Unanswered Question
Oct 6th, 2008

Hi all,

We have two internet connections coming into a site. The goal is to have the secondary internet connection be only used if the primary fails.

Currently, we shut off the primary router, and then move the address to the secondary. (Painful.)

I know how I can get the adjacency, but how to I ensure that the secondary router is never used? Policy routing?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 10/06/2008 - 08:02


What do you mean by move address to the secondary ?

What is using this address - it is end hosts.

Your problem may be fixed by either

i) HSRP if we are just talking about moving a gateway address for end hosts

2) manipulating the bandwidth/delay settings on the secondary routers links so that the primary router is chosen ordinarily

Also, if these are Internet connections how are you receiving the routes eg by BGP and redistributing into EIGRP.

Could you fill in the blanks.


John Blakley Mon, 10/06/2008 - 08:33


The default gateway is the primary router for the end hosts.

I thought about HSRP, but doesn't SOME traffic in an HSRP configuration go out both routers?

The primary router is connected via IPFR, and we use BGP between ourselves. We don't have any EIGRP ASs at the moment, but I was thinking about implementing it for this case.

The secondary router doesn't run any routing protocol at all. The primary router only knows of it via static route.



Jon Marshall Mon, 10/06/2008 - 08:37


It does depend on your IP addressing. The main issue with HSRP would be the return path traffic but if you NAT all traffic to the outside interface address of the primary router then the return traffic would come in that way as well.

You would need to run HSRP tracking so that if the serial interface of the primary router went down HSRP switched to the secondary router.

This is the simplest solution.


Jon Marshall Mon, 10/06/2008 - 08:48


Do you mean that the source IP addresses from the end hosts don't get Natted as they go out onto the Internet ??

If so it would be a problem with the return traffic assuming you are advertising your source IP addresses out of both links ie. primary router and secondary router ? Is this the case ?


John Blakley Mon, 10/06/2008 - 08:54

Kinda correct :-)

It's a remote site that's on an IPFR (IP Frame Relay circuit); it's all private addressing for the primary router. The secondary router is on an AT&T Optiman link, and it has private addressing as well. Therefore, I believe, the traffic isn't NAT'd until it leaves their "public" side, and then the other public side of both devices.

You can accomplish this by running HSRP (Hot Standby Routing Protocol) on you routers. Here's a sample config assuming your primary router uses interface serial 0/1 (or just change the track command to whatever your using) for your ISP connection and both router are connected on interface Fa0/1 (on that bottom switch in your diagram):

Router1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router1(config)#interface FastEthernet 0/1

Router1(config-if)#ip address

Router1(config-if)#standby 1 ip

Router1(config-if)#standby 1 priority 110

Router1(config-if)#standby 1 track interface Serial 0/1 ;(when this interface s0/1 goes down router this intface will lose 10points on it's priority and int fa0/1 on router to will automatically become the primary)

The second router's configuration is similar, except that the interface has a different real IP address and a lower HSRP priority level (105):

Router2#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router2(config)#interface FastEthernet 0/1

Router2(config-if)#ip address

Router2(config-if)#standby 1 ip

Router2(config-if)#standby 1 priority 105

Make sure that all host devices on that internal switch use as its default gateway.

John Blakley Mon, 10/06/2008 - 08:51

To throw another wrench in this, and I forgot to say this from the start, the secondary router connects to a different point in our network. Since the secondary router doesn't run BGP, the routing table doesn't include that network. How does HSRP handle the return traffic in this case? Would I need to add a static route on our end to get the return traffic back?


This Discussion