Multiple wan load balancer

Hi team,
I have 4 ISP connected to a router when one ISP goes down I need to manually change to another ISP
Is there any utm box which support auto load balancer

I am also looking for the solutions for this problem. You got any solution then Please share with us.
Regards
Abhishek

Similar Messages

MULTIPLE LISTENER의 LOAD BALANCING 및 2개의 NETWORK CARD 사용 시 SETUP

제품 : SQL*NET
작성날짜 : 1997-11-24
MULTIPLE LISTENER의 LOAD BALANCING 및 2개의 NETWORK CARD 사용 시 SETUP
=====================================================================
Oracle V7.3의 SQL*Net 2.3의 새로운 기능으로 여러 개의 Listener를 띄우면서
상호 Load Balancing을 유지하는 기능을 소개하고자 한다.
Load Balancing 기능을 이용하여 각각의 Listener와 Oracle Instance 간의
Overloading을 줄일 수 있다.
다음의 예는 하나의 장비 내에 2개의 Network Card가 있을 경우에 대해 setup을
하는 방법이며 만일 하나의 Network Card가 있을 경우는 Host는 하나만 지정
하면 된다.
1. init<SID>.ora file을 지정할 Parameter
MTS_MULTIPLE_LISTENERS=TRUE
COMPATIBLE=7.3.2.0
2. 예를 들어 Listener를 2개 사용하는 경우라면 initSID.ora에
mts_dispatchers="tcp,10"
mts_max_dispatchers=20
mts_servers=20
mts_max_servers=40
mts_service=ORA73
mts_listener_address="(address_list=
(address=(protocol=tcp)(port=1621)(host=152.69.30.100))
mts_listener_address="(address_list=
(address=(protocol=tcp)(port=1622)(host=152.69.30.100))
mts_listener_address="(address_list=
(address=(protocol=tcp)(port=1623)(host=152.69.30.102))
mts_listener_address="(address_list=
(address=(protocol=tcp)(port=1624)(host=152.69.30.102))
3. listener.ora file에 설정되는 내용은
LISTENER1 =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = tcp)
(HOST = 152.69.30.100)
(PORT=1621)
(ADDRESS =
(PROTOCOL = tcp)
(HOST = 152.69.30.100)
(PORT=1622)
LISTENER2 =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = tcp)
(HOST = 152.69.30.102)
(PORT=1623)
(ADDRESS =
(PROTOCOL = tcp)
(HOST = 152.69.30.102)
(PORT=1624)
SID_LIST_LISTENER1 =
(SID_LIST =
(SID_DESC =
(SID_NAME = ORA73)
(ORACLE_HOME=/oracle2/ora73/app/oracle/product/7.3.2)
SID_LIST_LISTENER2 =
(SID_LIST =
(SID_DESC =
(SID_NAME = ORA73)
(ORACLE_HOME=/oracle2/ora73/app/oracle/product/7.3.2)
STARTUP_WAIT_TIME_LISTENER1 = 0
STARTUP_WAIT_TIME_LISTENER2 = 0
CONNECT_TIMEOUT_LISTENER1 = 0
CONNECT_TIMEOUT_LISTENER2 = 0
4. tnsnames.ora file에 설정되는 내용들
* 다수의 port에 Random하게 접속하는 경우
RANDOM =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host = 152.69.30.100)
(Port = 1621)
(CONNECT_DATA =
(SID = ORA73)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host = 152.69.30.100)
(Port = 1622)
(CONNECT_DATA =
(SID = ORA73)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host = 152.69.30.102)
(Port = 1623)
(CONNECT_DATA =
(SID = ORA73)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host = 152.69.30.102)
(Port = 1624)
(CONNECT_DATA =
(SID = ORA73)
* 개개의 Port로 접속하는 경우
TORA1 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host =krrcsun)
(Port = 1621)
(CONNECT_DATA =
(SID = ORA73)
TORA2 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host =krrcsun)
(Port = 1622)
(CONNECT_DATA =
(SID = ORA73)
TORA3 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host =krrcsun)
(Port = 1623)
(CONNECT_DATA =
(SID = ORA73)
TORA4 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(Host =krrcsun)
(Port = 1624)
(CONNECT_DATA =
(SID = ORA73)
5. 각각의 Listener를 띄우는 방법
$ lsnrctl start LISTENER1
$ lsnrctl start LISTENER2

WAN load balancing

Hello
I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing
so I add two route : 0.0.0.0 0.0.0.0 dialer1 and 0.0.0.0 0.0.0.0 fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN
from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : 0.0.0.0 0.0.0.0 dialer 150
0.0.0.0 0.0.0.0 fa1. Any idea.

Hi Richard
I come back with more details:
First I try to setup router with WAN failover like this:
route-map SDM_RMAP_1 permit 1
match ip address 101
match interface FastEthernet0/0
route-map SDM_RMAP_2 permit 1
match ip address 102
match interface Dialer1
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.26.60.0 0.0.0.255 any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 102 protocol ip permit
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.1 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable
ip route 0.0.0.0 0.0.0.0 x.x.x.x 150
ip route 0.0.0.0 0.0.0.0 y.y.y.y track 1
interface FastEthernet0/0
ip address x.x.x.x
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
interface FastEthernet0/1
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ...............
ppp chap password 7 010109085702121F33434A0014524343
ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
no cdp enable
crypto map SDM_CMAP_1
track timer interface 5
track 1 ip sla 1 reachability
delay down 15 up 10
ip sla 1
icmp-echo a.b.c.d source-interface y.y.y.y
timeout 5000
threshold 40
frequency 6000
ip sla schedule 1 life forever start-time now
And I want to achive the following results:
All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.
And I have one server with few services ( DNS, WWW, MAIL...) which must use just x.x.x.x connection if this failed dosen't matter if this services not working.
But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW with x.x.x.x connection ( IP ) if I change default route like :
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 1
ip route 0.0.0.0 0.0.0.0 y.y.y.y 150
it's working

SRP541W WAN Load Balancing and NAT

Hello All,
New to the forums. Thanks for taking the time to read my post. I recently switched my office over from a RV042 to SRP541W. We have 2 DSL lines and have used the Load Balance feature on the RV42 to make the best of the connecton speeds. When setting up the SRP541W when i select load balancing it tells me NAT should be disabled. Why is that? I see a place to input static routes but Im not entirly sure what needs to be done here to set this up correctly. Any input would be appriciated. Also right off the bat we had some issues with access to Google Docs and Mail. I think its becuase those sites dont like seeing access from multiple IPs (fromt the Dual WAN) so I set up a entry in Policy Routing directing all traffic from port 443 to go through one WAN, is this the right way to do this?
Thanks!
Mike-

Dear Mike,
Thank you and welcome to the Small Business Support Community.
It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
The Policy Routing setting you setup is exactly what I would do in your case.
I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.

ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

Hello guys
Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
Thanks in advance
Sayre

Hello Sayre-
For Question #1:
Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
You can configure Radius and Profiling to be enabled on other interfaces
Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
Take a look at this link for more info:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
For Question #2
If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations.
The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
–Option 12—HostName of the client
–Option 60—The Vendor Class Identifier
After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
I hope this helps!
Thank you for rating helpful posts!

WAN Load-Balancing and multi VLAN design

Hello,
I need some help to define the design of a specifi LAN-WAN network.
1) There are 2 independant WAN entries (they have their own ISP-managed router)
2) I need to load-balanced the requests over the 2 WAN
3) If possible, the load-balancer must be redundant (GLBP ?)
4) On the LAN itself, there must be 15 different VLAN
5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
What do I need to implement this configuration ?
And is it possible to configure with as much GUI as possible ?
Thanks in advance for your help.

Dear Mike,
Thank you and welcome to the Small Business Support Community.
It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
The Policy Routing setting you setup is exactly what I would do in your case.
I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.

Multiple roles load balancing on Ms Exchange 2010

Dear list member !
Currently. I installed Ms Exchange SP3 Multiple roles on a single server. I have been planning deploy add a member exchange 2010 SP3 for redundancy DAG but these are
people also IT operation told to me so install CAS, HUB, MB Roles will Load balancing CAS, DAG based on TWO Server "Ex 2010 SP3:". Following Microsoft document, then almost do not that.<o:p></o:p>
Please feedback to able or unable
very appreciate

Hi,
To load balance CAS servers, you need to use the Windows Network Load Balancing or the Hardware Load Balancing. For more details about this, you can refer to the following article.
Understanding Load Balancing in Exchange 2010
http://technet.microsoft.com/en-gb/library/ff625247(v=exchg.141).aspx#options
If you want to deploy DAG in your environment and you also want to load balance your CAS servers, it is recommended to install Mailbox server role and CAS role on different servers. Because DAG members utilize Windows Failover Clustering, which can’t co-exist
with WNLB. Of course, you can choose to use HLB to load balance CAS servers.
Best regards,
Belinda
Belinda Ma
TechNet Community Support

Cisco RV042 - Dual Wan Load Balancing - Secure Site (HTTPS) Trouble

PID VID :
RV042 V03
Firmware Version :
v4.0.0.07-tm (Aug 19 2010 19:19:50)
Ever since I setup my RV042 with load balancing using the Dual Wan system I have had trouble staying connected to some secure sites. After doing some searching I found that the potential issue is the IP change mid session.
"http://www.broadbandreports.com/forum/r25537589-Cisco-RV042-can-not-use-load-balancing-for-some-web-sites"
Although my interface is significantly different I was able to find the same area in my RV042 admin area however, it doesn't seem to work.
System Management
> Dual Wan
In Wan 1 & Wan 2 I have HTTPS and HTTPS Secondary all forwarded to use Wan 2 under Protocol Binding
This however has not managed to do anything at all for my network and every computer conneceted experiences the same HTTPS irregularities at some websites.
I'm sure I must be doing something wrong, but I don't know what it is.
Both incoming connections are from the same service provider although the plans are different.
Any help with this would greatly help me stop losing my mind trying to fight with my website control panel for 10 minutes to just login and get something done.
Thanks

Any ideas or advice from anyone?

New ASA5512- 5515: content filter and WAN load balancing

Hi,
it's possible to make the content filter with the new models of asa?
One of our customers would like to have content filter with the possibiliy to monitor the single client activity (log).
It' s possible also make the load balancing between 2 WAN?
Now in HQ they have 2 WAN with WAN backup (ASA5505) and VPN to another site.
Thanks in advance,
Paolo.

I saw that you can add CX feature:
CX - Context Aware Security Feature:
Cisco ASA CX Context-Aware Security is a modular security service that extends the ASA platform with next-generation capabilities. It is available with SSD purchase for model such as 5512-X, 5515-X, 5525-X, 55545-X and 5555-X.
Application Visibility Control (AVC):
This is additional feature in CX. Activation of this feature require seperate license. This is the feature that do deep packet inspection for Application recognition. provide context-aware firewall security.
Web Security Essentials (WSE):
This is additional feature in CX. Activation of this feature require seperate license. It deliver features like "URL Filtering" and "Global Threat Intelligence".
Can somebody confirm that?
Have somebody already used and configured this features?
Thank you,
Paolo.

RV320 - Dual WAN - Load Balance Problem

Hi all,
I've just bought a RV320 Dual WAN router an try to get it running. My network setup looks lice the picture attached.
I have 2 WAN Connections:
- Router 1 (16Mbit Down / 512kbit up) - no public WAN IP
- Router 2 (3 Mbit Down / 512kbit up) - Fixed public IP
Router 1 ist connected to WAN1 and router 2 to WAN2 port on the RV320.
I have enabled load balancing mode.
Qustions:
1.
I want WAN1 to be the primary line to be used until capacity reached.
Currently for some reason I don't understand the cisco always uses WAN2.
That's not good as all browsing and downloading is limited to 3mbit.
When I switch to "fail-over" mode and set primry live to WAN1 that works, but WAN2 is not kept alive.
2.
I am using VOIP and need to route all VOIP traffic to WAN2 interface.
The best would be to tell the router IP 192.168.177.9 (voip phone) should use WAN2. So far I didn't figure out how to do that.
Can I put VOIP into one VLAN group and allocated VLAN to one specific WAN interface?
Brgds

So, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets.
If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP - UDP ports 16384-32767 to the phone IP.
Regards,
Kremena

Configuring 2 css11503s for multiple service load-balancing

first here's my present config on one of my CSS11503:
!************************** CIRCUIT **************************
circuit VLAN33
ip address 19.10.28.211 255.255.255.0
ip virtual-router 2 priority 110 preempt
ip redundant-vip 2 19.10.28.210
ip critical-service 2 UpstreamRouter
circuit VLAN200
ip address 10.15.15.251 255.255.255.0
ip virtual-router 1 priority 110 preempt
ip redundant-interface 1 10.15.15.1
ip critical-service 1 UpstreamRouter
!************************** SERVICE **************************
service BrowServ-1
ip address 10.15.15.21
redundant-index 1
protocol tcp
port 80
active
service BrowServ-2
ip address 10.15.15.22
redundant-index 2
protocol tcp
port 80
active
service UpstreamRouter
ip address 19.10.28.1
active
!*************************** OWNER ***************************
owner BrowServ_Owner
content BrowServ_Rule
add service BrowServ-1
add service BrowServ-2
vip address 19.10.28.210
redundant-index 1
active
!*************************** GROUP ***************************
group BrowServ_Group
vip address 19.10.28.210
add service BrowServ-1
add service BrowServ-2
redundant-index 1
active
here are my questions:
1) how do I configure an additional vip address? e.g. I'd like to configure a vip - 19.10.28.215 to load-balance http traffic to 10.15.15.25 and 10.15.15.26?
2) I presently have a static route in my core router "ip route 10.15.15.0 255.255.255.0 19.10.28.210". (this enables the load-balanced servers to connect to Oracle servers on the Core network). do I need to configure a new route on my core router when I add the additional vip 19.10.28.215?
relevant references and/or examples will be much appreciated.
dayo

1/ configure the following :
service web1
ip address 10.15.15.25
active
service web
ip address 10.15.15.26
active
content WEB
vip address 19.10.28.215
proto tcp
port 80
add service web1
add service web2
active
2/ I would create a redundant-interface and point your static route to this redundant ip address.
you should not use vip address in static route.
VIP address should only be used when you want to reach the vip address not a when you want a direct connection to the real server.
Gilles.

Multiple ISP load balancing

Hi All,
I am having three ISP link at location and I want to use all of them for my outgoing Internet traffic,Can anyone help me how can I accomplish this.
Thanks
SS

What is the routing protocol used in your router?
Is all three links are connected in a single router?
Generally, if you add three default routes to three links with same AD, it does equal cost load balancing. Also if CEF is runnig, by default, it does per destination load balancing.

WAN load balancing question

Hello All,
I need some help on below.
- ISP-1 provided two routers (R1 and R2), each router connect to a different internet circuit (ISP-1 and ISP-2 circuits)
- Locally have a customer router (R3)
- Locally have a public DMZ (203.xxx.xxx.xxx/24)
Requirement:-
1. Incoming/Outgoing traffics to/from DMZ should via both circuits equally (Load Balance)
2. R3 need to know where to route to internet
3. When there is outage on either internet circuit, no outage should occur. All traffics will route on the working circuit
Attach diagram what i think it will work base on the requirement. But i am not sure how the actual router configuraiton should look likes.
If it will not work base on the diagram, please help advice how can it be done.
Appreciate your time.
Regards,
Christopher

Hello All,
I need some help on below.
- ISP-1 provided two routers (R1 and R2), each router connect to a different internet circuit (ISP-1 and ISP-2 circuits)
- Locally have a customer router (R3)
- Locally have a public DMZ (203.xxx.xxx.xxx/24)
Requirement:-
1. Incoming/Outgoing traffics to/from DMZ should via both circuits equally (Load Balance)
2. R3 need to know where to route to internet
3. When there is outage on either internet circuit, no outage should occur. All traffics will route on the working circuit
Attach diagram what i think it will work base on the requirement. But i am not sure how the actual router configuraiton should look likes.
If it will not work base on the diagram, please help advice how can it be done.
Appreciate your time.
Regards,
Christopher

Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

David,
We've used Resonate (software) to load balance the gateways. It allows
you to group all the gateways under 1 virtual URL and load balance the
incoming connections over each gateway depending on the rules that you
define in Resonate. Look in the SUN portal whitepapers there is one that
talks about it specifically.
As far as load balancing the calls to the portals, the gateways will
automatically load balance across all the portals that they know about
using a simple round-robin rotation. You may be able to use Resonate in
front of the portals but you may need to activate persistance within
Resonate to ensure that the user always ends up on the portal that he
established his initial connection on (if you want that), check with Sun
on this one.
David Broeren wrote:
Recommended configuration for load balanced Portal with load balancer,
multiple gateways and multiple servers.
Does anyone have a recommended network, hardware and software
configuration guide for a Portal installation running with multiple
gateways load balanced (ie one URL) that talk to multiple servers?
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base!

Load balancing weirdness using NAT and same-metric route

Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

Hello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".

Multiple wan load balancer

Similar Messages

Maybe you are looking for