This Lab to tests Dual ISP failover.
Task :
- Make sure both the ISP Links used (not Active/Standby)
- Make sure failover each ISP – so Lan Segment will not have loss of Internet.
This is Lab testing, some syntax may change depending on the environment and devices used. (In most cases the concept works as expected.
ISP to Google I have used OSPF to make it simple.
BB- CE (this is most cases Business Router connected to Dual ISP) – for this testing I have used static routing and PBR.
IP SLA – track the reachability, EEM Script to manipulate routing and NAT config. (based on the Track and event alerts)
High level network Diagram :
Basic config :
| ISP-COLT | ISP-BT | BB-CE | |
| interface Loopback0 ip address 8.8.8.8 255.255.255.255 ! interface Ethernet0/0 ip address 100.100.10.1 255.255.255.252 ip ospf network point-to-point duplex auto ! interface Ethernet0/1 ip address 100.100.20.1 255.255.255.252 ip ospf network point-to-point duplex auto ! router ospf 1 passive-interface default no passive-interface Ethernet0/0 no passive-interface Ethernet0/1 network 8.8.8.8 0.0.0.0 area 0 network 100.100.10.0 0.0.0.3 area 0 network 100.100.20.0 0.0.0.3 area 0 ! | interface GigabitEthernet5 ip address 172.16.10.1 255.255.255.252 negotiation auto ! interface GigabitEthernet6 ip address 100.100.10.2 255.255.255.252 ip ospf network point-to-point negotiation auto ! router ospf 1 passive-interface default no passive-interface GigabitEthernet6 network 100.100.10.0 0.0.0.3 area 0 network 172.16.10.0 0.0.0.3 area 0 | interface GigabitEthernet6 ip address 100.100.20.2 255.255.255.252 ip ospf network point-to-point negotiation auto ! interface GigabitEthernet7 ip address 172.16.20.1 255.255.255.252 negotiation auto ! router ospf 1 passive-interface default no passive-interface GigabitEthernet6 network 100.100.20.0 0.0.0.3 area 0 network 172.16.20.0 0.0.0.3 area 0 ! | interface Ethernet0/0.1 encapsulation dot1Q 100 ip address 10.10.10.1 255.255.255.0 ip nat inside ! interface Ethernet0/0.2 encapsulation dot1Q 200 ip address 20.20.20.1 255.255.255.0 ! interface Ethernet0/1 description ISP_COLT ip address 172.16.10.2 255.255.255.0 ! interface Ethernet0/2 description ISP_BT ip address 172.16.20.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 172.16.20.1 ip route 0.0.0.0 0.0.0.0 172.16.10.1 |
LAN-SW config :
vlan 100, 200
interface GigabitEthernet0/0
switchport trunk allowed vlan 100,200
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 100
switchport mode access
negotiation auto
!
interface GigabitEthernet0/2
switchport access vlan 200
switchport mode access
negotiation auto
Testing basic connectivity :
ISP to Google :
LAN to Router Gateway testing :
Now the task is to send Development traffic to ISP COLT and USER traffic to ISP BT
Once ISP COLT Links fail, all the Traffic will be directed to ISP BT, Once ISP COLT Link UP Load-split again based on the requirement.
Same ISP BT Links fails, All the traffic will be directed to ISP COLT, Once the ISP BT Link comes back to Orginal requirement.
BB- CE config as below :
Access List to match the traffic :
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 20.20.20.0 0.0.0.255 any
Route map for PBR
route-map ISP_COLT permit 10
match ip address 110
match interface Ethernet0/1
!
route-map ISP_BT permit 10
match ip address 120
match interface Ethernet0/2
!
route-map BT_PBR permit 10
match ip address 120
set interface Ethernet0/2
!
route-map COLT_PBR permit 10
match ip address 110
set interface Ethernet0/1
!
NAT for respected ISP :
ip nat inside source route-map ISP_BT interface Ethernet0/2 overload
ip nat inside source route-map ISP_COLT interface Ethernet0/1 overload
IP SLA and Tracking config :
ip sla 10
icmp-echo 8.8.8.8 source-interface Ethernet0/1
frequency 10
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 8.8.8.8 source-interface Ethernet0/2
frequency 10
ip sla schedule 20 life forever start-time now
track 1 ip sla 10 reachability
track 2 ip sla 20 reachability
Apply NAT config PBR on interfaces :
interface Ethernet0/0.1
ip nat inside
ip policy route-map COLT_PBR
!
interface Ethernet0/0.2
ip nat inside
ip policy route-map BT_PBR
!
interface Ethernet0/1
description ISP_COLT
ip nat outside
!
interface Ethernet0/2
description ISP_BT
ip nat outside
EEM Script to Track the events and action :
event manager applet COLT_DOWN
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command “conf t”
action 2.1 cli command “interface Ethernet0/0.1”
action 2.2 cli command “no ip policy route-map COLT_PBR”
action 2.3 cli command “exit”
action 3.0 cli command “no access-list 120”
action 4.0 cli command “access-list 120 permit ip 10.10.10.0 0.0.0.255 any”
action 5.0 cli command “access-list 120 permit ip 20.20.20.0 0.0.0.255 any”
action 6.0 cli command “no ip route 0.0.0.0 0.0.0.0 172.16.10.1”
action 7.0 cli command “no ip nat inside source route-map ISP_COLT interface Ethernet0/1 overload”
action 8.0 cli command “exit”
action 9.0 cli command “clear ip nat translation *”
action 9.1 cli command “end”
event manager applet COLT_UP
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command “conf t”
action 2.1 cli command “interface Ethernet0/0.1”
action 2.2 cli command “ip policy route-map COLT_PBR”
action 2.3 cli command “exit”
action 3.0 cli command “no access-list 120”
action 4.0 cli command “access-list 120 permit ip 20.20.20.0 0.0.0.255 any”
action 5.0 cli command “ip route 0.0.0.0 0.0.0.0 172.16.10.1”
action 6.0 cli command “ip nat inside source route-map ISP_COLT interface Ethernet0/1 overload”
action 7.0 cli command “exit”
action 8.0 cli command “clear ip nat translation *”
action 9.0 cli command “end”
event manager applet BT_DOWN
event track 2 state down
action 1.0 cli command “enable”
action 2.0 cli command “conf t”
action 2.1 cli command “interface Ethernet0/0.2”
action 2.2 cli command “no ip policy route-map BT_PBR”
action 2.3 cli command “exit”
action 3.0 cli command “no access-list 110”
action 4.0 cli command “access-list 110 permit ip 10.10.10.0 0.0.0.255 any”
action 5.0 cli command “access-list 110 permit ip 20.20.20.0 0.0.0.255 any”
action 6.0 cli command “no ip route 0.0.0.0 0.0.0.0 172.16.20.1”
action 7.0 cli command “no ip nat inside source route-map ISP_BT interface Ethernet0/2 overload”
action 8.0 cli command “exit”
action 9.0 cli command “clear ip nat translation *”
action 9.1 cli command “end”
event manager applet BT_UP
event track 2 state up
action 1.0 cli command “enable”
action 2.0 cli command “conf t”
action 2.1 cli command “interface Ethernet0/0.2”
action 2.2 cli command “ip policy route-map BT_PBR”
action 2.3 cli command “exit”
action 3.0 cli command “no access-list 110”
action 4.0 cli command “access-list 110 permit ip 10.10.10.0 0.0.0.255 any”
action 5.0 cli command “ip route 0.0.0.0 0.0.0.0 172.16.20.1”
action 6.0 cli command “ip nat inside source route-map ISP_BT interface Ethernet0/2 overload”
action 7.0 cli command “exit”
action 8.0 cli command “clear ip nat translation *”
action 9.0 cli command “end”
!
Testings in Normal conditions:
IP SLA tracking :
DEV-PC reaching google.
4 ping drops : (dev PC) – No ping Loss observed on User Lan
Once the Link come back :
In case anyone need a full config of BB-CE
If you have Single Lan Subnet you can use below configuration
Happy Labbing …..!!!!!!!!!!!!!!!!