Sorry if this question is too amateurish, but I am clueless on how to solve this problem.
The story is like this - I have a 7204VXR router connected to a 45 Mbps satellite downlink via a HSSI interface. I have a PA-2FE-TX module on the router and currently Fa1/0 (IP: 10.1.1.254) is connected to Server A (IP: 10.1.1.1). Traffic coming in from the satellite is being routed to Server A.
There is a default ip route which goes like this:
ip route 0.0.0.0 0.0.0.0 10.1.1.1
There are access-lists implemented on Fa1/0 such that only certain ports are being permitted to be routed to Server A.
The question: I would like to make use of the other FE port and implement another set of different access rules such that the traffic from the satellite will also go to Server B (IP: 10.2.2.2). The problem is traffic is only flowing to the Fa1/0 interface, and not onto the other Fa1/1 interface. How could I have two streams of data duplicated out onto the two interfaces? Some guy Ive asked mentioned something about IRB. Is this correct?
Basically if this is a switch, I could think of doing a SPAN where the satellite downstream is being replicated onto 2 FE ports. How could I achieve this on a router?
Thanks for the response. Adding specific routes may not work either, as I need all routes to go out via Fa1/0 and Fa1/1 simultaneously. Is there anything like a SPAN feature on a router?
Adding another default route to Fa1/1 will not work as this will result in a load balance scenario where 50% of the traffic will go to Fa1/0 and 50% will go to Fa1/1. What I need is 100% of traffic going to Fa1/0 and Fa1/1, after which I can apply the necessary access-lists on the interfaces.
whats the use of doing this.I couldn't geta point why you want to do this.The traffic is destined to server A so sending it on server B is useless.Yes by Nat u can change the destination address of packets coming to server A to go to serverB,without going to server A.But simutaneously on both servers same stream, I have not heard.Yes if you could able to span then also the other server B will reject the packets as the packets were addressed to Server A initially.What I think is that after spenning traffic if we are able to apply access list by replacing the destination address or if your Server B is in promiscous mode then traffic can reach there with the assumption we are able to perform span.Last but not the least Hub could be taken advantage of somehow
Thanks for the reply. So I suppose this could not be done on a router. A hub would not be able to handle the traffic. I guess I would be looking into using a Catalyst switch and performing SPAN on it. But in this way, I could not have the granularity of implementing different access lists on the two interfaces. Probably I need to do the filtering after the catalyst switch instead of at the current 7204 router.
There are many experts in this world ,there might be some way lets see if anybody has any sol'definitely there would be some sol on the router by confguring it .as u earlier reffered IRB might be able to make this as hub instead of bridge,I dont know .Lets wait and see.True Hubs cannot handle the load.
Assuming that the servers can run in a promiscuous mode and both servers do not need to see traffic destined for the same port, could you put a route map in place for the HSSI interface and match against an extended access list that only looks at TCP and UDP ports and will set the next hop for the packet to the server that should receive those port numbers? Rather long winded but you already use a static route to push all traffic directly to Server A. You could remove that route. Just a thought.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...