How Cisco IOS NAT can be used to enable enterprise multihoming

Cisco How-To Tutorials
An enterprise may want to connect to the Internet through multiple Internet Service Providers (ISPs) for fault tolerance and load balancing. At this point, the routing overhead these enterprises impose on the Internet routing system become more significant. This is because routers in the Internet's default-free zone are required to maintain a route for every multihomed enterprise connected to multiple ISPs and this does not provide adequate scaling. While RFC 2260 describes an address allocation and routing scheme for multihomed enterprises with good scaling properties, it also has drawbacks. It requires renumbering part of an enterprise when the enterprise changes one of its ISPs. The ability of an enterprise to distribute load across multiple connections to ISPs is largely determined by the address assignment inside an enterprise. This makes load distribution rigid and adds complexity to addressing schemes used inside an enterprise. To resolve the issue with RFC 2260, use Cisco IOS Network Address Translation (NAT). This provides scalable routing for multihomed, multi-provider connectivity. NAT replaces IP addresses in the packet header with different IP addresses. Cisco IOS NAT is more enhanced with the Application Layer Gateway (ALG) feature. ALG is intelligent enough to automatically scan the addresses and port numbers carried in the payload of the packets and set up translations automatically. The ALG feature for the Domain Name System (DNS) protocol allows Cisco IOS NAT to enable the multihoming of enterprises. ALG avoids the renumbering of hosts in the enterprise when changing ISPs. ALG also allows load distribution without depending on the address assignment scheme inside the enterprise. The enterprise border routers that connect to the ISPs need to be configured with Cisco IOS NAT. The ALG feature for DNS inspects the DNS query and response messages that cross the NAT device. It also modifies the addresses in those messages and sets the translations between original and modified addresses. When an enterprise changes its ISPs, it only requires that the NAT configuration be changed on the border router. This is done to use the new block of addresses and the enterprise hosts can still use the originally assigned addresses. In addition, the load is distributed among multiple connections based on the border router through which the initial DNS query was sent. Therefore, load distribution can be achieved by using multiple DNS servers and enabling different hosts in the enterprise to use different DNS servers. This can be automated through DHCP configuration.

View more Cisco How-To Tutorials

Contact Brad Reese

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)