Redirecting http traffic through the originating interface

Unanswered Question
Aug 20th, 2008
User Badges:

I have been scratching my head for quite a while on this one ...

We are a wisp, getting our internet connection from 6 DSL lines through 2 cisco boxes (3 lines on each). The cisco boxes feed a linux machine with 3 Nics that redistribute the traffic in our network. Everything works fine, except that the http requests coming from outside are only answered if coming through one of the 2 cisco boxes (let's say R1) .Unless R1 is disconnected from the network, the requests coming from the links attached to R2 are never answered (time out)- Looks like the linux box always tries to send the http traffic back through R1, even though the request comes from the other links -

We have decided to replace the linux box with another cisco router to make it easier ?

Is it possible to configure a route map to redirect the answer through the same interface it came from ?

How do I go about that ?

Where should I configure the route map ? R1 ? R2 ? Or New Cisco box ?

On wich interface should I apply the route map ?

Thanks for your help !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Tue, 08/26/2008 - 12:04
User Badges:
  • Silver, 250 points or more

You may try configuring the route map to redirect the answer through the same interface it came from using “set interface” command. The “set interface” command indicates where to output packets that pass a match clause of a route map for policy routing. The following URL may help you:

gondarmonn Tue, 08/26/2008 - 21:18
User Badges:

Sorry I did not reply right away, will take a deeper look ( I have gone through most of the stuff there ...) at the article and get back to you

Thanks a lot !


PS: As I said on double post, it looks like the command 'ip cef load-sharing algorithm original' on the main gateway (cisco box between our network and R1 and R2 (2 cisco routers each connected to 3 DSL lines) helps get rid of the time-out problem ...

gondarmonn Wed, 08/27/2008 - 09:13
User Badges:

Just to make sure we are talking about the same thing, here what I understood:

1- The cisco gateway is connected to 2 border gateways (if I can use this word .... routers connected to our provider) e1/0 and e1/1

2- Our network is on f0/0 of the cisco gateway

3- Let's say is the web server

4- My ACL would be:

access-list 100 permit tcp any eq www host

5- Route map

route-map WebAccess1 permit

match ip address 100

set interface e1/0

route-map WebAccess2 permit

match ip address 100

set interface e1/1

6- Apply the route-maps WebAccess1 and WebAccess2 to respectively e1/0 and e1/1 ?

Thanks for your help

gondarmonn Sat, 09/20/2008 - 12:49
User Badges:

Looks like I am mumbling to myself, maybe someone will kindly step in and help me ....

We finally did put in place a 3rd router to get rid of the linux box ... I will go over the setup again:

6 DSL links coming from provider, 3 going into one 2600 (R1), 3 others going into another 2600 (R2).

R1 and R2 are connected to the main gateway, a 7204VXR

All routers run cef (original algorithm ) to ensure per destination load sharing.

Everything works fine except web access from the ISP side (works fine from inside)

Something weird though, if the web request is made via SSL (https) then the web server answers (or the request gets to the web server I should say) any request through http don't even hit the server (time out)

One thing I am thinking is that maybe our provider runs per-packet load sharing on it side ? I would like to make sure everything is right on our end before talking with them

Some one have some pointers ?

Thank you for any help

gondarmonn Tue, 10/07/2008 - 08:43
User Badges:

Finally solved it !!!

Everything at our end was working smoothly (per destination load sharing), the problem was with one of the links from our provider .... They still can't figure out what the problem is, but after much testing, we found out that the problem was happening (time out when trying to access our web site) only when going through that link. We asked for the route to be removed while they look into it .... and ... voila !!!

It is all good !


This Discussion