Dual ISP access to achieve Load Balancing mutual backup and Policy Routing

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/163818372.jpg "title =" QQ20130925160851.jpg "alt =" 163818372.jpg"/>

Lab environment:

R1 uplink lines are R2 and R3 respectively, R2, R3, and R4 communicate through OSPF.

Purpose:

By default, C1 accesses R4 through the connection between R1 and R2. If the line between R1 and R2 is interrupted, R4.

By default, C2 accesses R4 through the connection between R1 and R3. If the line between R1 and R3 is interrupted, R4.

The configuration is as follows:

R1 (config-if) # do sh run

Building configuration...

Current configuration: 2055 bytes

!

Version 12.4:

Service timestamps debug datetime msec

Service timestamps log datetime msec

No service password-encryption

!

Hostname R1

!

Boot-start-marker

Boot-end-marker

!

!

No aaa new-model

Memory-size iomem 5

Ip cef

!

!

!

!

No ip domain lookup

Ip domain name lab. local

!

Multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

Interface FastEthernet0/0

Ip address 10.10.10.2 255.255.255.0

Ip nat outside

Ip virtual-reassembly

Shutdown

Duplex auto

Speed auto

!

Interface FastEthernet0/1

Ip address 192.168.1.2 255.255.255.0

Ip nat outside

Ip virtual-reassembly

Duplex auto

Speed auto

!

Interface FastEthernet1/0

Ip address 40.40.40.1 255.255.255.0 secondary

Ip address 30.30.30.1 255.255.0

Ip nat inside

Ip virtual-reassembly

Ip policy route-map load

Note: load the policy route to the f1/0 Port

Duplex auto

Speed auto

!

Ip route 0.0.0.0 0.0.0.0 192.168.1.1

Ip route 0.0.0.0 0.0.0.0 10.10.10.1

!

!

No ip http server

No ip http secure-server

Ip nat inside source route-map test1 interface FastEthernet0/0 overload

Note: If you want to go to R2, the conversion exit is fa0/0. If you want to go to R2 normally, use fa0/0 for public network address conversion.

Ip nat inside source route-map test2 interface FastEthernet0/1 overload

Note: If you want to go to R2, the switch exit is FA0/1. The function is to go to the primary interface FA0/0 of R2, in this case, only the public IP address of the FA0/1 interface is used for conversion.

Ip nat inside source route-map test3 interface FastEthernet0/1 overload

Note: If you want to go to R3, the conversion exit is fa0/1. If you want to go to R3 normally, use fa0/1 for public network address conversion.

Ip nat inside source route-map test4 interface FastEthernet0/0 overload

Note: If you are going to R3 and the switch exit is FA0/0, the function is to go to the primary interface of R3, FA0/1 down, in this case, only the public IP address of the FA0/0 interface is used for conversion.

Access-list 1 permit 30.30.30.0 0.0.255

Note: access to the 30.30.30.0 network segment is allowed.

Access-list 2 permit 40.40.40.0 0.0.255

Note: access to the 40.40.40.0 network segment is allowed.

!

!

Route-map load permit 10

Match ip address 1

Set interface FastEthernet0/0

Set default interface FastEthernet0/1

Note: The policy route name is load. If the policy route matches the route to R2, the egress value is set to FA0/0 port China Telecom egress.) If FA0/0 is DOWN, set the default exit to FA0/1 and R3 exit ).

!

Route-map load permit 20

Match ip address 2

Set interface FastEthernet0/1

Set default interface FastEthernet0/0

NOTE: If 10 is not matched, 20 is matched DOWN, and the IP address destined for the R3 network segment is matched. The exit is set to FA0/1. If FA0/1 is DOWN, set the default exit to FA0/0 and R2 ).

!

Route-map test4 permit 10

Match ip address 2

Match interface FastEthernet0/0

Note: You must match the IP address segment to R3 and the exit must be FA0/0. If the two conditions are met, nat translation is performed for the two conditions. This statement is mainly used for backup. When the fa0/1 port is DOWN, only the fa0/0 port can be used.

!

Route-map test2 permit 10

Match ip address 1

Match interface FastEthernet0/1

Note: To match the IP address segment to R2, the exit must also be FA0/1. If the two conditions are met, nat translation is performed for the two conditions. This statement is mainly used for backup. When the fa0/0 port is DOWN, only the fa0/1 port can be used.

!

Route-map test3 permit 10

Match ip address 2

Match interface FastEthernet0/1

Note: You must match the IP address segment to R3 and the exit must be FA0/1. If the two conditions are met, nat translation is performed for the two conditions.

!

Route-map test1 permit 10

Match ip address 1

Match interface FastEthernet0/0

Note: You must match the IP address segment to R2, And the egress must be FA0/0 Telecom outlet ). If the two conditions are met, nat translation is performed for the two conditions.

!

!

!

!

Control-plane

!

!

!

Line con 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line aux 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line vty 0 4

Login

!

!

End

This article from the "Endless learning" blog, please be sure to keep this source http://johnsz.blog.51cto.com/525379/1301681