Last month a client asked us to configure a wireless Internet connection to augment their preexisting T1 connection from a local ISP. The client had been experiencing high latency in their Internet traffic with occasional losses of service.  Fault tolerance in their Internet connection is very important to them and their business processes because their business model is highly dependent on worldwide network connectivity.

They decided to purchase a wireless connection from a local ISP to augment their existing bandwidth and solve their reliability problems.  Once installed, this would give the client an additional 2-3 Mbits of wireless connectivity.  They purchased a Cisco 1841 router with a NM-4ESW WIC as the network gear that would be managing the connections.

What's very interesting about this situation is that the company wanted both circuits to be active and configured in a fault tolerant manner such that if one circuit failed all internet traffic would transparently be routed through the working connection.  In addition, when the failed circuit came back up, the traffic would transparently return to the active-active flow model.

In addition, they had 3 servers that needed to be exposed to the Internet as part of their day-to-day operations.  They were the Microsoft Exchange server, a web server, and a communications server.  The challenge with this setup is that the systems needed to be NAT-ed to 2 separate public address spaces simultaneously, and the router needed to be configured in such a way as to keep it all straight.

One of the most important things is to configure the router to avoid routing loops.  This is where traffic enters the router from Network A but leaves the router from an interface connected to Network B, which can result in lost data, timing problems, or intermittent traffic flow failures.

In order to keep this from happening I used  route-maps to determine which interface originated the traffic and an access control list (ACL) to determine if the traffic was interesting (actionable.)  These two criteria would then be used to create the NAT mapping between source and destination, which in turn would determine which router interface the traffic would leave through.

For example, a user on the Internet wishes to talk to the Client's Web Server.  The routing for this user is such that the network traffic will flow through the wireless link (see network diagram.)  When the user's packet hits the router interface, the router will determine if it is destined for one of the Client's three servers.  If there is a match, it will then look to see which interface the packet originated from.  In this example, that would be FastEthernet0/0.  The router would then build a NAT translation entry mapping the Web Server into the wireless ISP's address space.  When the Web Server replies to the users' request, the router would look at the NAT table, see the address translation, and know which interface to send the traffic back to the user on. 

The Cisco IOS keeps a NAT table of inside/outside address pairs, where inside is the private address space and outside is the global address space.  So all I have to do is to control how the traffic gets NAT-ed and the router will take care of the rest.

Click here for the details of the implementation including router configuration and network diagram.

This technique is a cost-effective way to increase bandwidth as well as reduce dependence on a single network provider and its physical infrastructure.  Coupled with redundant routers, this approach provides a solution for fully redundant branch office connectivity.