Sunday, March 4, 2018

Cisco Performance Routing - Dual ISP's, Single Router


Summary

In this post I'll discuss how to set up dual ISP links in a sample scenario using a single Cisco router with Performance Routing (PfR).  Traditionally, dual links could be set up with Policy-Based Routing (PBR) and IP-SLA.  An example of that here.  The combination of those two would yield fail-over functionality upon loss of one of the two links.  It would not provide load-balancing of those links though.  PfR provides both.

Scenario

Below is a diagram of the example dual ISP scenario.  One connection is to a DSL provider; the other to a wireless ISP (WISP).  Available bandwidth on the links is grossly imbalanced, by a factor of 8.  A dialer interface (PPOE) to an ATM interface connects the DSL ISP.  There is a Gig Ethernet connection to the WISP.  Behind the router/firewall are clients on private-range IP addresses.  Two internet-facing web servers are segregated into a DMZ.



Interface Configurations

ISP Link 1 - DSL ISP - Dialer

The PfR-important items are highlighted below.  You need to set an accurate figure for the expected bandwidth on the link and set load statistics interval to the lowest setting (30 sec).  Also note that both interfaces are designated as 'outside' for NAT.
  1.  interface Dialer1
  2.  bandwidth 8000
  3.  ip address negotiated
  4.  ip access-group fwacl in
  5.  ip mtu 1492
  6.  ip nat outside
  7.  ip inspect outside_outCBAC out
  8.  ip virtual-reassembly in
  9.  encapsulation ppp
  10.  ip tcp adjust-mss 1452
  11.  load-interval 30
  12.  dialer pool 1
  13.  dialer-group 1
  14.  ppp authentication pap callin
  15.  ppp chap refuse
  16.  ppp pap sent-username yourUsername password yourPwd
  17.  no cdp enable

ISP Link 2 - Wireless ISP - GigE

  1. interface GigabitEthernet0/1
  2.  bandwidth 64000
  3.  ip address 2.2.2.2 255.255.255.0
  4.  ip access-group fwacl in
  5.  ip nat outside
  6.  ip inspect outside_outCBAC out
  7.  ip virtual-reassembly in
  8.  load-interval 30
  9.  duplex auto
  10.  speed auto
  11.  no cdp enable

Internal Link - GigE

The link to the LAN is configured as NAT inside.
  1. interface GigabitEthernet1/0
  2.  ip address 10.10.10.10 255.255.255.0
  3.  ip nat inside
  4.  ip virtual-reassembly in
  5.  load-interval 30

Routing Configuration


Routing for this scenario is very simple.  Just 2 static default routes to the next hop on the respective ISP's.
  1. ip route 0.0.0.0 0.0.0.0 1.1.1.1
  2. ip route 0.0.0.0 0.0.0.0 2.2.2.1

NAT Configuration

The item of interest is the 'oer' command on the NAT inside commands.  This alleviates a potential issue with unicast reverse-path forwarding.  It's discussed in detail here.

  1. route-map wispnat_routemap permit 1
  2.  match ip address nat_acl
  3.  match interface GigabitEthernet0/1
  4.  
  5. route-map dslnat_routemap permit 2
  6.  match ip address nat_acl
  7.  match interface Dialer1
  8.  
  9. ip nat inside source route-map dslnat_routemap interface Dialer1 overload oer
  10. ip nat inside source route-map wispnat_routemap interface GigabitEthernet0/1 overload oer
  11.  
  12. ip nat inside source static tcp 192.168.40.60 80 interface Dialer1 80
  13. ip nat inside source static tcp 192.168.40.60 443 interface Dialer1 443
  14. ip nat inside source static tcp 192.168.40.61 80 interface GigabitEthernet0/1 80
  15. ip nat inside source static tcp 192.168.40.61 443 interface GigabitEthernet0/1 443
  16.  

PfR Configuration

Loopback Interface + Key Chain

These are used for communication between the Master and Border elements of PfR.
  1. interface Loopback0
  2.  ip address 192.168.200.1 255.255.255.0
  3.  
  4. key chain pfr
  5.  key 0
  6.   key-string 7 071F275E450C00

PfR Border Router Config

Really simple config for the border component.
  1. pfr border
  2.  logging
  3.  local Loopback0
  4.  master 192.168.200.1 key-chain pfr

PfR Master Router Config

Configuring the Master is easy as well.  In fact, just defining the key-chain and the internal+external interfaces is enough to enable basic load-balancing + fail-over.  PfR will aggregrate routes on IP address prefixes and balance across those routes across the 2 ISP links.  The extra commands below specify to keep the utilization of the two links within 10 percent of each other, use delay as route learning parameter, evaluate policies every 3 minutes, and make delay the top priority for policy.
  1. pfr master
  2.  max-range-utilization percent 10
  3.  logging
  4.  !
  5.  border 192.168.200.1 key-chain pfr
  6.   interface GigabitEthernet1/0 internal
  7.   interface Dialer1 external
  8.   interface GigabitEthernet0/1 external
  9.  !
  10.  learn
  11.   delay
  12.  periodic 180
  13.  resolve delay priority 1 variance 10

Copyright ©1993-2024 Joey E Whelan, All rights reserved.

Posted by at