Policy Based Routing with 2 providers
in [Cisco]
|
From: AXJ on 18 Apr 2008 01:12 Hi We have a IOS router with 2 service providers (DSL and T1). We would like to send all outbound traffic from internal server 10.10.10.111 via DSL link. There is also static NAT to this server, therefore responses to inbound requests need to be sent via the DSL link too. Do I need to use PBR? If so, here is what I am thinking.... ------------------ ip nat inside source static 10.10.10.11 64.205.63.100 extendable interface Vlan101 description to DSL modem ip address 64.205.63.99 255.255.255.248 ip policy route-map map_dsl1_out ip nat outside ip virtual-reassembly ip access-list standard acl_dsl1_Out permit 10.10.10.11 route-map map_dsl1_out permit 10 match ip address acl_dsl1_Out set <command missing> -------------------------------------- What am I missing? Thanks. AXJ
From: Barry Margolin on 18 Apr 2008 08:29 In article <a7ydnYVmMtpfsJXVnZ2dnUVZ_hSdnZ2d(a)comcast.com>, "AXJ" <nomail(a)mail.net> wrote: > Hi > > We have a IOS router with 2 service providers (DSL and T1). > > We would like to send all outbound traffic from internal server 10.10.10.111 > via DSL link. There is also static NAT to this server, therefore responses > to inbound requests need to be sent via the DSL link too. > > Do I need to use PBR? If so, here is what I am thinking.... > > ------------------ > ip nat inside source static 10.10.10.11 64.205.63.100 extendable > > interface Vlan101 > description to DSL modem > ip address 64.205.63.99 255.255.255.248 > ip policy route-map map_dsl1_out > ip nat outside > ip virtual-reassembly > > ip access-list standard acl_dsl1_Out > permit 10.10.10.11 > > route-map map_dsl1_out permit 10 > match ip address acl_dsl1_Out > set <command missing> > > -------------------------------------- > > What am I missing? Thanks. > > AXJ Te "ip policy" statement has to be put on the LAN interface that connects to the server. In the route-map, the command you're missing is "set next-hop 64.205.63.x", where 64.205.63.99 is the other end of the DSL connection. -- Barry Margolin, barmar(a)alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group ***
From: FortuneCookie on 18 Apr 2008 17:27 Thanks, Barry. According to your suggestion. Here is my changes. In this case, is the routing table (ip route command) ignored by the IOS? Thanks. ------------------------------------------------------------------------------- ip nat inside source static 10.10.10.11 64.205.63.100 extendable ip access-list standard acl_dsl1_Out permit 10.10.10.11 route-map map_dsl1_out permit 10 match ip address acl_dsl1_Out set next-hop 64.205.63.98 interface Vlan101 description to DSL modem 64.205.63.98 ip address 64.205.63.99 255.255.255.248 ip nat outside interface FastEthernet0/1 description Internal Corporate Net ip address 10.10.10.1 255.255.255.0 ip nat inside ip policy route-map map_dsl1_out -----------------------------------------------------------------------------------------------
From: Bod43 on 20 Apr 2008 08:43 On 18 Apr, 23:27, FortuneCookie <allenj...(a)gmail.com> wrote: > Thanks, Barry. According to your suggestion. Here is my changes. In > this case, is the routing table (ip route command) ignored by the IOS? > Thanks. > > ------------------------------------------------------------------------------- > ip nat inside source static 10.10.10.11 64.205.63.100 extendable > > ip access-list standard acl_dsl1_Out > permit 10.10.10.11 > > route-map map_dsl1_out permit 10 > match ip address acl_dsl1_Out > set next-hop 64.205.63.98 > > interface Vlan101 > description to DSL modem 64.205.63.98 > ip address 64.205.63.99 255.255.255.248 > ip nat outside > > interface FastEthernet0/1 > description Internal Corporate Net > ip address 10.10.10.1 255.255.255.0 > ip nat inside > ip policy route-map map_dsl1_out > ----------------------------------------------------------------------------------------------- The PBR is considered first and then if that fails e.g. the output interface is down or the next hop is not available (perhaps ARP failure) the routing table is used. I seem to recall that you can tell PBR to drop the packet instead. There is a document on CCO but I can't find it right now. I should know since I recently did an implementation that depended on the default behaviour which I verified carefully:-)
|
Pages: 1 Prev: etherchannel/lacp question Next: Policy Base Routing with 2 providers |