Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Bonding with Cisco IOS: Difference between revisions

Bonding with Cisco IOS (view source)

Revision as of 20:44, 1 June 2014

6,621 bytes added ,  1 June 2014
no edit summary
No edit summary
No edit summary
 
== Configure a virtual interface for your router IP address ==
Use the first address from your block. You could use a loopback here if you do not need to brake out the subnet to any physical interfaces, or a BVI interface for a bridge-group. As I have a switch module a Vlan is used.
Use the first address from your block
<nowiki>interface Vlan2
ip address <fromyourblock> <yoursubnet></nowiki>
 
== Upstream load balancing using CEF ==
ip load-sharing per-packet
!</nowiki>
== Bringing it all together with NAT, bonding and upstream in a single router. ==
The following is a usable configuration. You will need to update interface names for your own equipment.
 
A brief overview:
* The use of a VRF allows two routing domains. One for internet traffic (AISP) where the [[bonding]] is undertaken, a global domain where internal hosts are connected.
* Two Vlans are configured on my device, one for internal NAT clients, another for external internet facing clients.
* This configuration should be extended to include the use of ip filter in the AAISP vrf to block any incoming DNS requests.
 
Caveats:
* Routing between global and a vrf in IOS is unpleasant. This configuration relies on a use of a physical [[Ethernet]] patch between GigabitEthernet0/0 and GigabitEthernet0/1 for routing traffic between the global and AAISP donain. This should be unnecessary with the use of a BGP export between global and the vrf, but I never got this working. Similarly the use of NVI and BVI was investigated (please let me know if you have a more elegant solution!).
 
<nowiki>version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname <yourhostname>
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 <mypasswordgoeshere!>
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
!
ip vrf AAISP
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address <excludeyourroutingaddresses>
!
ip dhcp pool HOME
network 192.168.1.0 255.255.255.0
domain-name home
dns-server 192.168.1.1
default-router 192.168.1.1
lease 7
!
ip dhcp pool AAISP
network <yournetworkbase> 255.255.255.248
domain-name home-external
dns-server 217.169.20.20
default-router 81.187.17.185
!
ip domain name home
ip name-server 217.169.20.20
ip name-server 217.169.20.21
no [[IPv6|ipv6]] cef
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
archive
log config
hidekeys
username Administrator privilege 0 secret 5 <anotherpassword!>
!
ip ssh version 2
bridge irb
!
# This is our roting interface in the global domain, we NAT here
interface GigabitEthernet0/0
description HOME-AAISP
ip address <yoursecondexternalIP> 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description AAISP-HOME
ip vrf forwarding AAISP
no ip address
duplex auto
speed auto
bridge-group 2
!
interface ATM0/0/0
description 01234567890
no ip address
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
description 01234567891
no ip address
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface ATM0/2/0
description 01234567892
no ip address
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 3
!
!
interface FastEthernet1/0
no ip address
spanning-tree portfast
!
interface FastEthernet1/1
no ip address
spanning-tree portfast
!
interface FastEthernet1/2
no ip address
spanning-tree portfast
!
interface FastEthernet1/3
no ip address
spanning-tree portfast
!
interface FastEthernet1/4
no ip address
spanning-tree portfast
!
interface FastEthernet1/5
no ip address
spanning-tree portfast
!
interface FastEthernet1/6
no ip address
spanning-tree portfast
!
interface FastEthernet1/7
no ip address
spanning-tree portfast
!
interface FastEthernet1/8
no ip address
spanning-tree portfast
!
interface FastEthernet1/9
no ip address
spanning-tree portfast
!
interface FastEthernet1/10
no ip address
spanning-tree portfast
!
interface FastEthernet1/11
no ip address
spanning-tree portfast
!
interface FastEthernet1/12
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet1/13
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet1/14
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet1/15
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface Vlan1
description HOME
no ip address
bridge-group 1
!
interface Vlan2
description AAISP
ip vrf forwarding AAISP
no ip address
ip virtual-reassembly in
no autostate
bridge-group 2
!
interface Dialer0
ip vrf forwarding AAISP
ip address negotiated
ip load-sharing per-packet
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname <yourAAISPuser>a.1
ppp chap password 0 <yourpasssword>
no cdp enable
!
interface Dialer1
ip vrf forwarding AAISP
ip address negotiated
ip load-sharing per-packet
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
ppp chap hostname <yourAAISPuser>@a.2
ppp chap password 0 <yourpassword>
no cdp enable
!
interface Dialer2
ip vrf forwarding AAISP
ip address negotiated
ip load-sharing per-packet
ip virtual-reassembly in
encapsulation ppp
dialer pool 3
ppp chap hostname <yourAAISPuser>@a.3
ppp chap password 0 <yourpassword>
no cdp enable
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface BVI2
ip vrf forwarding AAISP
ip address <yourfirstexternalIP> 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list NatRule interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 <yourfirstexternalIP>
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer0
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer1
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer2
!
ip access-list extended NatRule
permit ip 192.168.0.0 0.0.255.255 any
ip access-list extended ssh-management
permit ip 192.168.0.0 0.0.255.255 any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
mgcp profile default
!
line con 0
login local
line aux 0
line vty 0 4
access-class ssh-management in vrf-also
login local
transport input ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 37.122.210.134 source GigabitEthernet0/0
end</nowiki>
Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/5835