Hello,
for a particular installation I have set up two internet connections - one via leased line with fixed static IP addresses, the other one with PPPoE and dynamic IP addresses.
The latter is a typical consumer product, i.e. "dirt cheap", high bandwidth downstream and billed flat. The leased line is a "business product" and offers less bandwidth, but symmetrical and with lower RTTs and better SLAs.
The customer intends to use the cheap line for HTTP downloads as long as it is available. This was not that difficult to set up via policy routing:
- the leased line:
------------------- interface FastEthernet1 description leased line uplink ip address x.y.z.42 255.255.255.252
ip route 0.0.0.0 0.0.0.0 x.y.z.41 250
interface Vlan3 description static network assigned by provider ip address x.y.z.57 255.255.255.248 ip nat inside ip route-cache policy ip policy route-map no-http
See below for the NAT and policy config.
- The cheap line:
------------------ interface FastEthernet0 description TDSL-Flat no ip address pppoe-client dial-pool-number 1
interface Dialer1 description TDSL-Flat 1 ip address negotiated ip mtu 1448 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer enable-timeout 2 dialer persistent dialer-group 1 ... (deleted PPP auth parameters)
ip route 0.0.0.0 0.0.0.0 Dialer1 dialer-list 1 protocol ip permit
ip nat inside source list nat interface Dialer1 overload
ip access-list extended nat permit ip x.y.z.56 0.0.0.7 any deny ip any any
So we are NATing the official IP addresses assigned by the provider for the leased line for all traffic that is sent out the cheap one.
- The policy route-map
----------------------- ip access-list extended no-http deny tcp any any eq www permit ip any any
route-map no-http permit 10 match ip address no-http set ip next-hop x.y.z.41
This sends anything but traffic destined to port 80 out the leased line and leaves traffic to port 80 alone, so it's send out the cheap line.
The entire setup works as intended but for one minor point. In case the cheap PPPoE line fails, we want to use the leased line for HTTP traffic. I intended to do this via a floating static route, hence the two default route entries you see above.
Unfortunately it seems not to work that way. If I administratively shutdown Dialer1, the result is as expected. The route to Dialer1 is deleted from the routing table and the route to x.y.z.41 is used.
But this is not the common mode of failure of that PPPoE line. If I simulate a failure on the cheap provider's side by administratively shutting down Fa0, the Dialer1 obviously times out and shuts down, eventually. Yet, the default route to Dialer1 is not deleted. The Dialer1 interface stays "up, line protocol is up (spoofing)", so the route stays in the routing table.
Any hints on how to solve this greatly appreciated.
Thanks, Patrick