Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing question

See attached picture...

I'd like to leverage a peer router to direct some VPN traffic. Can anyone tell me if this approach is possible or if there is a better way?

China Office:

int 0/0 IP: 4.4.4.1/32

int 0/1 IP: 5.5.5.1/32 (second ISP)

US Office:

Public IP: 1.1.1.1/32

Peer Router:

Int 0/0 (US SIDE) IP: 2.2.2.1/32

Int 0/1 (CHINA ISP SIDE) IP: 3.3.3.1/32

Wish to add a route at the edge router of the US office (and any potential alternate site router) that sends all traffic destined for the China office via the peer router (which is NOT on a directly connected network).

The statement would be something like:

ip route 4.4.4.0 255.255.255.0 2.2.2.1 permanent

Thus any router with the above statement would send traffic over the general internet to the peer router and then on to the china office over the ISP backbone. All other traffic would follow the commodity internet to the china office.

Thanks so much!

5 REPLIES
Silver

Re: Routing question

Hello,

I don't if I did understand clearly the requirements. I understood that you want to establish a VPN tunnel to China via ISP2 from US side and ISP2 from China side.

If this is the scenario you need the following:

- Set static route on China router for the US LAN segements and US ISP2 public IP address to point to china ISP2 next hop

- Set static route on US router for China LAN segements and China ISP2 public IP address to point to china ISP2 next hop

- Create crypto maps on both routers (China and US) and apply it on the ISP2 interfaces

Hope this helps,

Appreciate your rating,

Regards,

New Member

Re: Routing question

I don't wish to confuse the issue so for the China - > US traffic no changes are necessary routing is controlled by ISP.

For the US -> China you say to add a route statement for the ISP2 next hop. I believe we are attempting that with the statement:

ip route 4.4.4.0 255.255.255.0 2.2.2.1 permanent

however, the peer router is not the next hop - we traverse the public internet via aroute our ISP controls before reaching that router.

VPN config is no concern.

I just want to ensure that all traffic from my office destined for the IP space of ISP2 is directed to the peer router so that ISP2 can guarantee the traffic will go through their backbone instead of the typical internet route it normally takes.

Silver

Re: Routing question

You can't control traffic beyond the next hop. If the ISP2 peer router is not your next hop than the routing decision is control by ISP1 or ISP2. Usually ISP2 will advertise there subnets or address space via BGP which will affect the routing decision for incomming traffic to their AS.

Therefore, ISP2 can control incomming traffic for their subnets via BGP. Also, if ISP1 has a connection tot ISP2 backbone they can control outbound traffic from your subnet to ISP2 subnet. Therefore, ISP1 can route traffic to ISP2 if traffic is going to the China Subnet.

Let me know if you need further clarifcations,

New Member

Re: Routing question

Thanks m-haddad.

That's what I've come to realize (again). I just haven't had to do this in so long. So my options are to create a tunnel (GRE or other) from each US source to the PEER and ISP2 owns everything between that point and the destination.

Obviously that doesn't scale well, and if ISP2 still wants us to sign a contract they will work with us. I have suggested that ISP2 advertise a route more specific than a /18!

Silver

Re: Routing question

Hello,

It is not up to them only to advertise /18 or more specific routes. Some peers my have restrictions. Also, it makes thier routing table more stable when they advertise summaries.

Creating a GRE tunnel could be a solution but I don't know how effective it is going to be because the peer router maybe far enough from US and close enough from China so you don't accomplish much.

Usually ISPs avoide running routing protocols or creating GRE tunnels with them. This makes their network harder to administer and messy.

I wish I could help more,

Regards,

89
Views
0
Helpful
5
Replies