dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



Following thread could be a useful reference for those who may want to configure a Cisco router to do load balancing on outbound traffic across 2 Internet connections (i.e. Cable/DSL); by utilize OER (Optimized Edge Routing) with only static routes to each line (without deploying BGP at all on either line).

»Cisco router with "load balancing"

Contributed by: Angralitux See Profile

Note:

Keep in mind that some applications require consistent IP address at all times. If you use multiple public IP addresses to connect to hosts within the Internet (either outbound or inbound), then your connections might not be stable or even fail to connect.

Check out the following FAQ for more info regarding the use of multiple IP addresses for redundancy to keep stable connections.

»Cisco Forum FAQ »Redundant Link Graceful Internet Load Balance/Failover

Sample Configuration

Below is a full working sample configuration based on the thread:

version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
!
resource policy
!
ip subnet-zero
!
!
!
!
ip cef
vpdn enable
!
!
clns routing
!
!
!
key chain cisco0
 key 1
  key-string 7 *******
!
!
!
!
!
!
!
!
!
!
!
!
oer master
 policy-rules OER
 max-range-utilization percent 10
 keepalive 1
 !
 border 192.168.20.1 key-chain cisco0
  interface FastEthernet0/0.21 internal
  interface FastEthernet0/0.22 internal
  interface Ethernet1/0 external
  interface Ethernet1/1 external
 !
 learn
  throughput
  delay
  periodic-interval 1
  monitor-period 2
  prefixes 200
  expire after time 1
  aggregation-type prefix-length 32
 max prefix total 2500
 backoff 180 360
 mode route control
 mode select-exit best
 periodic 180
 resolve loss priority 1 variance 1
 resolve delay priority 2 variance 1
 resolve utilization priority 3 variance 1
 resolve range priority 5
!
oer border
 local Loopback0
 active-probe address source interface Ethernet1/0
 master 192.168.20.1 key-chain cisco0
!
!
!
!
!
!
!
bba-group pppoe global
!
!
interface Loopback0
 description OER Master Controller
 ip address 192.168.20.1 255.255.255.255
!
interface FastEthernet0/0
 description To L2 Switch port 15
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 description Native VLAN Trunking
 encapsulation dot1Q 1 native
 ip address 192.168.205.1 255.255.255.248
!
interface FastEthernet0/0.21
 description To Switch A port 10
 encapsulation dot1Q 21
 ip address 192.168.21.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.22
 description To Switch B port 2
 encapsulation dot1Q 22
 ip address 192.168.22.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
!
!
interface Ethernet1/0
 description To NAT box of ISP #1
 ip address 172.16.0.2 255.255.255.252
 full-duplex
!
interface Ethernet1/1
 description To NAT box of ISP #2
 ip address 172.16.0.6 255.255.255.252
 ip virtual-reassembly
 full-duplex
!
interface Ethernet1/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/3
 no ip address
 shutdown
 half-duplex
!
!
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip route 0.0.0.0 0.0.0.0 172.16.0.5
!
!
no ip http server
no ip http secure-server
!
ip prefix-list OER seq 10 permit 0.0.0.0/0
!
access-list 20 remark Approved IP addresses
access-list 20 permit 10.0.0.0 0.255.255.255
access-list 20 permit 172.16.0.0 0.15.255.255
access-list 20 permit 192.168.0.0 0.0.255.255
dialer-list 2 protocol ip permit
no cdp run
!
!
!
oer-map OER 10
 match ip address prefix-list OER
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 20 in
 password 7 ******
 login
!
!
end
 

Network Setup

The above sample configuration comes from Cisco 2620XM with NM-4E module installed, running Cisco IOS 12.4.3 version. The Ethernet 1/0 goes to a NAT box #1 that connect to ISP #1 and the Ethernet 1/1 goes to another NAT box #2 of ISP #2. NAT box #1 inside interface that goes to the Ethernet 1/0 has IP address of 172.16.0.1. Likewise, the NAT box #2 inside interface that faces the Ethernet 1/1 has IP address of 172.16.0.5. Each NAT box outside interface IP address is the corresponding public IP address from their own ISP. As the LAN side, there are FastEthernet 0/0.21 and FastEthernet 0/0.22 on the 2620XM.

Please note that to make the OER works, your router setup does not necessary have to be exactly the same as the sample. The LAN side can be only one subnet for example.

Keep in mind that as prerequisite, the router needs to be able to go out to the Internet via either ISP. This sample configuration assumes basic connections to either ISP are already working. When this is not the case, please refer to different FAQ topics on how to properly setup your router (i.e. PPP/PPPoE/PPPoA, Static, DHCP).

Another essential issue is that how I setup the network. As previously mentioned, I use one dedicated NAT box for each ISP connection. Therefore the NAT and PAT process are not done at the 2620XM router. Instead they are done at each of the NAT box. The diagram below shows the network setup:
          ---- ISP #1 --- NAT box ---+
+--- 1st OER external (int e1/0)
INTERNET Router --- LAN
+--- 2nd OER external (int e1/1)
---- ISP #2 --- NAT box ---+

The reason I use dedicated NAT box for each ISP connection is the following. NAT and PAT process (according to the "industry standard" or RFC) only allows one traffic (one-one relationship); from single inside to single outside, and from single outside to single inside. In short; once the NAT process decides that single traffic from one host to use the interface Ethernet 1/0 (ISP #1), it cannot just easily change to the interface Ethernet 1/1 (ISP #2); and vice versa. To keep the NAT and PAT works as usual and integrate them with OER, I then use dedicated NAT box for each ISP. As implementation, you can use smaller router or a PIX 501 as the NAT box.

Expected Behavior

To get a better understanding of how OER works, here is the routing table of static routes from the 2620XM router:

Router>show ip route static
     68.0.0.0/32 is subnetted, 2 subnets
S 68.142.194.14 [1/0] via 172.16.0.5
S 68.142.197.57 [1/0] via 172.16.0.5
64.0.0.0/32 is subnetted, 1 subnets
S 64.65.196.6 [1/0] via 172.16.0.5
216.109.119.0/32 is subnetted, 1 subnets
S 216.109.119.252 [1/0] via 172.16.0.5
66.0.0.0/32 is subnetted, 1 subnets
S 66.163.175.128 [1/0] via 172.16.0.1
216.73.87.0/32 is subnetted, 1 subnets
S 216.73.87.187 [1/0] via 172.16.0.1
216.155.193.0/32 is subnetted, 2 subnets
S 216.155.193.186 [1/0] via 172.16.0.1
S 216.155.193.184 [1/0] via 172.16.0.1
12.0.0.0/32 is subnetted, 1 subnets
S 12.130.60.2 [1/0] via 172.16.0.5
216.109.127.0/32 is subnetted, 1 subnets
S 216.109.127.60 [1/0] via 172.16.0.1
192.149.252.0/32 is subnetted, 1 subnets
S 192.149.252.44 [1/0] via 172.16.0.5
S* 0.0.0.0/0 [1/0] via 172.16.0.1
[1/0] via 172.16.0.5

As you can verify, the above subnets are the Yahoo! website IP addresses and others. From the configuration, you can see that static routes to those subnets are not added manually; instead it is OER doing. It is the OER process that decide "the best route" for specific IP address destination, and put them as static routes.

Note that the above routing table comes up when the outbound traffic are light. When the traffic are heavier, you will see many more static routes the OER process adds.

Field notice

Note the prefix-list below if implementing active-probing (mode monitor active) from egress interfaces: ip prefix-list OER seq 10 permit 0.0.0.0/0 The 0.0.0.0/0 prefix will never timeout and will always show in the MTC table, thus any and all prefixes ever learned will always be probed every "periodic" time, regardless if the more specific learned prefix has timed out. The 0.0.0.0/0 prefix still has to probe something, so it just doesn't choose a random prefix, it probes ALL that it ever knew. You'll see that the active probes magically appear for every single prefix that has EVER been learned will begin probing them all. To get around this, don't specify the 0.0.0.0/0 as a parent route, rather use the default behavior (which is learn all routes). That way that 0.0.0.0/0 prefix is never in the MTC and thus the active probes associated with it are gone for good. Regular prefixes will timeout per the "expire after time" as well as it's associated probes. This was tested with 12.4(15)T11 on 3700 series routers. Didn't test using "monitor mode both" which uses active and passive monitoring.

OER Evolution: PfR (Performance Routing)

Cisco Performance Routing (PfR) FAQs
Performance Routing Configuration Guide
Load balancing using Performance Routing pfr/OER
Configuring Advanced Performance Routing

Some discussions

»[Config] Dual WAN with OER/PfR

Expand got feedback?

by Angralitux See Profile edited by aryoba See Profile
last modified: 2014-04-23 14:13:46