cisco logoThere is Cisco router of 7200 series with 4 FastEthernet interfaces (FE) and 2 serial ports. It should act as load balancer and failover for LAN connected to it via one FE 1/0 interface while two identical Internet connections are going to FE 0/0 and FE 0/1 (let’s name these connections as ISP_1 and ISP_2).

No dynamic routing protocols are used by ISPs but only static routing. The primary task is to ensure quick failover between two Internet connections so LAN users are automatically switched to ISP_2 if ISP_1 fails and vice versa. When both ISP_1 and ISP_2 are online the traffic of LAN users should be shared between two links to double available bandwidth on uplink (Tx) and downlink (Rx), in other words the router should be configured for load balancing between the links. You can see a network diagram below:

Load balancing setup description

There are two basic options available: per-destination or per-packet load balancing. Since ISP_1 and ISP_2 connections have almost the same link characteristics including delay, jitter and bandwidth, it is reasonable idea to pick per-packet option. In comparison to per-destination load balancing approach per-packet uses more router’s hardware resources but makes it possible to share traffic between connections more evenly. For better forwarding performance the router will be configured for Cisco Express Forwarding or simply CEF per-packet load balancing.

Failover description

Every 30 seconds the router will ping two IP addresses through ISP_1 and two other IP addresses via ISP_2. If both IPs via ISP_1 becomes unreachable (we assume that ISP_1 connection fails in this case) the router will delete ISP_1′s route from its routing table so ISP_2 becomes the only Internet connection for LAN users. Meantime the router still continues pinging two ISP_1′s IP addresses and once they become reachable back ISP_1 is added to ISP_2 as an active Internet connection link. Such failover scenario works in absolutely the same way for ISP_2. Usually this is reasonable idea to ping IP addresses of each provider’s DNS servers when monitoring availability of each ISP.

Miscellaneous details

Notice that CEF per-packet load balancing requires IOS version of 12.0+ while failover setup described above needs 12.4+ IOS version so you have to make sure your Cisco router runs at least 12.4 version of operating system. E.g. c7200-ik9o3s-mz.124-12c.bin would be ok.

Cisco router’s configuration with comments

! This line enables Cisco Express Forwarding (CEF)
ip cef
!
ip sla monitor 1
 type echo protocol ipIcmpEcho 10.0.0.100 source-interface FastEthernet0/0
 ! IP address 10.0.0.100 is primary DNS of ISP_1
 timeout 1000
 threshold 250
 frequency 30
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
 type echo protocol ipIcmpEcho 10.0.0.101 source-interface FastEthernet0/0
 ! IP address 10.0.0.101 is secondary DNS of ISP_1
 timeout 1000
 threshold 250
 frequency 30
ip sla monitor schedule 2 life forever start-time now
!
!
ip sla monitor 3
 type echo protocol ipIcmpEcho 20.0.0.100 source-interface FastEthernet0/1
 ! IP address 20.0.0.100 is primary DNS of ISP_2
 timeout 1000
 threshold 250
 frequency 30
ip sla monitor schedule 3 life forever start-time now
ip sla monitor 4
 type echo protocol ipIcmpEcho 20.0.0.101 source-interface FastEthernet0/1
 ! IP address 20.0.0.101 is primary DNS of ISP_2
 timeout 1000
 threshold 250
 frequency 30
ip sla monitor schedule 4 life forever start-time now
!
!
track 1 rtr 1 reachability
track 2 rtr 2 reachability
track 3 rtr 3 reachability
track 4 rtr 4 reachability
!
! Tracker for ISP_1
track 10 list boolean or
 object 1
 object 2
!
! Tracker for ISP_2
track 20 list boolean or
 object 3
 object 4
!
! Interface connected to ISP_1
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.0
 ip load-sharing per-packet
 duplex auto
 speed auto
!
! Interface connected to ISP_2
interface FastEthernet0/1
 ip address 20.0.0.2 255.255.255.0
 ip load-sharing per-packet
 duplex auto
 speed auto
!
! Interface connected to LAN
interface FastEthernet1/0
 ip address 192.168.100.2 255.255.255.0
 ip load-sharing per-packet
 duplex auto
 speed auto
!
! Two equal cost static routes to ISP_1 and ISP_2
ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 10
ip route 0.0.0.0 0.0.0.0 20.0.0.1 track 20
!

 

9 Comments

 

  1. February 1, 2012  7:51 pm by Karl Reply

    You are almost correct. This looks good in theory but does not actually work. The reason being your SLA statements are not an accurate representation of the actual connectivity. In order for this to work, you must also add static PERMINANT routes for each of the DNS servers that the SLAs track out their perspective gateways. Without this addition you will never get this to work. I know because I do this all day long every day.

  2. February 13, 2012  3:01 pm by Muddasir Reply

    Hi Karl,

    Can you please send a sample config with the static permanent route for two ISP
    along with the natting for two wan interface with same Lan subnet and Interface.


    Thanks in advance

  3. February 13, 2012  3:02 pm by Muddasir Reply

    Thanks to all who can help with the sample config Paste !

  4. March 30, 2012  6:27 pm by fruit mocking party Reply

    Excellent blog! Do you have any hints for aspiring writers? I'm planning to start my own blog soon but I'm a little lost on everything. Would you suggest starting with a free platform like Wordpress or go for a paid option? There are so many options out there that I'm totally confused .. Any suggestions? Thanks!

  5. June 12, 2012  3:23 am by piover6 Reply

    What does threshold do?

  6. November 6, 2012  8:48 pm by mokhtar Reply

    Dear all,
    can we have the step by step config on how to finish this configuration like it was done above by
    "Cisco Load Balancing with Failover setup example"
    Your time is very appreciated.
    Regards Mokhtar

  7. April 4, 2013  1:47 am by bancuri cu alinutza noi Reply

    I tend not to leave a lot of responses, but i did a few
    searching and wound up here Cisco Load Balancing with
    Failover setup example - LinuxScrew: Linux Blog. And I actually do have a couple of questions for
    you if you don't mind. Could it be simply me or does it look like a few of the comments appear like they are coming from brain dead visitors? :-P And, if you are posting at other online social sites, I would like to keep up with anything fresh you have to post. Could you make a list of every one of your public sites like your Facebook page, twitter feed, or linkedin profile?

  8. May 25, 2013  5:03 pm by Robert Reply

    hi all,
    Excellent jobs. I try this configuration On may router with one LAN interface it was successful. But with two LAN interface it was not success. In my case a have 2 ATM interface for ISP connection, 1 with PPPoE configuration the 2nd with Bridge Group, 1st LAN for User and 2nd LAN for the Server access only from Bridge Group. The First LAN can't sharing connection on the two Internet ISP.
    Some one can have recommendation for me !!!

  9. June 17, 2013  6:33 pm by Increase your web traffic Reply

    3nd is 100% google frendly, increases its ranks in google without using any type of backlinks or black hat techniques

Leave a reply

 

Your email address will not be published.