02-17-2012 06:23 AM - edited 03-04-2019 03:18 PM
Hello all,
I have a new MPLS circuit being stood up for my site; it’s going to replace a site to site VPN connection to our "Headquarters." I want to test this without affecting my production networks. Without getting into alot of details, the admin at the remote site is not very cooperative and basically doesn't want to help set this up and I don't have access to his switching/routing. He is prepared to do minimal tasks if necessary. Ultimately, I am looking to test the new Vlan, once successful, route the traffic away from the Site to Site VPN connection to the MPLS circuit. Here is what I plan on doing, I need help to determine if it is going to work.
Here is a bit of background about the topology. LAN in my office uses EIGRP for routing. MPLS (10.1.1.253) uses OSPF (area 0) and BGP. Currently, traffic destined to headquarters (10.10.1.1/24) uses the default route on a CAT3750 pointing to the firewall (ASA5520) (10.1.1.254).
Build out for test:
router-ospf 0
network 10.1.199.0 0.0.0.255 area 0
4. On 3750 create a PBR for the new subnet so that it is routed over the MPLS, (imagine test PC is 10.1.199.100), the remaining production subnets will use the static routes and ignore the OSPF routes because of the shorter adminstrative distance
access-list 101 permit ip host 10.1.1.1 host 10.10.1.10
route-map Circuit-Test permit 10
match ip address 101 set ip next-hop 10.1.1.253
interface Vlan100
ip policy route-map Circuit-Test
Questions: Will this all work?
Will the PBR route win over the static route for that one subnet?
Is that all I need in the OSPF configuration? I see some configs that have neightbor statements with costs, authentication types etc...
Thanks in advance for your help!
02-17-2012 12:14 PM
John
I do not understand your topology well enough to say whether the static routes, OSPF, EIGRP will all work as you expect. But the part of your question where you ask about PBR and static routes is clear and has an answer. PBR does take precedence over a static route.
HTH
Rick
02-17-2012 10:25 PM
Hi Rick,
I guess PBR and static routes are part of the order of operations, but how about the VPN tunnels? If the router has a L2L tunnel with a remote branch router, what takes precedence: Static route, PBR or crypto ACL?
02-18-2012 06:45 AM
thanks for thread jacking bigcat...lets not confuse the situation, my L2L terminates on an ASA not a router.
Thanks for the information about the PBR taking precedence over the static routes. I am going to start with adding PBR to test a specific VLan, since this seems like the best way for source based routing. After testing I am going to add static routes on my switch and redistribute to EIGRP to direct traffic over the MPLS. Eventually I will add an instance of EIGRP on my WAN router and redistribute OSPF routes into EIGRP and remove my static routing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide