We are looking to policy route traffic that enters an interface on one switch and send it to an ISP connected on an interface on another switch.
If we were not looking to ensure availability of the next hop, we could simply use set ip next-hop recursive, however, we need to ensure that the next hop is available along the path and I am trying to determine if this is possible.
If I understand correctly, in order to use a set ip next-hop verify-availability command in a route map, the next hop ip has be reachable from a directly connected interface. This means in order to do what I am trying to accomplish I will need 2 policy routes, one on the switch where the ingress traffic to be policy routed originates that sends it over to the second router that is connected to the ISP that I want to send the traffic to, and the other on the router connected to the ISP to send the traffic to the ISP.
What is the best way to design these route maps to accomplish this? Is their a better solution that accomplishes the same thing?
Perhaps I am not understanding your comment about setting next-hop with verify-availability. You seem to say that it requires that the target be directly connected. But that is not the case. I have used verify-availability with a target that was several hops away and it worked just fine.
You are correct that you will need Policy Based Routing configured with its route map on the switch where the traffic enters. And you will probably need another PBR configured with its route map on the router that is connected to the ISP. (and if there are other layer 3 hops between the entering switch and the router then they may need PBR as well).
Without understanding more about the network I am not sure that there is much other advice that I can offer at this point. If you need additional advice then please provide more information about the network and what you are attempting to accomplish.
I don't rmemeber where at this point, however I thought I remember reading that in order to use verify-availability it had to be a directly connected subnet.
If that is not the case (and if you are using it without issue it obviously is not the case), then nothing fancy really needs to be done for my configuration with the exception of 2 tracking objects (one for the "final" interface and one for our local link to ensure that is the route it is taking to get there).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...