Dual ISP access to achieve Load Balancing mutual backup and Policy Routing

Source: Internet
Author: User
Tags domain lookup

650) this. width = 650; "src =" http://img1.51cto.com/attachment/201309/163818372.jpg "title =" QQ20130925160851.jpg "alt =" 163818372.jpg"/>

Lab environment:

R1 uplink lines are R2 and R3 respectively, R2, R3, and R4 communicate through OSPF.


Purpose:

By default, C1 accesses R4 through the connection between R1 and R2. If the line between R1 and R2 is interrupted, R4.

By default, C2 accesses R4 through the connection between R1 and R3. If the line between R1 and R3 is interrupted, R4.


The configuration is as follows:


R1 (config-if) # do sh run

Building configuration...


Current configuration: 2055 bytes

!

Version 12.4:

Service timestamps debug datetime msec

Service timestamps log datetime msec

No service password-encryption

!

Hostname R1

!

Boot-start-marker

Boot-end-marker

!

!

No aaa new-model

Memory-size iomem 5

Ip cef

!

!

!

!

No ip domain lookup

Ip domain name lab. local

!

Multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

Interface FastEthernet0/0

Ip address 10.10.10.2 255.255.255.0

Ip nat outside

Ip virtual-reassembly

Shutdown

Duplex auto

Speed auto

!

Interface FastEthernet0/1

Ip address 192.168.1.2 255.255.255.0

Ip nat outside

Ip virtual-reassembly

Duplex auto

Speed auto

!

Interface FastEthernet1/0

Ip address 40.40.40.1 255.255.255.0 secondary

Ip address 30.30.30.1 255.255.0

Ip nat inside

Ip virtual-reassembly

Ip policy route-map load

Note: load the policy route to the f1/0 Port

Duplex auto

Speed auto

!

Ip route 0.0.0.0 0.0.0.0 192.168.1.1

Ip route 0.0.0.0 0.0.0.0 10.10.10.1

!

!

No ip http server

No ip http secure-server


Ip nat inside source route-map test1 interface FastEthernet0/0 overload



Note: If you want to go to R2, the conversion exit is fa0/0. If you want to go to R2 normally, use fa0/0 for public network address conversion.


Ip nat inside source route-map test2 interface FastEthernet0/1 overload


Note: If you want to go to R2, the switch exit is FA0/1. The function is to go to the primary interface FA0/0 of R2, in this case, only the public IP address of the FA0/1 interface is used for conversion.


Ip nat inside source route-map test3 interface FastEthernet0/1 overload


Note: If you want to go to R3, the conversion exit is fa0/1. If you want to go to R3 normally, use fa0/1 for public network address conversion.


Ip nat inside source route-map test4 interface FastEthernet0/0 overload


Note: If you are going to R3 and the switch exit is FA0/0, the function is to go to the primary interface of R3, FA0/1 down, in this case, only the public IP address of the FA0/0 interface is used for conversion.




Access-list 1 permit 30.30.30.0 0.0.255


Note: access to the 30.30.30.0 network segment is allowed.


Access-list 2 permit 40.40.40.0 0.0.255


Note: access to the 40.40.40.0 network segment is allowed.

!

!

Route-map load permit 10

Match ip address 1

Set interface FastEthernet0/0

Set default interface FastEthernet0/1


Note: The policy route name is load. If the policy route matches the route to R2, the egress value is set to FA0/0 port China Telecom egress.) If FA0/0 is DOWN, set the default exit to FA0/1 and R3 exit ).

!

Route-map load permit 20

Match ip address 2

Set interface FastEthernet0/1

Set default interface FastEthernet0/0


NOTE: If 10 is not matched, 20 is matched DOWN, and the IP address destined for the R3 network segment is matched. The exit is set to FA0/1. If FA0/1 is DOWN, set the default exit to FA0/0 and R2 ).

!

Route-map test4 permit 10

Match ip address 2

Match interface FastEthernet0/0


Note: You must match the IP address segment to R3 and the exit must be FA0/0. If the two conditions are met, nat translation is performed for the two conditions. This statement is mainly used for backup. When the fa0/1 port is DOWN, only the fa0/0 port can be used.

!

Route-map test2 permit 10

Match ip address 1

Match interface FastEthernet0/1


Note: To match the IP address segment to R2, the exit must also be FA0/1. If the two conditions are met, nat translation is performed for the two conditions. This statement is mainly used for backup. When the fa0/0 port is DOWN, only the fa0/1 port can be used.

!


Route-map test3 permit 10

Match ip address 2

Match interface FastEthernet0/1


Note: You must match the IP address segment to R3 and the exit must be FA0/1. If the two conditions are met, nat translation is performed for the two conditions.

!

Route-map test1 permit 10

Match ip address 1

Match interface FastEthernet0/0


Note: You must match the IP address segment to R2, And the egress must be FA0/0 Telecom outlet ). If the two conditions are met, nat translation is performed for the two conditions.

!

!

!

!

Control-plane

!

!

!

Line con 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line aux 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line vty 0 4

Login

!

!

End


This article from the "Endless learning" blog, please be sure to keep this source http://johnsz.blog.51cto.com/525379/1301681

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.