cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
1
Helpful
12
Replies

routing and hsrp

joseph.derrick
Level 1
Level 1

Experts,

My current setup:

workstations-sw1-rtr1-isp1

workstations-sw2-rtr2-isp2

rtr1 and rtr2 is connected to each other via hsrp, hence the default gateways of workstations is the hsrp ip or the standby ip address.

how do i setup the routers in such a way that when the destination is x.x.x.x should pass through rtr1 and when the destination is y.y.y.y should pass through rtr2 considering that the default gateways is the hsrp ip ?

Thanks,

K0rg

12 Replies 12

Marwan ALshawi
VIP Alumni
VIP Alumni

in this case make PBR

this policy put it on you active router (the one with hight priority)

because by default all traffic is going throught the active one

so make a policy route that match and ACL matching what source u want it to be routed through the standby one with sequnce number 10

then make another line with this policy with squence number 20

maching any any

this will be used in case the standby is down

and in the sequence number 10 line make the next hop ur rtr ip no hsrp ip

apply it to the inside active router inter face

ip access-list 100 match ip any y.y.y.y mask

route-map p1 permit 10

match ip address 100

set nex-hop (rtr2 ip)

route-map p1 permit 20

on the rtr1 interface

ip policy route-map p1

good luck

and rate if helpful

Thank you very much Marwanshawi.

Could you point me to a documentation or site regarding this one for a more clearer picture of the example ?

Cheers,

K0rg

Edison Ortiz
Hall of Fame
Hall of Fame

I don't think you can avoid the "pass through", in other words, the router processing the packet, as you are requesting.

The workstation will send the packet to the HSRP VIP. Whichever router is the active VIP will process the packet.

However, you can manipulate the egress packet from either router with standard dynamic routing protocols.

Without knowing your network setup, it's very hard to recommend a solution.

BTW, PBR (Policy Based Routing) will help you on determining the destination based on the source and I believe you didn't ask for that.

HTH,

__

Edison.

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source

good luck and dont forget to rate the helpful post

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source

good luck and dont forget to rate the helpful post

i dont have a link for it now

but if destination based dose not worked with you

try to make an other ACL that make the amtching based on source

good luck and dont forget to rate the helpful post

thanks, i'll take a look at the link you have given.

paul.matthews
Level 5
Level 5

Bear in mind that HSRP turns off ICMP redirect, you may be better off using two hsrp groups - one to be active on each router, and add static routes to the workstations.

PBR is not easy to make resilient, and as such defeats the object of using HSRP.

If you just want to split so that load goes both ways, look at GLBP.

i agree with paul that better for younto use GLBP

in this case u will balance the load, and in one of ur routers goes down u have redundant one

good luck

by the why u dont recommend PBR ?

Do you mean why do I not recommend PBR? You have to get a little clever for it to be resilient. The basic of PBR is that you define sone traffic, and what to do with it. Say we have two routers on a lan, both with outbound connections. Router A abd B. Router A has PBR set routing all traffic with octet 2 above 127 to router B, and router B has all traffic below 128 to router A.

When router A fails, PBR is not clever enough on its own for router B to understand that routr A has gone, so will try to forward any traffic to 10.123.1.1 to router A, neatly blackholing it at best. At worst once ARP has timed out it will take even more CPU on B.

You can get clever by trying things like using a dedicated link between them, such that the next hop interface will be down, but don't guarntee that will work as hoped, or you can investigate object tracking to see if you can incorporate it into PBR.

If it was essenial that some subnets went via A, and some via B, I would rather look at investigating the routing protocol to see what I could do, or look at a dedicated link between than and use static routes.

Paul.

i think PBR more useful with routing protocols and redstribution aslo with BGP policies

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: