Slow WAN connections [7:65158]
Hello All, I recently posted to the newsgroup about configuring a mulitple T1 connection to a single network. I have since then got the configuration up and running however the connection out to the net is very slow. I cannot seem to figure out why. Here is the basics of the config: Fasteth0ip address 172.16.100.2 ip nat inside Serial0 ip address 144.x.x.x ip nat outside Serial1ip address 65.x.x.x ip nat outside ip nat pool Qwest 65.120.161.167 65.120.161.190 netmask 255.255.255.224 ip nat pool Sprint 65.160.124.199 65.160.124.222 netmask 255.255.255.224 ip nat inside source route-map Qwest1 pool overload ip nat inside source route-map Sprint1 pool overload ip nat inside source static 172.16.100.5 65.120.161.162 ip nat inside source static 172.16.200.5 65.160.124.194 ip nat inside source static 172.16.100.6 65.120.161.163 ip nat inside source static 172.16.200.6 65.160.124.195 ip nat inside source static 172.16.100.7 65.120.161.164 ip nat inside source static 172.16.200.7 65.160.124.196 ip nat inside source static 172.16.100.8 65.120.161.165 ip nat inside source static 172.16.200.8 65.160.124.197 ip nat inside source static 172.16.100.9 65.120.161.166 ip nat inside source static 172.16.200.9 65.160.124.198 ip classless ip route 0.0.0.0 0.0.0.0 65.x.x.x ip route 0.0.0.0 0.0.0.0 144.x.x.x ip route 65.0.0.0 255.0.0.0 Serial1 ip route 144.0.0.0 255.0.0.0 Serial0 ip route 172.0.0.0 255.0.0.0 FastEthernet0 ip http server ! ! access-list 10 permit 172.16.100.0 0.0.0.255 access-list 10 permit 172.16.200.0 0.0.0.255 The Serial interfaces are not showing any kind of problems and packets are going out of each of them. Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65158t=65158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
slow wan connection [7:65165]
Hello All, I recently posted to the newsgroup about configuring a mulitple T1 connection to a single network. I have since then got the configuration up and running however the connection out to the net is very slow. I cannot seem to figure out why. Here is the basics of the config: Fasteth0ip address 172.16.100.2 ip nat inside Serial0 ip address 144.x.x.x ip nat outside Serial1ip address 65.x.x.x ip nat outside ip nat pool Qwest 65.120.161.167 65.120.161.190 netmask 255.255.255.224 ip nat pool Sprint 65.160.124.199 65.160.124.222 netmask 255.255.255.224 ip nat inside source route-map Qwest1 pool overload ip nat inside source route-map Sprint1 pool overload ip nat inside source static 172.16.100.5 65.120.161.162 ip nat inside source static 172.16.200.5 65.160.124.194 ip nat inside source static 172.16.100.6 65.120.161.163 ip nat inside source static 172.16.200.6 65.160.124.195 ip nat inside source static 172.16.100.7 65.120.161.164 ip nat inside source static 172.16.200.7 65.160.124.196 ip nat inside source static 172.16.100.8 65.120.161.165 ip nat inside source static 172.16.200.8 65.160.124.197 ip nat inside source static 172.16.100.9 65.120.161.166 ip nat inside source static 172.16.200.9 65.160.124.198 ip classless ip route 0.0.0.0 0.0.0.0 65.x.x.x ip route 0.0.0.0 0.0.0.0 144.x.x.x ip route 65.0.0.0 255.0.0.0 Serial1 ip route 144.0.0.0 255.0.0.0 Serial0 ip route 172.0.0.0 255.0.0.0 FastEthernet0 ip http server ! ! access-list 10 permit 172.16.100.0 0.0.0.255 access-list 10 permit 172.16.200.0 0.0.0.255 The Serial interfaces are not showing any kind of problems and packets are going out of each of them. Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65165t=65165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balancing and NAT [7:64904]
Hello all, I am attempting to setup a Cisco 1721 Router with load balancing and NAT so that we can provide a dual T1 connection to the network. This is the first time I have done anything like this and I was wanting to know if anyone had any good pointers they could give me or any commands that I should beware of or add. Thanks, Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64904t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
The T1's are from different providers, Qwest and Sprint. And no we will not be running BGP... Troy Leliard wrote in message news:[EMAIL PROTECTED] First big question, are your T1's from the same provider, or from a different provider, and thus different public ip address space? If it is from a different provider, you may well run into some problems with NAT. Say for example, client A connects to your webserver (via ISP A's public IP address that is assigned to you, say x.x.x.x) which is then Nat'd to your internal RFC1918 address That will work all fine and dandy, but what about if your default gateway is ISP B's T1. Outbound packets, returning to Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If Client A is behind a stateful firewall, return packets will be dropped, as it will have ISP B's SRC address, and it will be expecting ISP A's. There are a number of ways around this, but I will wait for more detauls before going on. Presumably you are not / will not be running BGP, and have your own AS? Terry Oldham wrote: Hello all, I am attempting to setup a Cisco 1721 Router with load balancing and NAT so that we can provide a dual T1 connection to the network. This is the first time I have done anything like this and I was wanting to know if anyone had any good pointers they could give me or any commands that I should beware of or add. Thanks, Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64910t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
More Info: FastEthernet Int0 172.16.100.2/24 Serial0144.228.52.114 255.255.255.252 Sprint IP Block 65.160.124.193 -65.160.124.222 Serial1 65.123.132.166 255.255.255.252 Qwest IP Block 65.120.161.161 - 65.120.161.190 Honestly I have bitten off a little more than I can chew on this one, however I really need to make it work so all and any advice will be taken. I have been talking with Cisco a little and here is the example they sent me: Current configuration : 1941 bytes version 12.2 service timestamps debug uptime service timestamps log datetime msec localtime show-timezone service password-encryption hostname Inet_Router logging buffered 4096 debugging enable secret 5 $1$L3f5$owQH/giYdx/Gui/nASA9F1 enable password 7 13041200045D51 ip subnet-zero ip cef ip name-server 198.6.1.122 interface FastEthernet0/0 ip address 10.30.25.201 255.255.255.0 ip nat inside speed 100 full-duplex interface Serial0/0 description Verio ip address 165.254.203.110 255.255.255.252 ip nat outside interface Serial0/1 description CableWireless ip address 166.63.156.102 255.255.255.252 ip nat outsid ip nat pool Verio 209.139.11.98 209.139.11.98 netmask 255.255.255.224 ip nat pool Cable 208.168.204.2 208.168.204.2 netmask 255.255.255.0 ip nat inside source route-map Cable1 pool Cable overload ip nat inside source route-map Verio1 pool Verio overload ip nat inside source static 10.30.25.27 209.139.11.122 ip nat inside source static 10.30.25.25 209.139.11.120 ip nat inside source static 10.30.25.63 209.139.11.111 ip nat inside source static 10.30.25.62 209.139.11.110 ip nat inside source static 10.30.25.33 208.168.204.6 ip nat inside source static 10.30.25.32 208.168.204.5 ip nat inside source static 10.30.25.31 209.139.11.101 ip nat inside source static 10.30.25.30 209.139.11.100 ip nat inside source static 10.30.25.137 209.139.11.105 ip classless ip route 0.0.0.0 0.0.0.0 165.254.203.109 ip route 0.0.0.0 0.0.0.0 166.63.156.101 ip route 10.0.0.0 255.0.0.0 FastEthernet0/0 ip http server ip pim bidir-enable access-list 10 permit 10.30.25.0 0.0.0.255 route-map Verio1 permit 10 match ip address 10 match interface Serial0/0 route-map Cable1 permit 10 match ip address 10 match interface Serial0/1 line con 0 login line aux 0 line vty 0 3 login line vty 4 login no scheduler allocate end Amar KHELIFI wrote in message news:[EMAIL PROTECTED] could u give us more info pls, as far as the IP's that you will be using. wasn't it u that wanted to assign 2 ip's for each server you have? if that is so,u can do the following: creat 2 VLAN's on ur switch. creat 2 subinterfaces on the router(must have fast ether) for the vlans. PBR every thing from ISP A to VLAN A, both ways. PBR every thing from ISP B to VLAN B, both ways. make sure the servers don't symetrically route the packets. with the above, u will have control over traffic that crosses ur router, but then which IP will the clients use, depends on the DNS config, wether it will load balance on DNS queries is also another issue, so more or less u will have no control over traffic coming to ur network. if you had ur own net block, it would be easy to load balance, u'd have to call ur ISP's they will give u a community that u will joing from which they will load balance, but you will need BGP, of courrse. but please give more information to further think it out. Terry Oldham a icrit dans le message de news: [EMAIL PROTECTED] The T1's are from different providers, Qwest and Sprint. And no we will not be running BGP... Troy Leliard wrote in message news:[EMAIL PROTECTED] First big question, are your T1's from the same provider, or from a different provider, and thus different public ip address space? If it is from a different provider, you may well run into some problems with NAT. Say for example, client A connects to your webserver (via ISP A's public IP address that is assigned to you, say x.x.x.x) which is then Nat'd to your internal RFC1918 address That will work all fine and dandy, but what about if your default gateway is ISP B's T1. Outbound packets, returning to Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If Client A is behind a stateful firewall, return packets will be dropped, as it will have ISP B's SRC address, and it will be expecting ISP A's. There are a number of ways around this, but I will wait for more detauls before going on. Presumably you are not / will not be running BGP, and have your own AS? Terry Oldham wrote: Hello all, I am attempting to setup a Cisco 1721 Router with load balancing and NAT so that we can provide a dual T1 connection to the network. This is the first time I have done anything like this and I was wanting to know if anyone had any good pointers they could give me or any
Re: Multiple WAN Connections to a Network [7:64469]
So from what I understand BGP is going to be difficult to get going. Basically we are too small a fish for them to worry about. How are others handling multiple T1 lines into their networks? I would think that this would be a common thing for companies to do. But I could be wrong it wouldn't be the first time. Troy Leliard wrote in message news:[EMAIL PROTECTED] True, getting a AS for a /27 could be quiet a challenge, and even harder trying to convince your bgp peers to advertise that. Fortunatley, I know play with a /16 and a /19. BUt when I was contracting for another compnay, I managed to get an AS for a /24, and get our peers to advertise it (was factored into out monthly bandwidth charges though). I know that there are some hacks out there that increase the intelligence of DNS servers, so that may still be an option. It depens on what SLA's you have to meet. Obviously the more strict your SLA requirements, the more cricital services are, and more likely the higher your budget. Anyways, moving away from the if and whens etc, lets look at possible solutions. Initially I thought what about NAT, but you can't have a many-to-one inbound nat, so we can't really do much with NAT. The only other option I can think of, (cheaply) ...see if you can get a /30 from each of the providers and use this for your WAN links to them, (of see if they would support IP unnumbered, although personally I am not a fan. This would mean that you could have both /27's for use on your internal ethernet, just as you suggested having one as a primary and the other a secondary. Hope this makes sense? Andrew Dorsett wrote: On Wed, 5 Mar 2003, Mark W. Odette II wrote: Can you even obtain an AS for BGP without a full Class C block of your own?? Mark - It doesn't matter how much IP Space you have to get an ASN. You have to meet ARIN guidelines. Those are 1. A unique routing policy. 2. A multi-homes site. http://www.arin.net/policy/asn.html But, you do have to convince your peers to advertise your small routes. That's the hard part. A lot of places don't like carrying /27 blocks around in their tables. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64610t=64469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multiple WAN Connections to a Network [7:64469]
Hello All, Here is what I have: Cisco 1721 Router 2 CSU/DSU WICs 1 Ethernet Port to Network HDLC Connection from Sprint HDLC Connection from QWEST Blocks of 32 IP addresses from each provider Here is what I have so far: I have both T1 lines running into the router, both of the serial ports/CSU-DSU appear to be fine and are showing UP. The Problem I am running into is when I set the ethernet port to a Primary and a Secondary IP address. I am setting these with numbers from the IP address block that was given to me from QWEST and Sprint. So in essence I have this: ip address 65.X.X.X 255.X.X.X QWEST ip address 65.X.X.X 255.X.X.X Sprint Secondary ip address 65.X.X.X 255.X.X.X Serial0 ip address 65.X.X.X. 255.X.X.X. Serial1 So my question is this: will this configuration work and if not what do I need to change: From what I understand I cannot use a subinterface and I cannot NAT. Thanks, Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64469t=64469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple WAN Connections to a Network [7:64469]
Hello, Our goal is to setup the two WAN connections for both fault tolerance and load balancing via the router. We want some of the server machines to have direct access to the internet and then the rest will go through our proxy server. The computers that we want to connect directly will be issued an IP address from the block of IP that we were given, in fact they will be given 2 ip addresses, one from Qwest and one from Sprint. I too am a lowly CCNA just looking for answers... Thanks Steven Aiello wrote in message news:[EMAIL PROTECTED] Terry, I'm not totally sure what you are doing with your setup. Are you web hosting and you have the 2 connections up for fault tolerance? or some other reason. Unless I am mistaken is you are running between to AS's on the net you need to use BGP. ( Please all correct me if I'm wrong, I'm still a lowly CCNA ) But I know that when we had our Qwest line installed they asked us if we had another service provider for this reason. Also if you are a stub network why not use default routes? Like I said it's hard to say for sure with out knowing what your doing. That's just what occurred to me. Hope it helps. Again please to all in the group correct me if I am mistaken, I'm more than happy to be corrected if it means I have a greater understanding of the subject. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64474t=64469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple WAN Connections to a Network [7:64469]
That is correct It is not a large setup (6-10 Servers with some MACs on the other side that will have multiple IP's. I have actually started to look at BGP but I am quite unfamilar with it. We were going to use short TTL's for the DNS and hope that the time out would quickly redirect but it looks like that is probably not a good idea Do you think we should go the BGP route? Thanks Troy Leliard wrote in message news:[EMAIL PROTECTED] If I follow, you have two wan conncetions providing access to you server farm. Some of the servers on this farm will have 2 public IP address, one from each of your providers? Presumably you aren't of a large enough size to warrant applying for you own AS, and using BGP,m which is the preferred solution. (as you will see why below). The next question is how do you invisage doing load balancing / fault tolerance. Presumably you will have two dns entries for your server, eg www.mywebserver.,com has two a records, on pointing to the Sprint IP, and one pointing to the Qwest IP. If either of your wan links go down, dns is not intelligent enough to stop routing to the down ip address and you will still have 50% traffic being dropped due to the round robin nature of DNS. Terry Oldham wrote: Hello, Our goal is to setup the two WAN connections for both fault tolerance and load balancing via the router. We want some of the server machines to have direct access to the internet and then the rest will go through our proxy server. The computers that we want to connect directly will be issued an IP address from the block of IP that we were given, in fact they will be given 2 ip addresses, one from Qwest and one from Sprint. I too am a lowly CCNA just looking for answers... Thanks Steven Aiello wrote in message news:[EMAIL PROTECTED] Terry, I'm not totally sure what you are doing with your setup. Are you web hosting and you have the 2 connections up for fault tolerance? or some other reason. Unless I am mistaken is you are running between to AS's on the net you need to use BGP. ( Please all correct me if I'm wrong, I'm still a lowly CCNA ) But I know that when we had our Qwest line installed they asked us if we had another service provider for this reason. Also if you are a stub network why not use default routes? Like I said it's hard to say for sure with out knowing what your doing. That's just what occurred to me. Hope it helps. Again please to all in the group correct me if I am mistaken, I'm more than happy to be corrected if it means I have a greater understanding of the subject. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64500t=64469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
