Re: Please Confirm the use of ROUTE MAP

kthned · ‎03-20-2006

A company has two Internet connections ISP1 and ISP2 and they want to distribute their traffic to these two links, meaning they have to pass their network A traffic from ISP 1 and network B traffic from ISP 2. and they also want failover between these ISPs. i.e if one ISP link goes down the second one will take over. They have one FW and one 2800 Router to do this.

I have solved this issue quite a bit but I want to place this solution in the forum in order to get some more help from experience networkers. And to confirm if this solution is right.

As the costumer requirement is of source base routing , so Policy base routing using ROUTE MAP is the solution.

"Source-based provider selection"

ON Firewal If I configure Static Natting to translate netA to IP1 n/w ip and netB to IP2 n/w ip.(where IP1 and IP2 are dummy network ips) This can solve the problem but due to FW configured static route as you can only define one nexthop in the static route command i.e

Route outside 0.0.0.0 0.0.0.0 nexthop (next hop can be ISP1 or ISP2)

But I define here the Router internal interface ip. i.e. fe1

NetworkA ISP 1

\ fe1 /

Swi ---Fw---Router---swi

/ \

NetworkB ISP 2

see the attachments if the figure is scrambled

Now the hole traffic will go to the router, and on router I define route map using this logic.

If source ip = IP1 (from network 1)

than nexthop = ISP1 router

If source ip = IP2 (from network 2)

than nexthop = ISP2 router

Please guide me if there is any issue regarding this solution. One think I want to know that do the route map set command change any parameters in the packet.

Thanks in advance.

pkhatri · ‎03-20-2006

Hi,

When using PBR, you have the option of marking/re-marking the DSCP of packets switched in that manner. However, that is purely an optional thing that is not required as part of PBR. Therefore, the answer to your question is that the use of PBR does not change any fields in the packet, apart from those that are changed by any form of routing such as TTL and checksum.

Hope that helps - pls rate the post if it does.

Paresh

kthned · ‎03-20-2006

Thanks Paresh

Ok what will the router do if it did not change the packet next hop.

Umair

pkhatri · ‎03-20-2006

It will simply forward the packet out of the interface indicated by the routing table. Again, it will only modify the TTL and the checksum.

Pls do remember to rate posts.

Paresh

kthned · ‎03-20-2006

-- ISP 1

/

Router --

\

-- ISP 2

Thanks Paresh. can I use two ip addresses on router outside interface i.e. of both ISPs

networks. as ip address ISP1.x.x.x 255.0.0.0

ip address ISP2.x.x.x 255.0.0.0 secondary

will it work or i have to use subinterfaces, or two different erhernet , one for each ISP.

Another thing that worrying me is

"Is it possible the traffic from Network A going out to ISP 1 will recieve responses from ISP 2"

If this is true than what to do.

pkhatri · ‎03-21-2006

Yes, you can use secondary addresses on your interfaces. In that case, however, you will need to use a NAT pool to create your overload, since specifying the interface name will use the primary address only.

While the above is possible, I'm not sure it's relevant to your situation. If you have links to different ISPs, you really can't share one (logical) interface for both of them.

The answer to your last question is: No, the addresses assigned to you be each ISP will be routed via that same ISP...

Pls do remember to rate posts.

Paresh

kthned · ‎03-21-2006

Thanks Paresh for ur realy valuable reply.

Now Plz confirm me if there is any issue regarding this. accorfing to figure .(*as attached

on my first post)

I use Static Natting on Firewall to convert Both network ips (Though they are of same n/w

ips) to two different ips like

10.0.0.1 <> 20.0.0.1

10.0.0.2 <> 20.0.0.2

netmask /24

Now on Router i will again use nat to convert both ipees (20.1 & 20.2) to corresponding ISPs

networks ips.

and on same router i will use route maps to send traffic from 20.0.0.1 to ISP1 and from

20.0.0.2 to ISP2 router.

So please confirm me if their is any problem with this configuration.

Thanks

pkhatri · ‎03-21-2006

That should work okay.

Paresh

kthned · ‎03-21-2006

Hi Paresh

Now I will test the scenario. and wil let you know

It was a very nice discussion with you.and

Thanks for ur support

kthned · ‎03-28-2006

Paresh on the router to configure route map. I have a problem.

because i have to do two things on router . one route map and second nat.

first i configure it like

route map name permit 10

match ip add 1

what i i use here for set command

set ip next-hop

or set ip default next-hop

after configuring route map , i need to do static natting

Plz confirm me.

Thansk

pkhatri · ‎03-28-2006

Hi,

I would use the 'set ip next-hop' command; the 'set ip default next-hop' command will only act on packets that do not have an explicit route in the routing table.

Hope that helps - pls rate the post if it does.

Paresh

kthned · ‎03-28-2006

Thanks Paresh

After setting the next hop of the packet. than i configure

ip nat inside source static inside_ip outside ip

In what order will it work, as the common sense says that first the packet got the next hop according to original inside ip address. Than tranlation from inside to outside occur.

Am i right.

Thanks

pkhatri · ‎03-28-2006

Hi,

The route lookup (or policy-based routing) occurs before the NAT translation. Once the route lookup is done, the router knows whether the packet is traveling from an inside to an outside interface. If that is the case, the router will apply the appropriate NAT config and translate the packet.

Pls do remember to rate posts.

Paresh