In cases where a branch office doesn’t require a permanent connection to a company’s head office, ISDN is often the best choice amongst WAN technologies. Because ISDN is circuit switched, a branch office router using ISDN could dial into a head office, as necessary, and then terminate the connection once a data transfer is complete. This can lead to significant cost savings, especially when compared to the expense associated with permanent connections or leased lines.
Demand-dial Routing (DDR) is the term used to describe such a connection. Setting up DDR involves configuring branch office routers to dial into a central corporate office (or vice versa), allowing data to be routed between locations. DDR isn’t limited to ISDN – it can also be configured using slower technologies like traditional analog phone lines. However, the speeds at which connections are made with ISDN (often 1-2 seconds versus almost 30 seconds for analog calls) make it the better choice for demand-dial routing.
Perhaps the most important consideration when configuring a DDR connection is determining which types of traffic will initiate the connection. For example, will any traffic destined for the remote network initiate the connection, or will only certain types of traffic, such as HTTP or SMTP initiate it? These are very important decisions. If not specified, any type of traffic destined for the remote network could initiate the connection, which might it turn leave it almost permanently connected. This would certainly have an impact on any expected cost savings. The solution to this issue involves defining what traffic the router will find “interesting”. If correctly configured, a router will only initiate a DDR connection when it comes across interesting traffic destined for the remote network.
A second key element to consider when configuring DDR is how routing will take place. As a general rule, DDR connections should use static or default routing only. If a dynamic routing protocol like RIP were to be used on a DDR link, update traffic would reinitiate connections every 30 seconds. Remember that static routes will need to be defined to all networks (subnets) that have to be reached by the branch office. In cases where the branch office is a stub network (as shown in the figure below), a default route is usually the best option.
For this example, let’s assume that our network is configured as shown in the figure below. Our goal is to configure the branch office ISDN router such that it will initiate a connection to our head office location, but only for SMTP and HTTP traffic. Conversely, the head office ISDN router could also be configured to initiate connections to the branch office if necessary.
As a first step, you’ll configure the branch office router with an IP address on its BRI interface, define the ISDN switch type in use at the local CO, and configure a static route to the head office location. You’ll also configure the interface to use PPP encapsulation, which will allow you to add CHAP authentication (a very good idea) for these DDR connections.
Enter configuration commands, one per line. End with CNTL/Z.
Branch1604(config)#isdn switch-type basic-ni1
Branch1604(config-if)#ip address 192.168.99.1 255.255.255.0
Branch1604(config)#ip route 192.168.1.0 255.255.255.0 192.168.99.2
Notice that I chose to use a static route to connect to the head office location. Since the branch office is a stub network, it would also have been reasonable to create a default route, using the destination network address 0.0.0.0.
The next step involves specifying which traffic the router will consider interesting. This is accomplished using the dialer-list command. Recall that our goal was to limit DDR connections to SMTP and HTTP traffic only. In order to accomplish this, you need to use an extended IP access list. For illustration purposes, initially configure the router to view all IP traffic as interesting:
Branch1604(config)#dialer-list 1 protocol ip permit
The dialer-list command specified above tells the router that all IP traffic is “interesting”, and should initiate the link. However, this dialer list does nothing until actually applied to an interface using the dialer-group command from interface configuration mode. To remove this dialer list from the interface, use the no dialer-group 1 command.
Branch1604(config-if)#no dialer-group 1
In order to narrow the list of traffic that the router finds “interesting”, you can use access lists. Recall that in order to filter traffic according to port number, an extended IP access list would be required. This is illustrated below.
Branch1604(config)#access-list 150 permit tcp any 192.168.1.0 0.0.0.255 eq 25
Branch1604(config)#access-list 150 permit tcp any 192.168.1.0 0.0.0.255 eq 80
Branch1604(config)#dialer-list 1 list 150
With the “interesting” traffic now specified, you still need to configure the number to be dialed. The command to do this is dialer map, followed by the ip address of the remote router, its hostname, and the phone number to connect to the remote location.
Branch1604(config-if)#dialer-map ip 192.168.99.2 name Cisco2620 4165551111
One additional capability that you might be interested in is the ability to define when the second BRI interface should be connected. This is accomplished using the dialer load-threshold command. The number specified after the command is an integer value between 1 and 255, where the number specified is used as a percentage. For example, if you were to configure the interface with a load threshold of 255, the router wouldn’t bring up the second B interface until the load on the first had reached 100% utilization. If a lower number such as 128 were specified, the second B channel would be connected once utilization on the first had reached just over 50%. An associated direction is also specified with the command – for example, you can configure the load-threshold to consider only inbound, outbound, or traffic in both directions in its calculations. To specify both, the either keyword is added to the command as shown below.
Branch1604(config-if)#dialer load-threshold 128 either
By default, a router will terminate a demand dial connection after 120 seconds have passed without it coming across any interesting traffic. This number can be changed using the dialer idle-timeout command, and specifying a new value in seconds.
Branch1604(config-if)#dialer idle-timeout 90
Although not explicitly required, it’s always a good idea to configure CHAP authentication on DDR links for the extra security it provides. In order to do this, you need to specify a username and password from global configuration mode, following the exact same steps used in the PPP section of this chapter. Configuring this router to use CHAP will force authentication when the other router initiates a session. Similar commands would need to be issued on the 2620 router at the head office location to force CHAP authentication when our 1604 router attempts to connect. As the last step, don’t forget to issue the no shutdown command on the bri0 interface!
Branch1604(config)#username Cisco2620 password isdn-is-fun
Branch1604(config-if)#ppp authentication chap