1. Overview
It is a common scenario today that a network whether a small or an enterprise network would need a network load balancer to load balance LAN IP subnets with two or more different ISP connections for performance optimization purpose. Most of the case, people want end user LAN can access to internet with different ISP from server farm LAN. To achieve the objective of ISP load balancing for LAN IP subnets of a network, we can use Policy Based routing PBR on Cisco router.
In this tutorial will show how to configure dual ISP load balancing on two Cisco routers with Policy-based routing PBR on Cisco router to load balance two IP subnets, end user LAN and server farm LAN. End user LAN will access to internet via ISP01 and server farm LAN will access to the internet via ISP02.
2. Prerequisites
In this article of how to configure dual ISP load balancing on two Cisco routers, it is assumed that:
a. you already have GNS3 VM virtual server installed up and running on your computer. In case that you don’t, please refer to this link. Installing GNS3 VM on VMware Workstation
b. You know how to configure NAT, network address translation, on Cisco router. If you do not, you can refer this link Configuring Network Address Translation (NAT) on Cisco Router.
3. Lab Scenario Setup
To demonstrate how to configure dual WAN load balancing on two Cisco routers , we will set up a GNS3 lab as the following IP network diagram.
There are seven Cisco routers in the LAB setup. R1, R2, and R3 are the routers in customer network and the other two routers, ISP01 and ISP02, will act like two different ISP, so we have multiple internet connections for the customer network. ISP01 is used serve internet connection for end user computer LAN which is 10.10.10.0/24 and ISP02 is used serve internet connection for server farm LAN which is 20.20.20.0/24. There is one router PC1 within the LAN network acting as end user computer client and one router Server01 act as a dedicated server in server farm LAN.
Now let configure the IP address setting on PC1.
# int f0/0
ip add 10.10.10.20 255.255.255.0
no sh
# ip route 0.0.0.0 0.0.0.0 10.10.10.1
On Server01, configure the IP address setting as the following.
# int f0/0
ip add 20.20.20.30 255.255.255.0
no sh
# ip route 0.0.0.0 0.0.0.0 20.20.20.1
On customer router R1 configure the following IP address settings
# int f0/0
ip add 10.10.10.1 255.255.255.0
no sh
# int f0/1
ip add 20.20.20.1 255.255.255.0
no sh
# int f1/0
ip add 30.30.30.1 255.255.255.252
no sh
# int f1/1
ip add 40.40.40.1 255.255.255.252
no sh
On customer router R2 configure the following IP address settings.
# int f0/0
ip add 30.30.30.2 255.255.255.252
no sh
# int f0/1
ip add 100.100.100.1 255.255.255.252
no sh
On customer router R3 configure the following IP address settings.
# int f0/0
ip add 40.40.40.2 255.255.255.252
no sh
# int f0/1
ip add 200.200.200.1 255.255.255.252
no sh
On ISP01 router, configure the following IP address settings
# int f0/0
ip add 100.100.100.2 255.255.255.252
no sh
# int f0/1
ip add 102.102.102.1 255.255.255.252
no sh
On ISP02 router, configure the following IP address settings
# int f0/0
ip add 200.200.200.2 255.255.255.252
no sh
# int f0/1
ip add 102.102.102.2 255.255.255.252
no sh
To connect ISP01 to ISP02 we need to configure a routing protocol. It can be the static routing or dynamic routing protocol, but in our case now let use OSPF dynamic routing protocol to connect these two ISP.
On ISP01 router, configure OSPF dynamic routing protocol as the below.
# router ospf 1
net 102.102.102.0 0.0.0.3 area 1
net 100.100.100.0 0.0.0.3 area 1
On ISP02 router, configure OSPF dynamic routing protocol as the below.
# router ospf 1
net 102.102.102.0 0.0.0.3 area 1
net 200.200.200.0 0.0.0.3 area 1
4. Configure Dual ISP load balancing on Two Cisco Routers
The first thing that we need to do here to have ISP load balancing with multiple internet connections is to configure dynamic NAT, dynamic network address translation, on Cisco routers R2 and R3 that connected directly to ISP routers. So, clients computers in user LAN and servers in server farm LAN within the internal network can reach to internet.
To configure dynamic NAT on Cisco router R2 and R3, we need to create an ACL to contain the IP address to be NATed. In below ACL, we allow all IP in the client computers in user LAN and servers in server farm LAN can access to the internet.
On R2 router, create a access control list ACL as the below.
# ip access-list standard ACL-UserLAN
permit 10.10.10.0 0.0.0.255
On R3 router, create a access control list ACL as the below.
# ip access-list standard ACL-ServerLAN
permit 20.20.20.0 0.0.0.25
After configured an access control list , then we need to configure dynamic NAT with the created ACL above.
Apply the follow Dynamic NAT configuration on customer Cisco routers R2.
# int f0/0
ip nat inside
# int f0/1
ip nat outside
# ip nat inside source list ACL-UserLAN int f0/1 overload
Apply the follow Dynamic NAT configuration on customer Cisco routers R3.
# int f0/0
ip nat inside
# int f0/1
ip nat outside
# ip nat inside source list ACL-ServerLAN int f0/1 over
We also need default routes to be configured on each Cisco routers,R2 and R3, that connected directly to each ISP for client within the internet network can reach the internet. A static router also need on both routers,R2 and R3 to get traffic back to customer router R1.
Apply the following default routes and static router configuration on Cisco router R2.
# ip route 0.0.0.0 0.0.0.0 100.100.100.2 # ip route 10.10.10.0 255.255.255.0 30.30.30.1
Apply the following default routes and static router configuration on Cisco router R3.
# ip route 0.0.0.0 0.0.0.0 200.200.200.2 # ip route 10.10.10.0 255.255.255.0 40.40.40.1
Now we need to configure Policy-based routing PBR on Cisco router with dual wan connection R1. Policy-based routing PBR will manage to forward the traffic from end user computer LAN 10.10.10.0/24 to the internet via ISP01 and server farm LAN to the internet via ISP02.
# route-map PBR-UserLAN permit 10
set ip next-hop 30.30.30.2
match ip address ACL-UserLAN
# route-map PBR-ServerLAN permit 10
set ip next-hop 40.40.40.2
match ip address ACL-ServerLAN
Then, we need to apply the Policy-based routing PBR configured above into the interfaces that connected to end user LAN and server farm LAN.
# int f0/0
ip policy route-map PBR-UserLAN
# int f0/1
ip policy route-map PBR-ServerLAN
5. Verify and Test
To test if the configuration of ISP load balancing with multiple internet connections work or not, we can ping to the public IP address these two ISP which is 102.102.102.1 or 102.102.102.2 from end user computer LAN PC1 or Server01 in server farm LAN. We should get the following successful result.
PC1# ping 102.102.102.2 Sending 5, 100-byte ICMP Echos to 102.102.102.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/52/76 msServer01# ping 102.102.102.1 Sending 5, 100-byte ICMP Echos to 102.102.102.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/64/72 ms
After we know that ping to the public IP address of these two ISP is successful, we can check the traceroute command to see which path that it go to reach that public IP address. Base on the following traceroute result, it reach 102.102.102.2 via ISP01.
PC1# traceroute 102.102.102.2 1 10.10.10.1 32 msec 24 msec 8 msec 2 30.30.30.2 8 msec 32 msec 20 msec 3 100.100.100.2 16 msec 36 msec 28 msec 4 102.102.102.2 64 msec 52 msec 60 msec Server01# traceroute 102.102.102.1 1 20.20.20.1 32 msec 12 msec 12 msec 2 40.40.40.2 8 msec 20 msec 32 msec 3 200.200.200.2 28 msec 40 msec 32 msec 4 102.102.102.1 64 msec 52 msec 72 msec
Base on the following traceroute result, we can see that end user computer PC1 can reach 102.102.102.2 via ISP01 and Server01 in server farm can reach 102.102.102.1 via ISP02.
Let also check the NAT configuration of ISP load balancing with multiple internet connections work or not. For end user LAN 10.10.10.0/24 should be NATed to the IP address of ISP01 On R2 router and for server farm LAN 20.20.20.0/24 should be NATed to the IP address of ISP02 on R3 router.
Here is the NAT result on R2 router.
R2# sh ip nat translations Pro Inside global Inside local Outside local Outside global udp 100.100.100.1:49350 10.10.10.20:49350 102.102.102.2:33440 102.102.102.2:33440 udp 100.100.100.1:49351 10.10.10.20:49351 102.102.102.2:33441 102.102.102.2:33441
Here is the NAT result on R3 router.
R3# sh ip nat translations Pro Inside global Inside local Outside local Outside global udp 200.200.200.1:49259 20.20.20.30:49259 102.102.102.1:33440 102.102.102.1:33440 udp 200.200.200.1:49260 20.20.20.30:49260 102.102.102.1:33441 102.102.102.1:33441
6. Conclusion
That’s all about how to configure dual ISP load balancing on two Cisco routerr from Tech Space KH. This is a cheap and simple method to achieve the objective of ISP load balancing with multiple internet connections. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.
