Two networks, One Server

[silverskymedia]

I have a set of servers that I want to set on two distinct networks.

The justification is: 1) Last Mile Network Redundancy 2) Load Balancing

It is very unlikely we will be allowed to run BGP for external routing so we're going to just do round-robin DNS. So we will have two distinct IP address ranges for each network. For the purposes of this question well say (Net1 = 60.25.33.128/28) and (Net2 = 152.22.23.0/28). I would also like to run OSPF (or some other internal routing) to balance between the two lines. I have a Cisco 2800 (2811) to route between the networks.

The Cisco router is currently configured to use 1 to 1 NAT (ip nat inside source static network 172.16.1.0 60.25.33.128 /28). With this configuration I am working fine on Net1. The problem is that when I bring in the second network I anticipate trouble. For one if I run the command ip nat inside source static network 172.16.1.0 152.22.23.0 /28 (if it will let me do that) the NAT is overlapped. And while the server won't know which network the traffic has originated (good thing) the router will not know which IP address to put back on the IP header which would make requests coming from the secondary network unable to receive a response.

If, however I were to do ip nat inside source static network 172.16.2.0 152.22.23.0 /28 instead (creating a new internal network) and just assign the server a 172.16.1.x and a 172.16.2.x IP address then that would fix the NAT problem but at that point I'm not sure the router will be able to effectively route packets through the best network available. The networks have very different line speeds and because the internal routing is round-robin DNS there could be a better return route. That is to say it should be fine for a packet that originated from the 60.25.33.128 network to be routed back through the 152.22.23.0 network so long as I preserve the originating IP address header.

Any ideas on the best way to configure the network / Cisco 2800 router to achieve my goal?

Thanks!

 

[dgrizzard]

The best way would be to use BGP and a load balancer. But like you said that isn't going to happen for whatever the reason may be. Your solution wouldn't work when it comes to preserving the originating ISP path though, this would need Source NAT'ing.

If it could work the only piece you would be missing is to set an IP routing policy on each of the 172.16.X.X interfaces on the router to set the next hop to whichever ISP you have on the static NAT. So if 172.16.2.x is on f0/0 (or even a subif) and the static NAT is set to ISP1, then create a policy route on that interface to set the next hop to ISP1's router.

The reason it (ISP preservation) won't work is when the server replies to a client it will just use whichever is its default next hop, which could be 172.16.1.x or 172.16.2.x router interface. In that case then your originating ISP would not be preserved. If you're doing HTTPS this might or might not break the SSL session (not too sure on all that). If it is straight HTTP or some other service it probably will not matter and you can get away with not preserving the originating ISP.

If preserving the ISP is not important I would send everything out the faster ISP connection and implement IP SLA tracking to failover to the other ISP for outbound if the faster ISP ever went down.