Solved: Re: Policy Routing and Route Maps

netsec123 · ‎11-01-2006

Hi. I am hoping somebody can help me. Currently, my client has all internet traffic going through an 1841 router with two exit points. A T1 and a DSL line. The DSL line is waiting as a backup for failover. So it is not used.

Basically, we are looking to segment the traffic. Traffic destined for a SPECIFIC location on the Internet [i.e. 24.1.1.0/8] goes through the T1 circuit and all other traffic goes through the DSL.

Now, in the case that there is a circuit failure with the T1, we would also like the traffic (to our SPECIFIC location) to be re-directed to the DSL circuit. The key variable here is that we'd also like to do the reverse... If DSL goes down, route out the T1!

Is this even doable??!! :)

Thanks to whomever has the brains on this one! :0

jackyoung · ‎11-01-2006

You're welcome. I am not God... just want to share my opinion. Try to design the network as simple as possible to elimate any possible problem.

Yes, the floating statis should point to the DSL, because DSL is the backup for T1.

Sorry I may misleading you. What I mean is to enable the tracking object at the T1. It was because if the T1 still up, but the remote down, the floating static will not work. However, it is same situatino as DSL that Ethernet will not down even the remote down. So, you may also require tracking at the static for 24.1.1.0/8 too to prevent it never down.

For the NAT, when your traffic out-going from which interface, then it will use that NAT rule. So, be careful for the IP address planning for the NAT pool.

Hope this helps.

View solution in original post

jackyoung · ‎11-01-2006

First of all, your request can be made by static route instead of policy-based routing.

Configure a static which point DSL as the next-hop for 24.1.1.0/8.

Then add a floating static (i.e. 0.0.0.0/32 w/ higher cost) which point to the DSL as next-hop too.

In normal cases, only the traffic to 24.1.1.0/8 will forward to DSL. If the T1 down, the traffic will forward to DSL. If the DSL down, the 24.1.1.0/0 traffic will forward to T1 that follow the original default route.

In additional if you want to prevent the remote or somewhere broken but the T1 interface still up and the floating static will not work. You can consider to use tracking function to track the remote to prevent non-direct failure.

Check below for tracking object :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541be.html

Hope this helps.

netsec123 · ‎11-01-2006

Jack,

You are God. I totally forgot about the static route option. BUT, I am adding the config file to show you 'cause I think there may be more to this. I have NAT and NAT overload also configured here. Also, the T1 [not the DSL] will be the primary for the market data feed [24.1.1.0/8]. So, the floating static should point to the DSL yes? The DSL line is an Ethernet handoff so I guess that's why you wanted me to read the object tracking doc - which I will!! Let me know your thoughts please.

Thanks!

Vince

jackyoung · ‎11-01-2006

You're welcome. I am not God... just want to share my opinion. Try to design the network as simple as possible to elimate any possible problem.

Yes, the floating statis should point to the DSL, because DSL is the backup for T1.

Sorry I may misleading you. What I mean is to enable the tracking object at the T1. It was because if the T1 still up, but the remote down, the floating static will not work. However, it is same situatino as DSL that Ethernet will not down even the remote down. So, you may also require tracking at the static for 24.1.1.0/8 too to prevent it never down.

For the NAT, when your traffic out-going from which interface, then it will use that NAT rule. So, be careful for the IP address planning for the NAT pool.

Hope this helps.

netsec123 · ‎11-02-2006

Jack,

I definitely rated your post....If it is OK with you, I have much experience with Cisco but not this.. so after I read the tracking doc, can I email you as I am going to be trying this Tuesday evening? Please.

jackyoung · ‎11-02-2006

Thx. for the rating. I am sorry that I am located at APA timezone, so I may not reply your email on time. Please feel free to email me and Netpro also is a great place to share our knowledge, so it is fine to raise the question here too.

netsec123 · ‎11-02-2006

Hi Jack. A couple of comments. I 'think' you meant I should use 'reliable object tracking for static routes' and not necessarily 'enhanced object tracking.' That's fine... I got the right document anyway. BUT, the bad news is that the feature is not supported on the router - 12.4(1)c. So, to use tracking, I must upgrade. Am I right? Finally, I know it's a little more involved but can't I program route maps such that if the destination is 24.x.x.x use the T1 and have the DG as the DSL; AND, what's more, say if the DG goes down, use the T??? Policy routing, Route Maps, Tracking are all making me confused as to which is best to use.... You've been very helpful so I'd like to continue the dialog if you don't mind.

:)

Richard Burts · ‎11-02-2006

I believe that you are correct that Jack meant reliable object tracking for static routes. I find it hard to believe that it is not supported in 12.4 mainline code. (12.4(1c) is old enough code that I think there may be reasons to want something a bit more recent but I though that reliable static routes with object tracking was supported in all 12.4

The problem with the alternate idea you propose of configuring route maps then determining if the DG has gone down is problematic unless you are doing the object tracking feature.

HTH

Rick

HTH

Rick

jackyoung · ‎11-02-2006

According to the configure guide, I believe use enhanced object tracking will be easier. Checked the Feature Navigator, Enchanced Tracking is supported from 12.4(1c), you can try the command in the rouer. Please check below link :

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

If you use route-map, it means you will use policy-based routing. AFAIK, it should work too, but PBR normally is used to base on the source address & static route is simplier. Could you advise the reason to use PBR ?

Hope this helps.

netsec123 · ‎11-03-2006

Gentlemen, thank you for your input. I include the config again for reference. My plan is to try to put in a static route to Thompson Financial through the T1 and make the DG the cogent line. Once done, I will use a floating static in case the T goes down. If the Cogent line goes down however, I think that is the only place I'll need the object tracking - correct? And, finally, I'm confused about enhanced vs 'regular'...

:)

netsec123 · ‎11-05-2006

...My last comment is that in looking at PBR, wouldn't that be the absolute easiest if I applied a match statement to all incoming traffic?

:)

jackyoung · ‎11-05-2006

Yes, you can simply apply a "permit any" in the route-map then all traffic from this interface will be forwarded to the PBR defined interface / IP.

Hope this helps.

jackyoung · ‎11-05-2006

Sorry for later reply. IMO, the DSL must require the object tracking, it was because you are connecting via LAN and it won't down even remote side down. For primary link, I suggest to include the object tracking too, it was because you also not know if the middle between you and the remote down, unless you use dynamic routing protocol and not the default route, otherwise, if you use default route, it creates the same situation as DSL link.

According to CCO :

The Enhanced Object Tracking feature separates the tracking mechanism from the Hot Standby Router Protocol (HSRP) and creates a separate standalone tracking process that can be used by other Cisco IOS processes as well as HSRP.

i.e. you can use enhanced tracking that similiar as the tracking function in HSRP.

Sorry I can't find the "regular" tracking info. Can you provide ?

Thx. and hope this helps.

netsec123 · ‎11-05-2006

Hi.

Here is the link to the object tracking document...

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html

I plan on using this as I think it'll be easier. It would be even better if I get told that the DSL line for Internet access is not as important as the market data service, in which case I will make the DSL the default gateway and add a static route to the T1 for the market data provider's block. I will then add a floating static for the same block, to the DSL. This way, there will be backup for the T1 only.... We'll see. Thanks Jack.

:)

jackyoung · ‎11-05-2006

What I believe the link describes to use SLA w/ tracking. If the certain SLA cannot be made then it will switch to another circuit. But it is also using the same "track" command of enhanced tracking. So I believe they are the same and the link describes one of the application on it. Try to check the enhanced tracking sample config, it will be simplier.

For your proposed design, it is good to use DSL as default GW and T1 with static. However, if the market data is more important. I could like to recommend not to use floating static to point to T1. It was because if the DSL failure, all the traffic will flow to T1 then it may impact the market data traffic, unless you will implement QoS. Otherwise, it will be another issue. Please reconsider it. If you will use DSL as T1 backup, there is no need to use floating static, because the default route already included all routes, if the T1 down (the next-hop of the static route down, it causes the static route disappear in the routing table), it will flow to DSL automatically. You may still require the object tracking for the market data only, if the qualify down or link lost, the market data will flow to DSL.

Hope this helps.