10-06-2008 07:51 AM - edited 03-03-2019 11:48 PM
Hi all,
We have two internet connections coming into a site. The goal is to have the secondary internet connection be only used if the primary fails.
Currently, we shut off the primary router, and then move the address to the secondary. (Painful.)
I know how I can get the adjacency, but how to I ensure that the secondary router is never used? Policy routing?
Thanks!
John
10-06-2008 07:52 AM
10-06-2008 08:02 AM
John
What do you mean by move address to the secondary ?
What is using this address - it is end hosts.
Your problem may be fixed by either
i) HSRP if we are just talking about moving a gateway address for end hosts
2) manipulating the bandwidth/delay settings on the secondary routers links so that the primary router is chosen ordinarily
Also, if these are Internet connections how are you receiving the routes eg by BGP and redistributing into EIGRP.
Could you fill in the blanks.
Jon
10-06-2008 08:33 AM
Jon,
The default gateway is the primary router for the end hosts.
I thought about HSRP, but doesn't SOME traffic in an HSRP configuration go out both routers?
The primary router is connected via IPFR, and we use BGP between ourselves. We don't have any EIGRP ASs at the moment, but I was thinking about implementing it for this case.
The secondary router doesn't run any routing protocol at all. The primary router only knows of it via static route.
Thanks,
John
10-06-2008 08:37 AM
John
It does depend on your IP addressing. The main issue with HSRP would be the return path traffic but if you NAT all traffic to the outside interface address of the primary router then the return traffic would come in that way as well.
You would need to run HSRP tracking so that if the serial interface of the primary router went down HSRP switched to the secondary router.
This is the simplest solution.
Jon
10-06-2008 08:45 AM
We don't use NAT; would this still be a problem with HSRP?
10-06-2008 08:48 AM
John
Do you mean that the source IP addresses from the end hosts don't get Natted as they go out onto the Internet ??
If so it would be a problem with the return traffic assuming you are advertising your source IP addresses out of both links ie. primary router and secondary router ? Is this the case ?
Jon
10-06-2008 08:54 AM
Kinda correct :-)
It's a remote site that's on an IPFR (IP Frame Relay circuit); it's all private addressing for the primary router. The secondary router is on an AT&T Optiman link, and it has private addressing as well. Therefore, I believe, the traffic isn't NAT'd until it leaves their "public" side, and then the other public side of both devices.
10-06-2008 08:45 AM
You can accomplish this by running HSRP (Hot Standby Routing Protocol) on you routers. Here's a sample config assuming your primary router uses interface serial 0/1 (or just change the track command to whatever your using) for your ISP connection and both router are connected on interface Fa0/1 (on that bottom switch in your diagram):
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet 0/1
Router1(config-if)#ip address 10.126.1.1 255.255.255.0
Router1(config-if)#standby 1 ip 10.126.1.3
Router1(config-if)#standby 1 priority 110
Router1(config-if)#standby 1 track interface Serial 0/1 ;(when this interface s0/1 goes down router this intface will lose 10points on it's priority and int fa0/1 on router to will automatically become the primary)
The second router's configuration is similar, except that the interface has a different real IP address and a lower HSRP priority level (105):
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 0/1
Router2(config-if)#ip address 10.126.1.2 255.255.255.0
Router2(config-if)#standby 1 ip 10.126.1.3
Router2(config-if)#standby 1 priority 105
Make sure that all host devices on that internal switch use 10.126.1.3 as its default gateway.
10-06-2008 08:51 AM
To throw another wrench in this, and I forgot to say this from the start, the secondary router connects to a different point in our network. Since the secondary router doesn't run BGP, the routing table doesn't include that network. How does HSRP handle the return traffic in this case? Would I need to add a static route on our end to get the return traffic back?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: