Following thread could be a useful reference for those who may want to configure a Cisco router to do load balancing on outbound traffic across 2 Internet connections (i.e. Cable/DSL); by utilize OER (Optimized Edge Routing) with only static routes to each line (without deploying BGP at all on either line).

»Cisco router with "load balancing"

Contributed by: Angralitux

Note:

Keep in mind that some applications require consistent IP address at all times. If you use multiple public IP addresses to connect to hosts within the Internet (either outbound or inbound), then your connections might not be stable or even fail to connect.

Check out the following FAQ for more info regarding the use of multiple IP addresses for redundancy to keep stable connections.

»Cisco Forum FAQ »Redundant Link Graceful Internet Load Balance/Failover

Sample Configuration

Below is a full working sample configuration based on the thread:



Network Setup

The above sample configuration comes from Cisco 2620XM with NM-4E module installed, running Cisco IOS 12.4.3 version. The Ethernet 1/0 goes to a NAT box #1 that connect to ISP #1 and the Ethernet 1/1 goes to another NAT box #2 of ISP #2. NAT box #1 inside interface that goes to the Ethernet 1/0 has IP address of 172.16.0.1. Likewise, the NAT box #2 inside interface that faces the Ethernet 1/1 has IP address of 172.16.0.5. Each NAT box outside interface IP address is the corresponding public IP address from their own ISP. As the LAN side, there are FastEthernet 0/0.21 and FastEthernet 0/0.22 on the 2620XM.

Please note that to make the OER works, your router setup does not necessary have to be exactly the same as the sample. The LAN side can be only one subnet for example.

Keep in mind that as prerequisite, the router needs to be able to go out to the Internet via either ISP. This sample configuration assumes basic connections to either ISP are already working. When this is not the case, please refer to different FAQ topics on how to properly setup your router (i.e. PPP/PPPoE/PPPoA, Static, DHCP).

Another essential issue is that how I setup the network. As previously mentioned, I use one dedicated NAT box for each ISP connection. Therefore the NAT and PAT process are not done at the 2620XM router. Instead they are done at each of the NAT box. The diagram below shows the network setup:

The reason I use dedicated NAT box for each ISP connection is the following. NAT and PAT process (according to the "industry standard" or RFC) only allows one traffic (one-one relationship); from single inside to single outside, and from single outside to single inside. In short; once the NAT process decides that single traffic from one host to use the interface Ethernet 1/0 (ISP #1), it cannot just easily change to the interface Ethernet 1/1 (ISP #2); and vice versa. To keep the NAT and PAT works as usual and integrate them with OER, I then use dedicated NAT box for each ISP. As implementation, you can use smaller router or a PIX 501 as the NAT box.

Expected Behavior

To get a better understanding of how OER works, here is the routing table of static routes from the 2620XM router:

Router>show ip route static

As you can verify, the above subnets are the Yahoo! website IP addresses and others. From the configuration, you can see that static routes to those subnets are not added manually; instead it is OER doing. It is the OER process that decide "the best route" for specific IP address destination, and put them as static routes.

Note that the above routing table comes up when the outbound traffic are light. When the traffic are heavier, you will see many more static routes the OER process adds.

Field notice

Note the prefix-list below if implementing active-probing (mode monitor active) from egress interfaces: ip prefix-list OER seq 10 permit 0.0.0.0/0 The 0.0.0.0/0 prefix will never timeout and will always show in the MTC table, thus any and all prefixes ever learned will always be probed every "periodic" time, regardless if the more specific learned prefix has timed out. The 0.0.0.0/0 prefix still has to probe something, so it just doesn't choose a random prefix, it probes ALL that it ever knew. You'll see that the active probes magically appear for every single prefix that has EVER been learned will begin probing them all. To get around this, don't specify the 0.0.0.0/0 as a parent route, rather use the default behavior (which is learn all routes). That way that 0.0.0.0/0 prefix is never in the MTC and thus the active probes associated with it are gone for good. Regular prefixes will timeout per the "expire after time" as well as it's associated probes. This was tested with 12.4(15)T11 on 3700 series routers. Didn't test using "monitor mode both" which uses active and passive monitoring.

OER Evolution: PfR (Performance Routing)

Cisco Performance Routing (PfR) FAQs
Performance Routing Configuration Guide
Load balancing using Performance Routing pfr/OER
Configuring Advanced Performance Routing

Discussions

»[Config] Dual WAN with OER/PfR