2 WIC's in same box

client wants to know if it's possible to have 2 wic's in the same router (2621) connecting up to 2 different isp (redundancy) and yet have them perform a function where certain packets are allowed on one wic where as other packets are allowed on the other wic. ex: WIC1 would handle a custome designed database; WIC2 would handle other traffic like http, email, etc Also we would have a config that in the event the mail WIC went out we could upload the config where WIC2 would handle the databsae application and WIC1 would be in a down state.

Thanks

Reply to
Jon L. Miller
Loading thread data ...

Not a problem as long as they are supported WICs for your platform/IOS release.

Policy routing is the term Cisco uses to describe this function. But care must be taken because it is easy to create black-holes with policy routing if simply applied blindly without thinking through the consequences of failures.

This can also be done by using two sets of public address spaces, one for each ISP. A lot depends upon whether communications are initially set up from inside or from outside.

This is a BAD idea unless you like taking service calls at 3:00 AM after a hard night of partying. This failover should be automated if at all possible. Otherwise you are looking at hours of downtime per failure rather than a few seconds to a few minutes.

Your situation is very common and typically very solvable. But a strong caution is in order: There are a wide range of available solutions, each optimal for a specific class of applications, so you need to understand what you really want in order to select a solution which will work for you. Careful attention to detail and full consideration of the limitations of the approach chosen are critical if the solution is going to improve availability rather than degrade it, because each solution also has critical weaknesses which makes them totally inappropriate for other classes of applications. Some of these weaknesses are not obvious (e.g. the impact of DNS cacheing on DNS hacks, when policies are applied to policy based NAT, etc.) and may not show up in simple test scenarios.

A few suggestions: email and your custom database should be trivial if they can support multiple IP addresses. Insiders surfing the web outside is doable, but there can be glitches during a cutover. Outsiders surfing a web server inside your location looks easy but can be down for hours for some users unless you use BGP multihoming.

Good luck and have fun!

Reply to
Vincent C Jones

If you run BGP with both your ISP's & advertise your public address space to both (being careful not to set yourself up as a peering point), then you can rely on BGP to provide the optimal path inboud & outbound. You can then add onto this PBR if you want to sepatate traffic by application, but what's the point ?

BL

Reply to
Buzz Lightbeer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.