controlling inbound/outbound traffic in 2 wan links

Answered Question
May 9th, 2007

Hi,

This is about PBR.

If I have two WAN links to same ISP who provides me two LAN Subnets and I want to control the inbound/outbound traffic as;

1. Traffic to/from LAN SubnetA uses Link1 as primary and Link2 as backup.

2. Traffic to/from LAN SubnetB uses Link2 as primary and Link1 as backup.

I can fix the incoming using BGP (private ASN between me and my ISP). For outgoing (if connection is triggered from LAN), I wonder if PBR's route-map can set two ip default next-hop with different AD or is there other alternative for outgoing?

Dandy

I have this problem too.
0 votes
Correct Answer by sundar.palaniappan about 9 years 7 months ago

Configure two 'set ip next-hop' statements under the route-map and the router would use the first reachable next hop. There's no need to use'set ip default next-hop' option as this command would be executed only when a route to the destination doesn't exist in the routing table.

HTH

Sundar

Correct Answer by royalblues about 9 years 7 months ago

Friend,

Mohammed is right. You can set more than next-hop. I have used it in my network and it works fine. But the next hop should be directly connected and the protocol should go down before the 2nd one takes over

HTH, rate if it does

Narayan

Correct Answer by mohammedmahmoud about 9 years 7 months ago

Hi,

I think that you can set more than next-hop, if the first fails the second is used:

set ip next-hop

Another option why not using a next-hop and a default next-hop, if the next-hop is not recursive, the default next-hop shall be used as backup, i haven't used it before, but you should give it a try:

!

route-map next permit 10

match ip address 10

set ip next-hop

set ip default next-hop

!

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
mohammedmahmoud Wed, 05/09/2007 - 06:34

Hi,

I think that you can set more than next-hop, if the first fails the second is used:

set ip next-hop

Another option why not using a next-hop and a default next-hop, if the next-hop is not recursive, the default next-hop shall be used as backup, i haven't used it before, but you should give it a try:

!

route-map next permit 10

match ip address 10

set ip next-hop

set ip default next-hop

!

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Danilo Dy Wed, 05/09/2007 - 06:47

Hi,

I'll try it in a lab and give you points when it does :)

I was thinking about this while walking home :)

Thanks,

Dandy

mohammedmahmoud Wed, 05/09/2007 - 06:52

Hi,

You are welcomed :), please re-read my first post, i've edited it.

HTH,

Mohammed Mahmoud.

Correct Answer
royalblues Wed, 05/09/2007 - 06:51

Friend,

Mohammed is right. You can set more than next-hop. I have used it in my network and it works fine. But the next hop should be directly connected and the protocol should go down before the 2nd one takes over

HTH, rate if it does

Narayan

Correct Answer
sundar.palaniappan Wed, 05/09/2007 - 06:52

Configure two 'set ip next-hop' statements under the route-map and the router would use the first reachable next hop. There's no need to use'set ip default next-hop' option as this command would be executed only when a route to the destination doesn't exist in the routing table.

HTH

Sundar

mohammedmahmoud Wed, 05/09/2007 - 06:58

Hi,

Sundar is right the ip default next-hop option would be executed only when a route to the destination doesn't exist in the routing table which most probably might introduce problems, accordingly the first method (setting multiple next-hops in a single statement) is the only recommended method in your case.

HTH,

Mohammed Mahmoud.

Danilo Dy Wed, 05/09/2007 - 07:00

Hi All,

I will try if below will work to my expectation;

!

interface FastEthernet0/0

ip policy route-map outgoing

!

interface Serial0/0

!

interface Serial0/1

!

access-list 101 permit ip LAN-SubnetA TO_ANY

access-list 102 permit ip LAN-SubnetB TO_ANY

!

route-map outgoing permit 101

match ip address 101

set ip next-hop LINK1

set ip nex-thop recursive LINK2

!

route-map outgoing permit 102

match ip addres 102

set ip next-hop LINK2

set ip next-hop recursive LINK1

Regards,

Dandy

mohammedmahmoud Wed, 05/09/2007 - 10:49

Hi,

I think that your proposed solution shall work, as if both a next-hop and a recursive next-hop IP address are present in the same route-map entry, the next-hop is used. If the next-hop is not available, the recursive next-hop is used. If the recursive next-hop is not available and no other IP address is present, the packet is routed using the default routing table.

The only constrain is that only one recursive next-hop IP address is supported per route-map entry which is fine in your case.

But any way i think that using 2 next-hops in the same set statement is the most common solution, please try both and feed us back.

HTH,

Mohammed Mahmoud.

Danilo Dy Fri, 05/11/2007 - 06:30

Hi Guys,

You've been very helpful. I don't have time to try it in a lab as I'm busy playing with PacketShaper' Direct Standby and Access-Link Monitoring :) since you're helpful and your recommendation makes sense, I give you each 5 points.

Edited: I'm having problem with my mouse which automatically tick "Resolve" :)

Dandy

Actions

This Discussion