PBR to a server

Unanswered Question
Jan 9th, 2008
User Badges:

Hi,

I've got a scenario where my users will be on 1.1.1.0/24 and my router ip address is 1.1.1.3/24. I have two servers connected to the router. The FTP server is 192.168.1.1 and the Streaming server is 192.168.1.2. If the user is going to transfer a file using FTP, it should be routed to the FTP server. If a streaming is requested and it should be routed to the Streaming server. If the user will like to browse then it will be routed to another router. Will PBR work for the FTP and streaming, since the next hop is not a router but the server itself? Attached is a topology



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 01/09/2008 - 19:00
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The next-hop doesn't have to be a router for the PBR to work. What you are proposing should work without problems.


HTH,


Edison.

s.arunkumar Wed, 01/09/2008 - 19:37
User Badges:
  • Bronze, 100 points or more

Is ur switch layer 2 or layer 3.As i understand ur communication between the servers and users happens through the router,ie intervlan happens via router rather than switch.

If so u can divert the traffic.Just match the access-list for ftp traffic and ur steaming traffic(port no. for the same).Then set the next hop as servers IP.

If the next-hop is not in routing table,try creating a static route to the servers so as to match the next-hop..i have a doubt in that but lets hear waht other says..

s-seesurrun Thu, 01/10/2008 - 01:50
User Badges:

Hi,

I'll be using a layer 2 switch. I believe it should work. Will it be easier if I have an additional 2 ethernet ports on the router with the latter being on the same subnet of the servers?

s.arunkumar Thu, 01/10/2008 - 02:20
User Badges:
  • Bronze, 100 points or more

If its l2 switch then the user data is coming till router and then getting routed.

If u are connecting servers directly to two differnet ports on same router then both will be in different subnets.

I think then its easy as packet reaches the router it understand to which network it should go..so no need of pbr then..


arun

Edison Ortiz Thu, 01/10/2008 - 05:27
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Arun,


From my understanding, he wants to redirect traffic based on the application (FTP). You can't do this with regular 'ip routing', you need PBR for this task.


___


Edison.


s.arunkumar Thu, 01/10/2008 - 05:35
User Badges:
  • Bronze, 100 points or more

Yes i understood that..If i understood correctly he mentioned that he plan to put two servers across two ethernet int in an above post.That means two will be in directly connected different subnet.Now both server will have different IP then.So the router can decide at layer 3 itself without check top layer data where to forwards.

Please correct me if i am wrong

tks a lot

arun :)


Edison Ortiz Thu, 01/10/2008 - 06:00
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Layer3 (routing) will only use destination-based routing. I believe the OP wants all FTP sessions to go to the FTP server and not the internet. All streaming related packets to go to the streaming device. All other traffic should go into the internet.


Layer3 routing alone won't do this for you.


__


Edison.

s-seesurrun Thu, 01/10/2008 - 07:17
User Badges:

Edison,

You got the set up right. All FTP session will go to the FTP server and streaming to the Streaming server. Any other traffic will go to the internet. So you reckon that PBR will work just fine, even if I have only one ethernet connection between the router and the switch, all the servers connected to the switch but on different subnets. The second ethernet interface on the router will be connected directly to the internet.

Edison Ortiz Thu, 01/10/2008 - 07:26
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I'm assuming you are using trunking on the ethernet port facing the internal switch ?


Are you able to ping those servers from the router?


Can you post the router config?



s-seesurrun Thu, 01/10/2008 - 08:49
User Badges:

I haven't bought the router yet. Wanted to be sure that the set up will work before going ahead and buy one.

Edison Ortiz Thu, 01/10/2008 - 10:45
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Buy one with (2) LAN interfaces.

s-seesurrun Thu, 01/10/2008 - 12:36
User Badges:

I am getting one with two LAN interfaces and two more slots.

The first interface will be connected to the switch with the other servers and the second one to the internet.

Edison Ortiz Thu, 01/10/2008 - 05:25
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It would give you more choices on the PBR as you can use set interface as a next-hop option within the route-map.


A set ip next-hop will work as long as the next-hop device is in a directly connected network from the device performing the PBR.

__


Edison.

Actions

This Discussion