Problem with static routes

Unanswered Question
Apr 25th, 2007

I have a firewall with 2 defa routes with the same weight (2 diff isps). When I change the weight of one of them to a higher one, the dns stuff check mail facility doesnt find the address (both addresses are published). When both have the same weight, both addreses are found by the dns stuff....what might be happening here..?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
haroon.shaikh Wed, 04/25/2007 - 12:43

Greetings Mate,

The possible reason to me is that when you change the weight of default routes it might be creating a routing loop.

Traffic coming from route with lower weight leaves the network across isp with static route weight is higher.

That's the most likely reason.

holiveros Wed, 04/25/2007 - 13:02

But in which manner is the routing loop creating itself..?...See, I change the weight to have preference over the higher route, I mean, I leave the higher weight one as the floating static route this way:

ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip route 0.0.0.0 0.0.0.0 y.y.y.y 2

The lower weight route (x.x.x.x) is my preferable for outgoing traffic. But when mail is coming (incoming traffic) into y.y.y.y, it doesn?t find it...

Harold Ritter Wed, 04/25/2007 - 18:24

Hector,

The second route will never be installed in the RIB as long as the first one is valid (i.e. next-hop x.x.x.x is resolvable).

Can you tell us a bit more about the purpose of that second route in regard to the mail application.

If you need to route traffic based on something other than destination IP address then the solution for you might be Policy based Routing (PBR).

For more information on how to configure PBR, please refer to the following link:

http://www.ciscotaccc.com/kaidara-advisor/iprout/showcase?case=K10313674

Hope this helps,

holiveros Thu, 04/26/2007 - 13:03

Harold, in effect I found a way to make PBR inside the firewall and left both static routes with the same weight. Everything worked. The purpose of the second route in regard to the mail application was (in fact is) that both routes are used to publish the mail server in the internet.

Thanks a lot

Actions

This Discussion