07-13-2008 07:07 PM - edited 03-06-2019 12:09 AM
Experts,
My current setup:
workstations-sw1-rtr1-isp1
workstations-sw2-rtr2-isp2
rtr1 and rtr2 is connected to each other via hsrp, hence the default gateways of workstations is the hsrp ip or the standby ip address.
how do i setup the routers in such a way that when the destination is x.x.x.x should pass through rtr1 and when the destination is y.y.y.y should pass through rtr2 considering that the default gateways is the hsrp ip ?
Thanks,
K0rg
07-13-2008 08:49 PM
in this case make PBR
this policy put it on you active router (the one with hight priority)
because by default all traffic is going throught the active one
so make a policy route that match and ACL matching what source u want it to be routed through the standby one with sequnce number 10
then make another line with this policy with squence number 20
maching any any
this will be used in case the standby is down
and in the sequence number 10 line make the next hop ur rtr ip no hsrp ip
apply it to the inside active router inter face
ip access-list 100 match ip any y.y.y.y mask
route-map p1 permit 10
match ip address 100
set nex-hop (rtr2 ip)
route-map p1 permit 20
on the rtr1 interface
ip policy route-map p1
good luck
and rate if helpful
07-13-2008 09:13 PM
Thank you very much Marwanshawi.
Could you point me to a documentation or site regarding this one for a more clearer picture of the example ?
Cheers,
K0rg
07-13-2008 09:28 PM
I don't think you can avoid the "pass through", in other words, the router processing the packet, as you are requesting.
The workstation will send the packet to the HSRP VIP. Whichever router is the active VIP will process the packet.
However, you can manipulate the egress packet from either router with standard dynamic routing protocols.
Without knowing your network setup, it's very hard to recommend a solution.
BTW, PBR (Policy Based Routing) will help you on determining the destination based on the source and I believe you didn't ask for that.
HTH,
__
Edison.
07-13-2008 10:14 PM
i dont have a link for it now
but if destination based dose not worked with you
try to make an other ACL that make the amtching based on source
good luck and dont forget to rate the helpful post
07-13-2008 10:15 PM
i dont have a link for it now
but if destination based dose not worked with you
try to make an other ACL that make the amtching based on source
good luck and dont forget to rate the helpful post
07-13-2008 10:15 PM
i dont have a link for it now
but if destination based dose not worked with you
try to make an other ACL that make the amtching based on source
good luck and dont forget to rate the helpful post
07-13-2008 10:34 PM
07-14-2008 01:19 AM
thanks, i'll take a look at the link you have given.
07-14-2008 12:39 PM
Bear in mind that HSRP turns off ICMP redirect, you may be better off using two hsrp groups - one to be active on each router, and add static routes to the workstations.
PBR is not easy to make resilient, and as such defeats the object of using HSRP.
If you just want to split so that load goes both ways, look at GLBP.
07-14-2008 04:22 PM
i agree with paul that better for younto use GLBP
in this case u will balance the load, and in one of ur routers goes down u have redundant one
good luck
by the why u dont recommend PBR ?
07-15-2008 01:28 AM
Do you mean why do I not recommend PBR? You have to get a little clever for it to be resilient. The basic of PBR is that you define sone traffic, and what to do with it. Say we have two routers on a lan, both with outbound connections. Router A abd B. Router A has PBR set routing all traffic with octet 2 above 127 to router B, and router B has all traffic below 128 to router A.
When router A fails, PBR is not clever enough on its own for router B to understand that routr A has gone, so will try to forward any traffic to 10.123.1.1 to router A, neatly blackholing it at best. At worst once ARP has timed out it will take even more CPU on B.
You can get clever by trying things like using a dedicated link between them, such that the next hop interface will be down, but don't guarntee that will work as hoped, or you can investigate object tracking to see if you can incorporate it into PBR.
If it was essenial that some subnets went via A, and some via B, I would rather look at investigating the routing protocol to see what I could do, or look at a dedicated link between than and use static routes.
Paul.
07-15-2008 01:58 AM
i think PBR more useful with routing protocols and redstribution aslo with BGP policies
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide