Bonding with Cisco IOS

Back up to the Bonding Page
From AAISP Support Site
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


After a few nights of meddling with my configuration, the following setup is working well for me. I would like to share it with the community.

Perquisites

  • Ask support for a unique IP address for the dialer interface of each of your ADSL lines
  • You will also need a static block for your routing IP address and any external clients, you may also use one of these addresses for NAT (more on that later).
  • Configure Clueless to route your static block down each of the ADSL lines

My Setup

  • Three ADSL lines provided by AAISP
  • Cisco 2821 running IOS 15.1
  • Three WIC1-ADSL and an NM-ESW-16 switch module.
  • Internal ADSL interfaces allow me to run the setup in PPPoA mode. Modify your dialers for PPPoE if you are using external bridges.

Configuring your Dialer interfaces

interface ATM0/0/0
 description 01234567890
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 description 01234567891
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 description 01234567892
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface Dialer0
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname <yourAAISPuser>@a.1
 ppp chap password 0 <yourPassword>
 no cdp enable
!
interface Dialer1
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 2
 ppp chap hostname <yourAAISPuser>@a.2
 ppp chap password 0 <yourPassword>
 no cdp enable
!
interface Dialer2
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 3
 ppp chap hostname <yourAAISPuser>@a.3
 ppp chap password 0 <yourPassword>
 no cdp enable
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
!

Configure a virtual interface for your router IP address

Use the first address from your block. You could use a loopback here if you do not need to brake out the subnet to any physical interfaces, or a BVI interface for a bridge-group. As I have a switch module a Vlan is used. 

interface Vlan2
 ip address <fromyourblock> <yoursubnet>

Upstream load balancing using CEF

ip cef
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2
!
int Dialer0
 ip load-sharing per-packet
!
int Dialer1
 ip load-sharing per-packet
!
int Dialer2
 ip load-sharing per-packet
!

Bringing it all together with NAT, bonding and upstream load balancing in a single router.

The following is a usable configuration. You will need to update interface names for your own equipment.

A brief overview:

  • The use of a VRF allows two routing domains. One for internet traffic (AAISP) where the bonding is undertaken, a global domain where internal hosts are connected.
  • Two Vlans are configured on my device, one for internal NAT clients, another for external internet facing clients.
  • This configuration should be extended to include the use of ip filter in the AAISP vrf to block any incoming DNS requests.

Caveats:

  • Routing between global and a vrf in IOS is unpleasant. This configuration relies on a use of a physical Ethernet patch between GigabitEthernet0/0 and GigabitEthernet0/1 for routing traffic between the global and AAISP domain. This should be unnecessary with the use of a BGP export between global and the vrf, but I never got this working. Similarly the use of NVI and BVI was investigated (please let me know if you have a more elegant solution!).
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname <yourhostname>
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 <mypasswordgoeshere!>
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
ip vrf AAISP
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address <excludeyourroutingaddresses>
!
# DHCP for our internal network
ip dhcp pool HOME
 network 192.168.1.0 255.255.255.0
 domain-name home
 dns-server 192.168.1.1 
 default-router 192.168.1.1 
 lease 7
!
# DHCP for our external network
ip dhcp pool AAISP
 network <yourexternalnetworkbase> 255.255.255.248
 domain-name home-external
 dns-server 217.169.20.20 
 default-router 81.187.17.185 
!
ip domain name home
ip name-server 217.169.20.20
ip name-server 217.169.20.21
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
archive
 log config
  hidekeys
username Administrator privilege 0 secret 5 <anotherpassword!>
!
ip ssh version 2
bridge irb
!
# This is our routing interface in the global domain, we NAT here
interface GigabitEthernet0/0
 description HOME-AAISP
 ip address <yoursecondexternalIP> 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
# This is our routing interface in the AAISP domain, you need a patch between GigabitEthernet0/0 and GigabitEthernet0/1
interface GigabitEthernet0/1
 description AAISP-HOME
 ip vrf forwarding AAISP
 no ip address
 duplex auto
 speed auto
 bridge-group 2
!
interface ATM0/0/0
 description 01234567890
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 description 01234567891
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 description 01234567892
 no ip address
 no atm ilmi-keepalive
 hold-queue 224 in
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
# spanning-tree portfast gets rid of the annoying forwarding delay on PHY up
interface FastEthernet1/0
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/1
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/2
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/3
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/4
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/5
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/6
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/7
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/8
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/9
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/10
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/11
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/12
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/13
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/14
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface FastEthernet1/15
 switchport access vlan 2
 no ip address
 spanning-tree portfast
!
interface Vlan1
 description HOME
 no ip address
 bridge-group 1
!
interface Vlan2
 description AAISP
 ip vrf forwarding AAISP
 no ip address
 ip virtual-reassembly in
 no autostate
 bridge-group 2
!
interface Dialer0
 ip vrf forwarding AAISP
 ip address negotiated
 ip load-sharing per-packet
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname <yourAAISPuser>a.1
 ppp chap password 0 <yourpasssword>
 no cdp enable
!
interface Dialer1
 ip vrf forwarding AAISP
 ip address negotiated
 ip load-sharing per-packet
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 2
 ppp chap hostname <yourAAISPuser>@a.2
 ppp chap password 0 <yourpassword>
 no cdp enable
!
interface Dialer2
 ip vrf forwarding AAISP
 ip address negotiated
 ip load-sharing per-packet
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 3
 ppp chap hostname <yourAAISPuser>@a.3
 ppp chap password 0 <yourpassword>
 no cdp enable
!
interface BVI1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface BVI2
 ip vrf forwarding AAISP
 ip address <yourfirstexternalIP> 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list NatRule interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 <yourfirstexternalIP>
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer0
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer1
ip route vrf AAISP 0.0.0.0 0.0.0.0 Dialer2
!
ip access-list extended NatRule
 permit ip 192.168.0.0 0.0.255.255 any
ip access-list extended ssh-management
 permit ip 192.168.0.0 0.0.255.255 any
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
mgcp profile default
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class ssh-management in vrf-also
 login local
 transport input ssh
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp server 37.122.210.134 source GigabitEthernet0/0
end

Changing target DSL noise margin within IOS

A little known trick, be careful as this can affect your line stability. 

<nowiki>service internal

! int ATM0/0/0

  1. Replace <num> with the desired offset in db
dsl-noisemargin -<num>

!

Retrieved from ‘http://support.aa.net.uk/index.php?title=Bonding_with_Cisco_IOS&oldid=14445