In today’s networks, WAN redundancy is very important even in small networks. To have a truly redundant WAN connectivity, you must use two different ISP connections.
However, there is a catch here. You need to use BGP dynamic routing protocol (usually), which adds some complexity and extra requirements.
In most cases, you will need two dedicated IPv4 network subnets. The biggest problem you will encounter is that IPv4 addresses have been depleted since 31 January 2011 and the few blocks available for sale are very expensive.
However, there is an alternative and cheaper solution. If you don’t require a whole public subnet, you can have primary and backup WAN connections and use NAT for both links with automatic fail over.
This scenario however will work only for networks having outbound traffic (i.e only traffic from inside LAN towards the Internet).
In the following example I will show you such a connection topology that will prove useful in many network scenarios.
Note: You can still use a BGP connection with each of the providers announcing a default route, but usually it comes with a fee. In this topology we will use two floating static default routes.
Network Scenario
In the diagram below, we have two WAN connections (ISP1 main connection and ISP2 Backup connection). We just need to provide Internet access for the internal LAN subnet.
Equipment Used
We are using a dual wan Cisco 891-k9 router with IOS c880data-universalk9-mz.153-3.M2.bin
Router Configuration
Configuration of the interfaces
interface GigabitEthernet0
description Internet_ISP1_Main
ip address 10.10.10.10 255.255.255.0
no ip proxy-arp
ip nat outside <—— enables NAT on this interface
interface FastEthernet8
description Internet_ISP2_Back-up
ip address 100.100.100.100 255.255.255.0
no ip proxy-arp
ip nat outside <—— enables NAT on this interface
interface Vlan1
description Local_Area_Network
ip address 192.168.1.1 255.255.255.0
ip nat inside <—— traffic generated within this interfaces will be nated
Configure the ACL that matches the LAN network
ip access-list extended NAT_LAN
permit ip 192.168.1.0 0.0.0.255 any
Configure the route maps that will select which traffic will be NATed for each WAN interface
route-map NAT_ISP1_Main permit 10
match ip address NAT_LAN <——- Matches the ACL configured to match the LAN network
match interface GigabitEthernet0 <—– Matches the specific WAN interface
!
route-map NAT_ISP2_Back-up permit 10
match ip address NAT_LAN <——— Matches the ACL configured to match the LAN network
match interface FastEthernet8 <—– Matches the specific WAN interface
Configure an IP SLA responder and tracking
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0 <—— Pings google DNS using the specific interface
frequency 30 <—— Ping’s are sent at 30s intervals
ip sla schedule 1 life forever start-time now <—— The SLA responder is activated and will never stop
track 1 ip sla 1 <——- A track object is created using IPSLA1
Add the default routes
ip route 0.0.0.0 0.0.0.0 10.10.10.1 track 1
ip route 0.0.0.0 0.0.0.0 100.100.100.1 30
As long as track 1 object is Up, the first route will be installed in the routing table. If track 1 changes state to down then the route will be removed from the routing table (floating route) and the second default route with metric 30 will be installed in the routing table.
Enable NAT
ip nat inside source route-map NAT_ISP1_Main interface GigabitEthernet0 overload
ip nat inside source route-map NAT_ISP2_Back-up interface FastEthernet8 overload
This a simple, cheap and easy method to have automatic fail over for your internet connection.
For more reading on failover and redundancy examples, see this is post here for HSRP with object tracking.
DOWNLOAD ARTICLE AS PDF FILE
Related Posts
- How to Configure a Loopback Interface on Cisco Router & Switch
- Comparison of Static vs Dynamic Routing in TCP/IP Networks
- Cisco OSPF DR-BDR Election in Broadcast Networks – Configuration Example
- How to Configure Port Forwarding on Cisco Router (With Examples)
- Adjusting MSS and MTU on Cisco 800 routers for PPPoE over DSL