router help needed ....urgent

Hi Techies....

I'm stuck in a problem....as i'm not very well with cisco routers...

I have a cisco router 1800 series with a 4 port fast ethernet card. now i have attached both the internet isp's (A and B) over ethernet to this router, now what i need is that all my traffic for internet from lan A (192.168.1.0/24) should be routed to isp A and all from lan B (10.220.16.0/24)should be routed to isp B.

Please ckick the link for the diagram.

formatting link
Thanks..............

Reply to
TheGoD
Loading thread data ...

Hi Techies....

I'm stuck in a problem....as i'm not very well with cisco routers...

I have a cisco router 1800 series with a 4 port fast ethernet card. now i have attached both the internet isp's (A and B) over ethernet to this router, now what i need is that all my traffic for internet from lan A (192.168.1.0/24) should be routed to isp A and all from lan B (10.220.16.0/24)should be routed to isp B.

Please ckick the link for the diagram.

formatting link
Thanks..............

Reply to
TheGoD

diagram.http://img248.imageshack.us/my.php?image=drawing1jq5.jpg>

Policy-based routing is your only option. Else all traffic will take one path, the other, or both (depending on your configuration), but will not be split based on source network. Search policy-based routing or PBR on cisco, lots of good documentation.

Reply to
Trendkill

diagram.http://img248.imageshack.us/my.php?image=drawing1jq5.jpg>

This only solves one part of the routing equation in that traffic out to the Internet will indeed leave the connection specified, however it does not influence the way the traffic will return to your network which is normally more important (load balancing inbound flows which are much larger normally than the outbound flows). That cannot be solved by the end customer without using some very creative routing and even then you are at the mercy of your provider to make it work. Normally you would use BGP for that and you would split your IP address pools in half or more and advertise one half to one provider, and the other half to the other. At the same time you would advertise a summary of the entire pool to both providers for failover purposes. This is a very complex problem in large networks which have large amounts of IP space that they can use to load balance. Even then, you have to look at what servers reside in that IP segment (or pool) and determine if you are truly load balancing (ie if your largest servers all sit in the same /24 and you are advertising /24 networks to your upstream provider then most of your traffic will still only use one link). If both links are to the same ISP router then you can use BGP MED (communities) to influence it but again provider dependent.

Reply to
carlfugate

Where did the OP mention redundancy or the need to load balance anything? They specifically stated that they want this subnet on ISP1 and this subnet on ISP2. You're refering to corporations/businesses who "own" their own block of IP's who want to multi-home to different ISP's. The OP mentioned an

1800 series, so thats most likely not the case here. In the OP's case there is absolutely no need for BGP or any other routing protocol as the IP's will be nat'd going out their designated interfaces and the return traffic would follow that same path thru the appropriate ISP. As the first responder stated already, policy based routing is the only available option without adding more hardware such as a Radware type solution for what the OP requested.
Reply to
Brian V

Hmm...I guess if I was paying for two links to the Internet even just for Web browsing, it would be pretty silly not to very easily put in the ability to use both links. My argument still stands though, it doesn't matter if you PBR the traffic out one link or the other, your at the mercy of the Internet routing tables to determine how its going to come back to you so you may send it out on link 1, but everything may come back in link 2.

Reply to
carlfugate

When you are using PBR it specifically tells this internal subnet to go out this pipe and the other internal subnet to go out the other pipe. Each one of those pipes has a unique public subnet associated to it. Your traffic will ALWAYS come back in the correct pipe. You are again thinking enterprise class routing that owns it own class C (or greater) that is running BGP with multiple providors. These days business has shifted to smaller address blocks, takes an arm and a leg to get larger IP blocks and most providors won't route/advertise anything smaller than a /23.

Reply to
Brian V

Brian is correct. The traffic will return based on the IP address that it left with. If you try and spoof the IP address to use the other connection chances are that it won't work at all as almost all internet routers won't allow source addressing.

But why use PBR. I think that is too complicated for something so simple. It is the NAT config that is most important here, and I would also suggest that there is no point in using 2 ethernet ports on the router. Why not just put the 2 internet feeds into a hub/switch and connect the router by 1 ethernet port and use IP routing and NAT to determine the best route to use. If you NAT the traffic onto the relevant network and have 2 default routes only 1 default route will be legal for the NATed traffic so will be the one used.

try this >>>>>>>

ip nat pool ISPa ip nat pool ISPb ip nat inside source list 1 pool ISPa overload ip nat inside source list 2 pool ISPb overload access-list 1 permit 192.168.1.0 0.0.0.255 access-list 2 permit 10.220.16.0 0.0.0.255 ip route 0.0.0.0 0.0.0.0 ip route 0.0.0.0 0.0.0.0

Reply to
""tim"

It's not as simple as it appears. If you were to do it that way every other packet would try to go to the internet "un-nat'd" and be dropped. Think about it, using your IP's with equal cost routing....a packet from the

192.168.1.x subnet comes along, the router has 2 equal cost routes, first packet goes out ISPa and gets NAT'd since it matches the rule, no problem, the next packet comes along and goes out ISPb but since there is no NAT's rule that matches that packet it goes to ISPb un-nat'd and is dropped. Same thing would happen for the 10.220.16.x subnet. The only possible way to do this type setup is with PBR or using some other type of device such as a Radware that can manipulate destination based on source address.
Reply to
Brian V

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.