[Cisco] Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)

Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)

h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html
h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html#wp1054840
h**p://www.netcraftsmen.net/resources/archived-articles/443.html

+———-ATM0/0/0———> ADSL line
|
[192.168.1.1/24]—Fa0/0—-[Cisco2811]
|
+———-Fa0/1—-ADSL modem——-> ADSL line

boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T1.bin
boot-end-marker
!
key chain OER
key 1
key-string cisco
!
!
oer master
no max-range-utilization
logging
!
border 10.0.0.1 key-chain OER
interface FastEthernet0/0 internal
interface Dialer0 external
interface Dialer1 external
!
learn
throughput
delay
protocol tcp
protocol udp
periodic-interval 3
monitor-period 2
aggregation-type prefix-length 32
delay threshold 20
backoff 180 360
mode route control
mode monitor passive
mode route metric static tag 60000
!
oer border
logging
local Loopback0
master 10.0.0.1 key-chain OER
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
!
interface FastEthernet0/1
description ## Connect to ADSL modem ##
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface ATM0/0/0
description ## Connect to ADSL line ##
no ip address
no atm ilmi-keepalive
pvc 0/100
pppoe-client dial-pool-number 1
!
!
interface Dialer0
bandwidth 8192
ip address negotiated
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
ppp pap sent-username XXXXX1 password 0 XXXX1
!
interface Dialer1
bandwidth 4096
ip address negotiated
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 2
ppp pap sent-username XXXXX2 password 0 XXXX2
!
router ospf 1
log-adjacency-changes
redistribute static subnets route-map STATIC->OSPF
network 10.0.0.1 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip nat inside source route-map NAT_DSL0 interface Dialer0 overload oer
ip nat inside source route-map NAT_DSL1 interface Dialer1 overload oer
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
route-map STATIC->OSPF permit 10
match tag 60000
!
route-map NAT_DSL1 permit 10
match ip address 1
match interface Dialer1
!
route-map NAT_DSL0 permit 10
match ip address 1
match interface Dialer0
!

Router#sh ip nat statistics
Total active translations: 65 (0 static, 65 dynamic; 65 extended)
Peak translations: 343, occurred 00:01:10 ago
Outside interfaces:
Virtual-Access2, Virtual-Access3, Dialer0, Dialer1
Inside interfaces:
FastEthernet0/0
Hits: 780840 Misses: 0
CEF Translated packets: 779872, CEF Punted packets: 486
Expired translations: 672
Dynamic mappings:
— Inside Source
[Id: 1] route-map NAT_DSL0 interface Dialer0 refcount 33
[Id: 2] route-map NAT_DSL1 interface Dialer1 refcount 32
Appl doors: 0
Normal doors: 0
Queued Packets: 0

! === Routing table before apply OER
Router#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

58.0.0.0/32 is subnetted, 4 subnets
C 58.8.92.79 is directly connected, Dialer0
C 58.8.88.84 is directly connected, Dialer1
C 58.8.88.1 is directly connected, Dialer1
C 58.8.92.1 is directly connected, Dialer0
10.0.0.0/32 is subnetted, 1 subnets
C 10.0.0.1 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
is directly connected, Dialer1

!== Routing table after apply OER

Router#sh ip route static
202.170.115.0/32 is subnetted, 1 subnets
S 202.170.115.94 [1/0] via 0.0.0.0, Dialer1
66.0.0.0/32 is subnetted, 1 subnets
S 66.235.143.118 [1/0] via 0.0.0.0, Dialer1
202.129.205.0/32 is subnetted, 1 subnets
S 202.129.205.52 [1/0] via 0.0.0.0, Dialer1
110.0.0.0/32 is subnetted, 1 subnets
S 110.164.86.167 [1/0] via 0.0.0.0, Dialer1
24.0.0.0/32 is subnetted, 1 subnets
S 24.67.37.33 [1/0] via 0.0.0.0, Dialer1
58.0.0.0/32 is subnetted, 5 subnets
S 58.97.45.43 [1/0] via 0.0.0.0, Dialer1
207.200.111.0/32 is subnetted, 1 subnets
S 207.200.111.33 [1/0] via 0.0.0.0, Dialer1
208.117.252.0/32 is subnetted, 1 subnets
S 208.117.252.103 [1/0] via 0.0.0.0, Dialer1
203.144.145.0/32 is subnetted, 1 subnets
S 203.144.145.57 [1/0] via 0.0.0.0, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer0
is directly connected, Dialer1

Router#sh ip route 202.170.115.94
Routing entry for 202.170.115.94/32
Known via “static”, distance 1, metric 0
Tag 60000
Redistributing via ospf 1
Routing Descriptor Blocks:
* directly connected, via Dialer1
Route metric is 0, traffic share count is 1
Route tag 60000 <==== default route tag is 5000 Router#sh ip ospf database external 202.170.115.94 <== verify route tag w/ 60000 redistributed into OSPF OSPF Router with ID (10.0.0.1) (Process ID 1) Type-5 AS External Link States LS age: 17
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 202.170.115.94 (External Network Number )
Advertising Router: 10.0.0.1
LS Seq Number: 80000001
Checksum: 0xF50D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 60000

[Lighttpd] Config lighttpd support SSL

Test on FreeBSD 7.2
lighttpd-1.4.22 (ssl) – a light and fast webserver
Build-Date: Apr 18 2009 13:02:03

1. Generate key
#mkdir /etc/ssl/private
#cd /etc/ssl/private/
#openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes

2. vi /usr/local/etc/lighttpd.conf
# Uncomment mod_redirect in server.modules.

$SERVER[“socket”] == “0.0.0.0:443” {
#### SSL engine
ssl.engine = “enable”
ssl.pemfile = “/etc/ssl/private/lighttpd.pem”
}
else $HTTP[“host”] =~ “(.*)” {
url.redirect = ( “^/(.*)” => “https://%1/$1” )
}

3. Start lighttpd
#/usr/local/etc/rc.d/lighttpd restart