Routing Policys and Multiple ISPs

[Nightcrawler]

Hiya, I have a 3660 and what I am trying to do is have some kind of routing policy which says go to this internet connection if its alive or go to this one instead. However they also have to translate to different ISP IP addresses depending on the connection.. Is this possible and can someone point me in the right direction please ??

What would be the command for this is there any articles on it ? That would be really useful .... Also how would you do the translation as both routes would have to have different IP addresses ..

Thanks for the help

Ed

 

[jeter]

I think Wybnormal answered this one before. Try policy routing! Jeter@LasVegas.com
J.Fisher CCNA

 

[Nightcrawler]

Hiya,

Well I didnt get notified of any posts !?!?!?!

PLus this isnt really helpful - I know I need policy routing but how ?? What are the commands cisco site isnt exactly brilliant for pinpointing things out ?? I have one link up and running on one set of address.. However I dont see however you entered two default routes and set of statics ??

Thanks

Ed

 

[wybnormal]

Nightcrawler-

Two things.. learn some patience when working with Cisco's web site but learn HOW to use it. The info is almost always there.. just tough to find at times.

No need to get snippy with your answer... nobody gets paid here, we do this because we enjoy answering questions and it's a great way to expand your own knowledge.. nothing like posting an answer that the whole world can see and comment on... if you are wrong, you hear about it rather quickly ;-)

Anyways... here is one of the easiest papers at Cisco for policy routing. I used it myself when learning how to.

http://www.cisco.com/warp/public/105/36.html

MikeS
Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[Nightcrawler]

Thanks for this I will look now.

I didnt mean to get snappy. I have just had a really bad two weeks. Cisco havent been any help on this problem at all and I have just seemed to be banging my head on a wall (seems to have been the same with Creative as well!)

Anyway thanks again for this

Ed

 

[Nightcrawler]

Hiya,

I have viewed this document and I understand this but I am still miffed at how you get the system to jump to another routing policy if that link is no good ?? IE if this isnt responding try this link .....

Of course then there is all the IP addresses problem.

How do you say if this link is up use this IP address and if this one is up use this ip address range ??

Any Ideas

Thanks

Ed

 

[wybnormal]

the most common way is to use a floating route.. this is where you have two routes and one is costed normally.. but the second has a cost of say.. 250 which forces it not to be used until the primary route is unreachable.

Routing protocols also work with this problem..

Normally speaking, any solution would be a mix of the above methods.. without knowing the complete picture, it's difficult to offer "advice" to the best way. There is always a way, you just need to get "creative" at times ;-)

MikeS
Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[Nightcrawler]

Hiya Again,

Sorry to bug...

Well, I have a firewall (which is PIX), this is connected to a 3660 router.

The router has two outside connections on two different ISPS. So for instance the IP range could be 201.20.40.0 255.255.255.0 on one and on the other 195.126.40.0 255.255.255.0.

I need to be able to say right my machine to the outside looks like 201.20.40.180 but if this fails it needs to put to the other connection and look like 195.126.40.180.

Now the failure will occur either at the next hop or two hops along....

Could you point me to the acutal commands that I can research on

Thanks

Ed

 

[talisker]

Hi,

I'm not clear on your situation. Are you saying that you have a second connection to a different ISP that is never used unless the first one goes down? I understand the need for redundancy, but aren't you paying for an ISP connection that you will rarely use? If your primary ISP is that unreliable, its time to change ISPs! If it's the T1 or whatever thats unreliable - then consider getting a second T1 to the same ISP that can be used for load-balancing & redundancy. This is simple to setup, you'll have double the bandwidth & you'll be using what you pay for!

The other - far more complex - option is going "multi-homed" via BGP. This is not for the weak-at-heart or neophyte network engineer.

 

[Nightcrawler]

HIya,

It is a bit complexed but it is politics as to why we have two at present. However the second backup is very cheap

All I really want is a pointer or sample config for multi roup maps and more than one default route - I cant see any...

Ed

 

[talisker]

Okay, setting-up more than one default route is very simple:

RouterA(config)#ip route 0.0.0.0 0.0.0.0 x.x.x.x 1 ISP1
RouterA(config)#ip route 0.0.0.0 0.0.0.0 y.y.y.y 255 ISP2

Where: 0.0.0.0 0.0.0.0 is the default route, x.x.x.x is the next hop IP address to your primary ISP, 1 is the Metric, and ISP#1 is the name of this static route.

The second line defines the next hop to your secondary ISP as the default route, but by assigning a metric of 255 (any metric greater than the one assigned in the first ip route statement will work) ensures that this route will only be used if the route to your primary ISP is not available.

When the primary ISP comes back online then the default route will switch back to this ISP.

Good luck!

 

[mavenccie]

talisker and wybnormal have already covered the default floating static very well. This is a really unconventional solution, but if these are the only pieces you have to work with, then so be it. BTW, Remember, there are many ways to skin a cat in the Cisco IOS.
I am assuming that your PIX has at least two interfaces and the 3660 has one ethernet and two WAN interfaces. Put one of the interfaces at security level 0(outside)and one at security level 100(inside). The "outside" IPs should be your primary ISP. Setup one global NAT pool and static nats as needed for the primary ISP.(Mental Note-DNS needs to be considered if you have services that need to be accessed inbound-wise). Then setup a nat cmd for the global to what needs to be one-to-many NATed.
Now your 3660 should have an ethernet interface and two WAN interfaces. Now setup two default routes(and floating default) like talisker and wybnormal suggested. You will need turn on RIP on the two serials(passive) and have your provider send you a default route if you need redundancy a few hops down the road.
The major dilemma is that even if the primary route goes down you still have a NAT issue. Setup NAT on the 3660s ethernet(ip nat inside) and secondary WAN interface(ip nat outside). Use your secondary ISP addressing for setting this up. Then you will NAT the already NATed traffic from the PIX when traffic uses the secondary ISP WAN interface. And the default floating route or the default route that your provider will provide(if you need multihop failover) will take care of the routing failover.
I thought of a better and very clean way to your problem using MPLS while writing this since you do have a 3660, but that might be a little to advanced for the forum. If you guys want me to write that solution, let me know.
rlluis@tampabay.rr.com. -Later.

 

[kerb9977]

I've have been following this thread with interest.
It would be great if mavenccie could write about mpls solution, in this forum och perhaps on an faq?