05-07-2007 12:02 PM - edited 03-03-2019 04:52 PM
Greeting,
I have a design question regarding BGP/MPLS, HSRP and EIGRP. Here is a description of the design:
R1 will be the default route connects to MPLS network using BGP but except internet traffic.
R2 will be internet traffic and backup route using IPSec/T1 to internet.
R3 E0 will be same subnet as E1 of R1 and E1 of R2. And R3 E1 will be LAN subnet.
If R1 goes down, all traffic will be rerouted via R2. If R2 goes down, all internet (port 80 and 443) traffic will be rerouted via R1.
=======
hostname R1
!
interface fas 0
description uplink to MPLS network
!
interface fas 1
ip address 10.10.2.2 255.255.255.0
standby 1 ip 10.10.2.1
standby 1 preempt
standby 1 priority 105
standby 1 timers 5 15
standby 1 track fast 0
!
router bgp 500
network 10.10.2.0
network x.x.x.x
redistruibute eigrp 300 route-map NextHop
neighbor x.x.x.x filter-list 10 out
!
Ip as-path access-list 10 permit ^$
!
Route-map NextHop permit 10
Set ip next-hop 10.10.2.2 10.10.2.3
=======
hostname RouterB
!
interface fas 0
description uplink to internet
!
interface fas 1
ip address 10.10.2.3 255.255.255.0
standby 1 ip 10.10.2.1
standby 1 preempt
standby 1 priority 100
standby 1 timers 5 15
standby 1 track fast 0
!
router eigrp 300
network 10.10.2.0
network x.x.x.x
redistruibute bgp 500 route-map NextHop
======
Hostname R3
!
interface fasethernet0
ip address 10.10.2.4 255.255.255.0
no ip redirects
no ip proxy-arp
!
interface fastethernet 1
ip address 172.16.2.1 255.255.254.0
access-group FilterToInternet Out
!
Ip access-list extended FilterToInternet
Permit tcp 172.16.2.0 0.0.1.255 any eq www
Permit tcp 172.16.2.0 0.0.1.255 any eq 443
==========
I am a little bit confuse of setup route-map and ACL to direct the traffic according to the routing policy. Could someone please help?
Thanks,
Perry
05-08-2007 01:43 AM
Hi,
To make this work you need to receive a default route to Internet on both R1 and R2.
In this case the route to Internet on R1 should have a higher cost than the route received on R2.
So if you want to block everything except www and 443 your ACL should not be applied on fastethernet 1 on R3. At least not in that direction. Do you want to deny traffic when the R2 i active ?
So based on how your MPLS provider offer Internet you also need som sort of NAT if your LAN is from the private range (RFC 1918).
HTH
Regards,
Bjornarsb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide