Search Our Site

Our Newsletter

Our Ramblings

Cisco – Two LAN, Two WAN ISP and NAT

We recently received a request from a rural customer who was tired of their unreliable 1Mbps ADSL line to add a second ADSL line to their network. The line was ordered and installed and we then added a second ADSL wic interface to their router and set to work making it work. Our brief was to make it work so that each LAN was associated with one WAN link and only used that WAN link. This is how we went about it.

Clearly the second interface needed to be associated with a second dialer created to log in and manage the second connection. Furthermore, we needed to add a second DHCP pool. This new config is shown as follows:

DHCP config:-

ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 

As you can see this connection is using BT DNS servers.

Dialer config:-

interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx

We then needed to allocate a second default route to the router and this was achieved by means of the following command:-
ip route 0.0.0.0 0.0.0.0 Dialer1

We created an access list to handle the new traffic relating to the new DHCP network as follows:-
access-list 22 permit 192.168.200.0 0.0.0.255

and then we added a new access list to ensure that the traffic on each LAN network remained segregated from the other LAN. This was done as follows:-

access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any

Finally we needed to apply route maps to mechanise the access lists, putting them to work maintaining segregation and ensuring correct operation. The following two route maps were configured:-
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0

Putting it all together our new configuration was as follows:-

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname xxx-core-router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 512000 debugging
enable secret xxxxxxx
!
no aaa new-model
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
!
ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 
!
ip dhcp pool castor
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 62.6.40.178 62.6.40.162 
!
!
ip flow-cache timeout active 1
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip name-server 141.1.1.1
!
!
!
archive
 log config
  hidekeys
!
!
! 
!
!
!
interface ATM0/0
 description btbusiness
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip policy route-map castor
 duplex auto
 speed auto
!
interface ATM0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map pollux
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.200.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.88.0 255.255.255.0 192.168.200.2
ip route 212.159.13.49 255.255.255.255 Dialer1
ip route 212.159.13.50 255.255.255.255 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 12 interface Dialer0 overload
ip nat inside source list 22 interface Dialer1 overload
ip nat inside source route-map castor interface Dialer1 overload
ip nat inside source route-map pollux interface Dialer0 overload
!
access-list 12 permit 192.168.1.0 0.0.0.255
access-list 22 permit 192.168.200.0 0.0.0.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0
!
!
!
control-plane
!
!
!
alias exec arp tclsh flash:arp.tcl
alias exec shutnoshut tclsh flash:shutnoshut.tcl
!
line con 0
line aux 0
line vty 0 4
 access-class 12 in
 password xxxxx
 login
 transport input telnet
!
ntp clock-period 17207966
ntp server 85.119.80.233
!
end

 

The network worked beautifully. Another elegant solution from Rustyice Solutions.

Communications

network1The size of a network is limited due to size and distance constraints. However networks may be connected over a high speed communications link (called a WAN link) to link them together and thus become a WAN.

Most business organizations use WAN links to interconnect local area networks (LANs) at geographically dispersed sites. Over the years, as business organizations continue to grow both nationally and globally, the demand for WAN links has steadily increased. Call centers, for example, have moved off-shore; distributed computing has replaced large regional data centers; sales offices have expanded to new locations. As WAN links become integral to the day-to-day operations of the business organizations, the availability and reliability of WAN links has a direct, highly visible impact on business operations, employee productivity, and customer satisfaction.

ATM and IP overhead on DSL Broadband connections

There are a number of protocol layers involved in data transfer over a broadband line, each of which adds some overhead.

Line rate

The actual line carries data using a protocol called ADSL. This includes layers of data framing and control information which we do not have to consider. What matters is the line rate that is quoted. This is what your ADSL router will quote on its management interface as the sync rate and is what BT quote to us in line tests, etc. This is the headlineline rate and it is this rate which can get up to 24Mb/s on ADSL2+ for download.

This rate is actually the ATM data rate – the rate at which the bits that make up the 53 byte ATM cells can carry. So 24Mb/s is 24,000,000 bits per second carrying ATM cells.

ATM cells

ATM cells are 53 bytes long. So at 24Mb/s it is possible to transfer 56,603 cells per second. Each cell contains 48 bytes of payload data and a 5 byte header. So in terms of transferring payload a 24Mb/s line can manage 21,735,849 bits/second.

AAL5

ATM cells are used to carry PPP frames. These are placed in the cells one after the other using 48 bytes. At the end there is wasted space at the end of the cell. The last cell has a fixed 8 byte AAL5 trailer so only holds 40 bytes of payload. This means a 1,502 byte PPP frame would take 32 cells.

IP

PPP frames carry IP frames using typically a 2 byte header. So a 1,500 byte IP packet takes 1,502 bytes at PPP. The Ip header (for IPv4) is at least 20 bytes so this means that payload of the IP is only 1,480 bytes in a 1,500 byte IP frame. Note we meter usage at the IP level, i.e. a 1,500 byte IP frame is metered as 1,500 bytes.

TCP

TCP is used to actually carry data. TCP has at least 20 bytes of header, so a 1,500 byte IP frame carries 1,480 bytes of TCP data. It is the TCP payload rate that your software is likely to show when reporting speeds

Bits and bytes

Applications often report bytes per second rates not bits per second rates for speed of download. A byte is 8 bits.

Mebi and Mega

Applications often report based on Mebibytes not Megabytes, or Gibibytes not Gigabytes, and as such there is a difference in the speed you expect of 5% or 7%

BRAS rate

On 20CN lines, BT also have a system whereby they rate limit traffic to one of a number of pre-set limits. This could mean as much as 1Mb/s less data throughput that you may expect (½Mb/s for rates under 8Mb/s, ¼Mb/s for rates under 2Mb/s).

Doing the sums

So considering the throughput of TCP on a line syncing at 24Mb/s.

  • 24,000,000b/s ATM rate
  • 21,735,849b/s ATM payload for PPP
  • 21,254,716b/s PPP rate assuming 1,502 byte PPP packets
  • 21,226,415b/s IP rate assuming 1,500 byte IP packets
  • 20,943,396b/s TCP payload rate assuming 1,460 MSS
  • 2,617,924B/s TCP payload rate
  • 2.496MiB/s data transfer rate

So, as a rough guide, take the line rate and divide by 10 for byte rate for TCP data transfer and that is likely to be an absolute maximum.

The following table shows the IP rate you can expect for each ADSL sync rate (as reported by your router)

20CN ATM rate
from
IP rate
288K ¼M
576K ½M
864K ¾M
1152K 1M
1440K 1¼M
1728K 1½M
2016K 1¾M
2272K 2M
2848K 2½M
3424K 3M
4000K 3½M
4544K 4M
5120K 4½M
5696K 5M
6240K 5½M
6816K 6M
7392K 6½M
7968K 7M
8128K 7.15M

There is also a low level 135K BRAS profile which is normally an indication of a serious problem with a line. For ADSL2+ there are BRAS rates of 9Mb/s to 21Mb/s in 1Mb/s steps.

Speedy broadband could be on the cards for rural Ayrshire

A POLITICIAN campaigning for speedier broadband in rural Ayrshire said her recent meeting with BT was ‘positive’.
MP Cathy Jamieson met the communication giants in Westminster to highlight problems faced by people in Kilmarnock and Loudoun who can’t get access to the broadband speeds they need.
She said: “I highlighted the problems being faced by constituents who can’t get access to the broadband speeds they need for business, education and leisure purposes. I know that there are challenges , particularly in the rural areas, but we must do everything we can to meet them.
“The model being adopted for Northern Ireland looks like offering a way forward, and I will continue to press the case for Ayrshire to get a fair share of Government funding for broadband, particularly if this can bring in private sector investment. “

Meanwhile BT’s Scottish director hinted that further investment in Ayrshire super-fast broadband could be on the cards if the people of the county grasp a “historic opportunity”.
Brendan Dick, director of BT Scotland, said full benefits of the high-speed technology would only be achieved by a partnership approach between the private and public sectors.
His appeal comes on the day that the success of the first major faster broadband private and public sector partnership in the UK was announced.
Eighty five per cent of businesses in Northern Ireland now have access to fibre optic speeds several times quicker than those previously available following a £48 million initiative by Northern Ireland’s Department of Enterprise, Trade and Investment (DETI) and lead partner BT.
Brendan Dick said: “The success of the Northern Ireland project demonstrates what can be achieved when organisations work together, combining their expertise and resources. Ayrshire, too, has an historic opportunity to develop a scheme which will benefit local businesses and households for decades ahead.
”As in parts of Ayrshire, Northern Ireland has rural areas where the engineering challenges and costs are considerable. But we worked together to roll-out faster broadband far more quickly and more widely than would have been possible without a partnership approach.
“Private and public sector partnerships are essential to make sure that consumers in predominantly rural parts of Ayrshire can also reap the social and economic benefits of high-speed networks.
“BT has already announced plans to make super-fast broadband available to more than 215,000 homes and businesses in Scotland. But some of our more challenging, less populated locations – including parts of Ayrshire – will require the public and private sectors working together. We are very willing to make a further major investment if we can work with the public sector to create the right environment.”