routing and hsrp

Unanswered Question
Jul 13th, 2008
User Badges:


Experts,


My current setup:


workstations-sw1-rtr1-isp1

workstations-sw2-rtr2-isp2


rtr1 and rtr2 is connected to each other via hsrp, hence the default gateways of workstations is the hsrp ip or the standby ip address.


how do i setup the routers in such a way that when the destination is x.x.x.x should pass through rtr1 and when the destination is y.y.y.y should pass through rtr2 considering that the default gateways is the hsrp ip ?


Thanks,


K0rg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
Marwan ALshawi Sun, 07/13/2008 - 20:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

in this case make PBR

this policy put it on you active router (the one with hight priority)

because by default all traffic is going throught the active one

so make a policy route that match and ACL matching what source u want it to be routed through the standby one with sequnce number 10

then make another line with this policy with squence number 20

maching any any

this will be used in case the standby is down

and in the sequence number 10 line make the next hop ur rtr ip no hsrp ip

apply it to the inside active router inter face

ip access-list 100 match ip any y.y.y.y mask

route-map p1 permit 10

match ip address 100

set nex-hop (rtr2 ip)


route-map p1 permit 20


on the rtr1 interface


ip policy route-map p1


good luck

and rate if helpful


joseph.derrick Sun, 07/13/2008 - 21:13
User Badges:

Thank you very much Marwanshawi.


Could you point me to a documentation or site regarding this one for a more clearer picture of the example ?


Cheers,


K0rg

Edison Ortiz Sun, 07/13/2008 - 21:28
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I don't think you can avoid the "pass through", in other words, the router processing the packet, as you are requesting.


The workstation will send the packet to the HSRP VIP. Whichever router is the active VIP will process the packet.


However, you can manipulate the egress packet from either router with standard dynamic routing protocols.


Without knowing your network setup, it's very hard to recommend a solution.


BTW, PBR (Policy Based Routing) will help you on determining the destination based on the source and I believe you didn't ask for that.


HTH,


__


Edison.

Marwan ALshawi Sun, 07/13/2008 - 22:14
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source


good luck and dont forget to rate the helpful post


Marwan ALshawi Sun, 07/13/2008 - 22:15
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source


good luck and dont forget to rate the helpful post


Marwan ALshawi Sun, 07/13/2008 - 22:15
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source


good luck and dont forget to rate the helpful post


paul.matthews Mon, 07/14/2008 - 12:39
User Badges:
  • Silver, 250 points or more

Bear in mind that HSRP turns off ICMP redirect, you may be better off using two hsrp groups - one to be active on each router, and add static routes to the workstations.


PBR is not easy to make resilient, and as such defeats the object of using HSRP.


If you just want to split so that load goes both ways, look at GLBP.

Marwan ALshawi Mon, 07/14/2008 - 16:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i agree with paul that better for younto use GLBP

in this case u will balance the load, and in one of ur routers goes down u have redundant one

good luck


by the why u dont recommend PBR ?

paul.matthews Tue, 07/15/2008 - 01:28
User Badges:
  • Silver, 250 points or more

Do you mean why do I not recommend PBR? You have to get a little clever for it to be resilient. The basic of PBR is that you define sone traffic, and what to do with it. Say we have two routers on a lan, both with outbound connections. Router A abd B. Router A has PBR set routing all traffic with octet 2 above 127 to router B, and router B has all traffic below 128 to router A.


When router A fails, PBR is not clever enough on its own for router B to understand that routr A has gone, so will try to forward any traffic to 10.123.1.1 to router A, neatly blackholing it at best. At worst once ARP has timed out it will take even more CPU on B.


You can get clever by trying things like using a dedicated link between them, such that the next hop interface will be down, but don't guarntee that will work as hoped, or you can investigate object tracking to see if you can incorporate it into PBR.


If it was essenial that some subnets went via A, and some via B, I would rather look at investigating the routing protocol to see what I could do, or look at a dedicated link between than and use static routes.


Paul.

Marwan ALshawi Tue, 07/15/2008 - 01:58
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i think PBR more useful with routing protocols and redstribution aslo with BGP policies

Actions

This Discussion