04-08-2008 05:23 AM - edited 03-03-2019 09:27 PM
Hello,
I have a basic query on difference between serial & ethernet. Iam aware of how they work and bits will be transmitted over the interface. But in practical.. now a days most clients prefer to go with the Ethernet handoff from ISP (like cablevision) than using an additional router on external zone with Serial interfaces.
For ex: if I have one link with Ethernet hand-off and another link with Serial i/f for ISPs, then even Ethernet hand off ISP has infrastructural issues, that will not make the ethernet i/f on my end 'down' and will not cause automatic failover to happen(hope my statement makes some sense).
Also, lets say,in an OSPF environment, if I have a Ethernet hand off to ASA from ISP, and incase the IPS having issues, only because of the reason the next hop of ASA is reachable (route outside 0.0.0.0 0.0.0.0 x.x.x.x 1) and connected via ethernet i/f, the backup route will not be used/installed in the LAN core routing table.
So my basic question is... Serial interface are more sensitive in detecting loss of signal than Ethernet..?
I do have some idea, but wanted to hear from Gurus in the Forum.
Thank you in advance for your time...
MS
04-08-2008 06:42 AM
Hi, the most correct approach is not to use physical status of interfaces to determine network availability. This because especially with ethernet "hand-offs" the interface cna be perfectly working yet the network is broek somewhere else.
To do that you use the "ip sla" feature that allows you to define a monitored object for tracking via ping or other method. When the object goes down, a "floating" static route is usually activated.
Hope this helps, please rate post if it does!
04-08-2008 07:38 AM
Hi Paolo,
Thats perfect and Iam infact thinking in the same direction. But here is the question..
BO core (ospf) ---> ASA (ospf) --> ISP ethernet hand off
BO core has default static route to PIX for internet. ASA has route outside stmt.
BO core (ospf)--> HQ core (ospf) --> ASA --> ISP.
Now using the 'sla' configs, will it possible to route the Internet traffic via HQ incase BO internet has issues.
I know this can be done with 2 ISPs to ASA at BO. But routing the traffic via internal LAN and to core using 'SLA'... not sure..
please suggest..
thank you
MS
04-08-2008 07:46 AM
Sure, one way would be BO has static default route tied to track. When tracking fails, a default route from HQ kicks in.
There can be more ways, this one seems simpler.
04-08-2008 08:26 AM
Thank you... need suggestion in config..
1.BO: 4500 with OSPF enabled and static
0.0.0.0 0.0.0.0 10.20.20.5 (ASA inside
IP)
2.ASA also OSPF enabled with network
stmt network 10.20.20.5
255.255.255.255 area x (same area as
4500)and static route 0.0.0.0 0.0.0.0
1.1.1.1 --> cable modem static IP
3.4500 <--p2p gig link --> HQ site via
OSPF. HQ has another big internet pipe.
HQ6500 with Area '0' except for the
Interface connecting to 4500 (same area as
4500). So 6500 acting as ABR.
4.6500 also has another gig link to BO#2
having same kind setup as BO , but on BO#2
PIX we have enabled defaul-information
originate metric-type 1. So BO#2 core
switch has default floating route pointing
to another location with big interent pipe.
5. Enabling 'defaul-information' on BO ASA
injecting default route from it own route
stmt and BO#2 PIX also. Not sure but I
might need route-map to control
the 'route' injection.
6. Can you put the configuration on ASA/PIX
to route the internet automatically to
backup path incase if the primary path
fails..?
Thank you
MS
04-08-2008 09:23 AM
Hi, I would avoid any addiotional ospf config on the ASA, because these are weak in that. One thing you need is set PBR (ip local policy) on the router with track, because you need the probe packet to always take the same route. The rest is just having the alternate default being sent with an higher metric.
04-08-2008 10:01 AM
Hi paolo,
Sounds like wonderful idea and I would like to try that. Will you please shoot me some configuration example on this.
Thank you
MS
04-09-2008 02:17 AM
Can't reach the router where I have a similar setup. I will forward when I have access again.
04-09-2008 05:29 AM
Fantastic. I will wait on it.
rgds
MS
04-20-2008 09:08 AM
Hi,
just wanted to let you all know that, I have implemented in my clients network environment the object tracking feature for internet access. THis was done yesterday. Tests were successful..so its working.
Thank you all for your time and suggestions.
regards
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide