controlling inbound/outbound traffic in 2 wan links

Answered Question
May 9th, 2007
User Badges:
  • Blue, 1500 points or more

Hi,


This is about PBR.


If I have two WAN links to same ISP who provides me two LAN Subnets and I want to control the inbound/outbound traffic as;

1. Traffic to/from LAN SubnetA uses Link1 as primary and Link2 as backup.

2. Traffic to/from LAN SubnetB uses Link2 as primary and Link1 as backup.


I can fix the incoming using BGP (private ASN between me and my ISP). For outgoing (if connection is triggered from LAN), I wonder if PBR's route-map can set two ip default next-hop with different AD or is there other alternative for outgoing?


Dandy

Correct Answer by sundar.palaniappan about 10 years 1 month ago

Configure two 'set ip next-hop' statements under the route-map and the router would use the first reachable next hop. There's no need to use'set ip default next-hop' option as this command would be executed only when a route to the destination doesn't exist in the routing table.


HTH


Sundar

Correct Answer by royalblues about 10 years 1 month ago

Friend,


Mohammed is right. You can set more than next-hop. I have used it in my network and it works fine. But the next hop should be directly connected and the protocol should go down before the 2nd one takes over


HTH, rate if it does

Narayan





Correct Answer by mohammedmahmoud about 10 years 1 month ago

Hi,


I think that you can set more than next-hop, if the first fails the second is used:


set ip next-hop


Another option why not using a next-hop and a default next-hop, if the next-hop is not recursive, the default next-hop shall be used as backup, i haven't used it before, but you should give it a try:


!

route-map next permit 10

match ip address 10

set ip next-hop

set ip default next-hop

!



HTH, please do rate all helpful replies,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
mohammedmahmoud Wed, 05/09/2007 - 06:34
User Badges:
  • Green, 3000 points or more

Hi,


I think that you can set more than next-hop, if the first fails the second is used:


set ip next-hop


Another option why not using a next-hop and a default next-hop, if the next-hop is not recursive, the default next-hop shall be used as backup, i haven't used it before, but you should give it a try:


!

route-map next permit 10

match ip address 10

set ip next-hop

set ip default next-hop

!



HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Danilo Dy Wed, 05/09/2007 - 06:47
User Badges:
  • Blue, 1500 points or more

Hi,


I'll try it in a lab and give you points when it does :)


I was thinking about this while walking home :)


Thanks,

Dandy

mohammedmahmoud Wed, 05/09/2007 - 06:52
User Badges:
  • Green, 3000 points or more

Hi,


You are welcomed :), please re-read my first post, i've edited it.


HTH,

Mohammed Mahmoud.

Correct Answer
royalblues Wed, 05/09/2007 - 06:51
User Badges:
  • Green, 3000 points or more

Friend,


Mohammed is right. You can set more than next-hop. I have used it in my network and it works fine. But the next hop should be directly connected and the protocol should go down before the 2nd one takes over


HTH, rate if it does

Narayan





Correct Answer
sundar.palaniappan Wed, 05/09/2007 - 06:52
User Badges:
  • Green, 3000 points or more

Configure two 'set ip next-hop' statements under the route-map and the router would use the first reachable next hop. There's no need to use'set ip default next-hop' option as this command would be executed only when a route to the destination doesn't exist in the routing table.


HTH


Sundar

mohammedmahmoud Wed, 05/09/2007 - 06:58
User Badges:
  • Green, 3000 points or more

Hi,


Sundar is right the ip default next-hop option would be executed only when a route to the destination doesn't exist in the routing table which most probably might introduce problems, accordingly the first method (setting multiple next-hops in a single statement) is the only recommended method in your case.



HTH,

Mohammed Mahmoud.

Danilo Dy Wed, 05/09/2007 - 07:00
User Badges:
  • Blue, 1500 points or more

Hi All,


I will try if below will work to my expectation;

!

interface FastEthernet0/0

ip policy route-map outgoing

!

interface Serial0/0

!

interface Serial0/1

!

access-list 101 permit ip LAN-SubnetA TO_ANY

access-list 102 permit ip LAN-SubnetB TO_ANY

!

route-map outgoing permit 101

match ip address 101

set ip next-hop LINK1

set ip nex-thop recursive LINK2

!

route-map outgoing permit 102

match ip addres 102

set ip next-hop LINK2

set ip next-hop recursive LINK1


Regards,

Dandy

mohammedmahmoud Wed, 05/09/2007 - 10:49
User Badges:
  • Green, 3000 points or more


Hi,


I think that your proposed solution shall work, as if both a next-hop and a recursive next-hop IP address are present in the same route-map entry, the next-hop is used. If the next-hop is not available, the recursive next-hop is used. If the recursive next-hop is not available and no other IP address is present, the packet is routed using the default routing table.


The only constrain is that only one recursive next-hop IP address is supported per route-map entry which is fine in your case.


But any way i think that using 2 next-hops in the same set statement is the most common solution, please try both and feed us back.



HTH,

Mohammed Mahmoud.


Danilo Dy Fri, 05/11/2007 - 06:30
User Badges:
  • Blue, 1500 points or more

Hi Guys,


You've been very helpful. I don't have time to try it in a lab as I'm busy playing with PacketShaper' Direct Standby and Access-Link Monitoring :) since you're helpful and your recommendation makes sense, I give you each 5 points.


Edited: I'm having problem with my mouse which automatically tick "Resolve" :)


Dandy

Actions

This Discussion