-action transmit e
eed-action drop
!
interface Dialer0
ip address dhcp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username <username deleted> password 0 <password deleted>
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.2.1
ip route 0.0.0.0 0.0.0.0 10.0.1.1
ip route 0.0.0.0 0.0.0.0 a.b.c.d
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat pool DSL 10.0.1.2 10.0.1.2 netmask 255.255.255.0
ip nat pool DSL2 10.0.2.2 10.0.2.2 netmask 255.255.255.0
ip nat pool T1 a.b.c.e a.b.c.e netmask 255.255.255.0
ip nat inside source route-map DSL pool DSL overload
ip nat inside source route-map DSL2 pool DSL2 overload
ip nat inside source route-map T1 pool T1 overload
ip nat inside source static tcp 192.168.2.1 23 10.0.1.2 23 extendable
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 3 permit 192.168.1.0 0.0.0.255
route-map DSL permit 10
match ip address 1
match interface FastEthernet0/0
!
route-map T1 permit 10
match ip address 1
match interface Multilink1
!
route-map DSL2 permit 10
match ip address 1
match interface FastEthernet0/1
!
!
!
control-plane
!
!

scheduler allocate 20000 1000
!
end

2811#

 

[echang15]

thanks for the config; gives me a good idea on how to proceed with mine.

quick question though.

rate-limit input access-group 1 256000 37500 50000 conform-action transmit ex
ed-action drop
rate-limit output access-group 1 256000 37500 50000 conform-action transmit e
eed-action drop

when you do this, are you declaring the max in and out speeds to be that? If so, arent you under-utilizing your 1.5 T1 and 5mb DSL?

 

[osuman]

The purpose of those was to limit each users amount of bandwidth, but still utilizes the full capacity of the link.

Those statements aren't quite correct for that to work though. Turns out that you don't need the output statements and you only need the input statement on each wan link.

So what I ended up changing it to is:

access-list 101 permit ip any any

and then on each interface

rate-limit input access-group 101 256000 37500 50000 conform-action transmit exceed-action drop

Good luck. Let me know how it works for you.

 

[f2b]

This looks exactly what I've been looking for.

We also have a 2811 with 4 x WIC-1ADSL. Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.3(8)T8, RELEASE SOFTWARE (fc1).

We now have a total of 4 x 8 Mb ADSL lines available for use (no T1's) which we can utilize. Currently using one, but would be great to have all 4 load balancing to give us much needed bandwidth for Internet traffic.

Some help tailoring this for our requirement would be very much appreciated.

Thanks
Fade

 

[osuman]

Fade,
Since all your WAN links have equal bandwidth, you shouldn't need anything fancy like OER. You'll need to do the following:

1) Setup the dialer interfaces for each of the WIC's. It sounds like you have one working already, so this is just a matter of repeating what you've already done.

2) You'll notice in the example above that I'm using route-maps to NAT the interfaces for internal users. I'm not sure how your NAT config is setup now, but in my experience I had problems unless I used the route-map.

3) Make sure CEF is turned on for each of the interfaces. You can check with the "show cef interface" command. For each of the dialer interfaces, make sure you see "IP CEF switching enabled"

4) Setup a static route for each dialer interface. For example:
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 0.0.0.0 0.0.0.0 Dialer3

After you've got them all up, you can see how well your traffic is balanced by using "show int summ". Note that CEF is per-destination load balanced, not per-packet, so the balance won't be perfect. However, depending on the number of users you have and their traffic patterns, it should be well balanced over time.

Let me know if you have any problems.

Good luck!

 

[f2b]

Hi osuman

Thanks for that. Can't wait to try it!
I'm not sure about the nat though. I have pasted my current config below, if you could help and yes, we are already using 1 WIC ADSL.

Thanks
Fade


version 12.3
no service pad
service timestamps debug datetime sec
service timestamps log datetime msec
service password-encryption
!
hostname ourcompany
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.123-8.T8.bin
boot system flash c2800nm-spservicesk9-mz.123-8.T8.bin
boot-end-marker
!
enable secret level 5 5
enable password 7
!
clock timezone utc 2
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
ip ips po max-events 100
no ip bootp server
no ip domain lookup
no ftp-server write-enable
!
!
!
interface FastEthernet0/0
ip address 192.168.47.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
ip address 80.xx.xx.xx 255.255.255.0
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
pvc 8/32
!
!
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
ip nat outside
ip virtual-reassembly
shutdown
pvc 8/32
!
!
interface ATM0/2/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/2/0.1 point-to-point
ip nat outside
ip virtual-reassembly
shutdown
pvc 8/32
!
!
interface ATM0/3/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0/0/0.1
ip http server
no ip http secure-server
ip nat inside source list 1 interface ATM0/0/0.1 overload
!
!
access-list 1 permit 192.168.47.0 0.0.0.255
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty
snmp-server host 192.168.47.150 public
!
!
control-plane
!
!
line con 0
password 7 06085F704740060E16
login
line aux 0
line vty 0 4
password 7 151C5B5D0F2424333B
login
!
scheduler allocate 20000 1000
ntp clock-period 17179784
ntp server 192.168.47.5
!
end

 

[osuman]

Thanks for posting your config. For NAT, you'd want to do something like the following:

First remove your existing NAT statement (this will interrupt anyone currently using it):
no ip nat inside source list 1 interface ATM0/0/0.1 overload

Next, make sure each WAN interface has "ip nat outside"

Then, add your route-maps, NAT pools and NAT statements for each WAN inteface. It will look something like this if you had all 4 DSL links up:

(Route maps)
route-map DSL0 permit 10
match ip address 1
match interface ATM0/0/0.1

route-map DSL1 permit 10
match ip address 1
match interface ATM0/1/0.1

route-map DSL2 permit 10
match ip address 1
match interface ATM0/2/0.1

route-map DSL3 permit 10
match ip address 1
match interface ATM0/3/0.1

(NAT pools)
ip nat pool DSL0 80.xx.xx.x0 80.xx.xx.x0 netmask 255.255.255.0
ip nat pool DSL1 80.xx.xx.x1 80.xx.xx.x1 netmask 255.255.255.0
ip nat pool DSL2 80.xx.xx.x2 80.xx.xx.x2 netmask 255.255.255.0
ip nat pool DSL3 80.xx.xx.x3 80.xx.xx.x3 netmask 255.255.255.0

(NAT statements)
ip nat inside source route-map DSL0 pool DSL0 overload
ip nat inside source route-map DSL1 pool DSL1 overload
ip nat inside source route-map DSL2 pool DSL3 overload
ip nat inside source route-map DSL4 pool DSL4 overload

Don't ask me exactly how it works (Cisco support helped me with it). I just know that it does. =)

Let me know how it goes.