We help IT Professionals succeed at work.

Cisco dual route question

QST
QST asked
on
400 Views
Last Modified: 2011-09-20
I have the folowing sceenario:

1 Cisco Router
2 Different providers, each one providing me a different IP block.

I'm trying to force packets from network A to leave and return via provider A, and packets from network B do leave and return via provider B.

right now, having a default route on the cisco, all packets leave using that default route (provider A), the return is ok, witch makes sense, once the packet reaches destination, will return via the appropiate carrier. The problem is that I got a warning stating that each provider will start blocking the other's packets soon, so I need to send the packets via the appropiate route.

I have tried several configurations, but haven't been able to do so. Help is appreciated.


Fabio
Comment
Watch Question

>I got a warning stating that each provider will start blocking the other's packets soon
well, that's rude

First of all I'd look and see if these addresses fall into the IS's BGP netblocks and talk to your ISP's about the issue.
If you're going to be left to do this yourself, you're might have to figure out their netblocks and create static routes, but that flies in the face of being dual-homed.
Open tickets with both of them and tell them you want to run BGP, this should bump you up in the customer service queue a bit to get potential resolutions from both of them. Being dual homed without your own ASN doesn't mean you can't use BGP to your advantage. Worst case you may have to pay extra for a class C BGP routable block from one of the them and renumber.
 
Yes,  I agree,

however, if you run BGP and advertise both blocks, you will not be able to contral which path the return traffic takes. BGP will make that decision.

QST

Author

Commented:
I'm not located in the US, the IP blocks I have are /27 and, BGP is out of question. Actually, I don't think my provider runs BGP with his upstream provider.

I need to do this myself, can't rely on them...trust me.

Fabio
You need to use policy routing.  Assuming your IPs for provider B are 100.1.1.0/24 and your gateway to get to them is 100.1.0.1 you would do something like:

route-map PBR permit 10
 match ip address 1
 set ip next-hop 100.1.0.1

ip access-list 1 permit 100.1.1.0 0.0.0.255

Then under your interface add the command "ip policy route-map PBR".  Anything not matching the access list would take your default route.

-Pascal
>if you run BGP and advertise both blocks, you will not be able to contral which path the return traffic takes. BGP will make >that decision.

You can pad your BGP routes to insure traffic takes a particular router (unless it's down).

>You need to use policy routing.
right
just need to figure out what the ISP's netblocks are
 
QST

Author

Commented:
Pascal.

what you say makes sense..this is what I have and is not working yet:

interface FastEthernet0/0
 ip address 208.131.163.193 255.255.255.224 secondary
 ip address 68.208.24.161 255.255.255.224
 ip access-group 101 in
 ip access-group 101 out
 duplex auto
 speed auto

interface Serial0/1
 description FRAME-RELAY NEGRIL
 ip address 192.168.11.181 255.255.255.252
 encapsulation frame-relay IETF
 ip policy route-map PBR
 cdp enable
 frame-relay map ip 192.168.11.181 739 broadcast IETF
 frame-relay map ip 192.168.11.182 739 broadcast IETF
 frame-relay interface-dlci 739
 frame-relay lmi-type ansi

access-list 1 permit 208.131.163.0 0.0.0.255
route-map PBR permit 10
 match ip address 1
 set ip next-hop 192.168.11.182

where did I screwed up??

thanks

Fabio

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
A few other nice things you can do with PBR are documented at:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d2.html

CEF-Switched PBR would be the most important to look at.

-Pascal
208.128.0.0 - 208.175.255.255 is C&W's netblock there
68.208.0.0 - 68.223.255.255 is BS's
(if you want map their whole netblock)

QST

Author

Commented:
pascal.


Worked just fine.

Had to remove the Ip policy route from my serial interface, but after that ... workig fine so far. I'll do more tests (THANKS FOR THE LINK !!!!).

To the other expersts that sent comments...thanks a lot.


Fabio
Oh ya, didn't notice you had put it on the wrong interface.  PBR works on the ingress interface.

Ignore chicagoan, he's talking about least cost routing based on the IPs of your ISP, not something you want to do on this device.  Something you may want to look into for your device that picks which network to NAT to though.

-Pascal
QST

Author

Commented:
Hum...

what do you mean "Something you may want to look into for your device that picks which network to NAT to though" ???

Fabio
Just noticed the subnet mask on your access list is larger than it needs to be.  It appears your subnet is only 208.131.163.192/27 so your access list should read:

access-list 1 permit 208.131.163.192 0.0.0.31

-Pascal
It appears you are two subnets, 208.131.163.192/27 and 68.208.24.160/27.  Something has to decide which one of these subnets to use for each request.  If the request is going to 68.208.0.0/20 then it would be most efficient coming from 68.208.24.160/27 and similiar for the other ISP.

-Pascal
which is why i looked up his ISP's netblocks, to route all of each ISP's traffic over their respective drops
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.