scholfieldauto
asked on
NAT Translation
Ok, here's one for you... Our network is running on Cisco 1600, 2600 and 2800 routers. We have four campuses of several buildings, connectivity between buildings is provided via fiber optic switch between buildings at each campus. We have a location on the west side of town (192.168.49.x) connected via T1 thru a Cisco 1600 to our main 2800 at our data center. This is a very simple connection, and works flawlessly. Our other two remote networks are connected via wireless (Proxim Tsunami and Cisco bridges). As such, our main network (let's call it 192.168.99.x) has it's network segment carried into each building via the bridges. At the data room in each location, we have a cisco router which handles routing between the two networks (192.168.43.x and 192.168.46.x) and the main .99.x network. All of the three routers have an interface on the 192.168.99.x network, and either just route data, or handle some nat activity to pass traffic between networks. Here's where the problem comes in.
Our hardware / software vendor is telling us that we can't use IP Redirects anymore, since it is filling up the routing tables on their unix box. When we turn off IP Redirection, communications grinds to a halt between the two routers with interfaces on the 192.168.99.x network. The stores on the T1 connected network (192.168.49.x) continue to communicate with the Unix box just fine. If I'm understanding this right, IP redirection is required for two routers to talk on the same network to pass traffic from one to the other?
If there is a solution to pass routing between the routers with IP Redirection turned off on the 192.168.43.x, 192.168.46.x, and 192.168.99.x interfaces, that would make my day. I can offer whatever clarification is possible, if I'm not clear enough. I'm sure this is a simple answer that I just can't find, but it's a very urgent issue at the moment, so we're going 500 points. Thanks!!!
Our hardware / software vendor is telling us that we can't use IP Redirects anymore, since it is filling up the routing tables on their unix box. When we turn off IP Redirection, communications grinds to a halt between the two routers with interfaces on the 192.168.99.x network. The stores on the T1 connected network (192.168.49.x) continue to communicate with the Unix box just fine. If I'm understanding this right, IP redirection is required for two routers to talk on the same network to pass traffic from one to the other?
If there is a solution to pass routing between the routers with IP Redirection turned off on the 192.168.43.x, 192.168.46.x, and 192.168.99.x interfaces, that would make my day. I can offer whatever clarification is possible, if I'm not clear enough. I'm sure this is a simple answer that I just can't find, but it's a very urgent issue at the moment, so we're going 500 points. Thanks!!!
hi-
what is connecting the three routers? Is there a switch in between, or is each router connected to the others?
This may sound somewhat elementary of me, but can you just add routes on each router to point to the other networks/routers?
If you could somehow provide a network diagram or something that better describes the networks and the IP addresses of each interface on the routers/bridges/L3 Switches it would make it a lot easier to understand.
Thanks!
ASKER
Location A houses the main DMS router (192.168.99.x) and connects to a switch. The wireless bridge connects to the same switch.
Location B is an endpoint for the wireless bridge. (192.168.43.x) and has the wireless bridge connected to the same switch as the Location B router.
Location C is also an endpoint for the wireless bridge. (192.168.46.x) and has the wireless bridge connected to the same switch as the Location C router.
The entire bridged network is on 192.168.99.x (All networks are full Class C)
Location D is connected via a T1, the T1 is connected directly to the Location A router and Location D router. As such, no IP redirection is necessary. This is the 192.168.49.x network.
If there's a way to attach any sort of a picture / diagram on here, I can put something together to graphically describe our network topology.
And, yes, we are doing that right now (adding static routes to all routers.) Everything is working GREAT. However, our system vendor is saying this solution is unacceptable, since the IP Redirection is causing the Unix box to learn enough routes that it is filling up it's routing tables, and they are at almost 100%. We have almost 300 end users on this part of our network. The unix box is pretty old (Dec Alpha, 600Mhz, 4CPU box), so I have to assume this is a limitation in the quite old version of unix they are using.
Location B is an endpoint for the wireless bridge. (192.168.43.x) and has the wireless bridge connected to the same switch as the Location B router.
Location C is also an endpoint for the wireless bridge. (192.168.46.x) and has the wireless bridge connected to the same switch as the Location C router.
The entire bridged network is on 192.168.99.x (All networks are full Class C)
Location D is connected via a T1, the T1 is connected directly to the Location A router and Location D router. As such, no IP redirection is necessary. This is the 192.168.49.x network.
If there's a way to attach any sort of a picture / diagram on here, I can put something together to graphically describe our network topology.
And, yes, we are doing that right now (adding static routes to all routers.) Everything is working GREAT. However, our system vendor is saying this solution is unacceptable, since the IP Redirection is causing the Unix box to learn enough routes that it is filling up it's routing tables, and they are at almost 100%. We have almost 300 end users on this part of our network. The unix box is pretty old (Dec Alpha, 600Mhz, 4CPU box), so I have to assume this is a limitation in the quite old version of unix they are using.
a diagram would be great, but not sure if that is possible up here (would be nice EE Admins!)
Where is the UNIX box plugged in - Is it only plugged into one subnet, or is it multi-homed? What is it's default gateway?
Question - why is the UNIX box doing any routing at all? In other words, why does it not just forward ALL TRAFFIC (except if it is on the local subnet) to it's default gateway (router)? Can the UNIX box be set to only do static routing (ie all routes must be manually entered)?
Seems like the UNIX box is the problem, not your network....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The unix box is homed on the 192.168.99.x network, single homed. Gateway is Router A (192.168.99.150). The fine folks at ADP say they don't want their Unix box doing any routing. That's what's got them up in arms, that their box is learning all of the IP routes to the other clients. They want their routing tables empty, as I am told this box is really limited on space in it's routing table. We've got 300 or so clients on this box, so it's quite full on table space according to them.
As far as redesigning the routers goes, they all are on the backbone network, BUT there is a device on the far end at the C location that requires to be on the same network as the Unix box. It's an old serial multiplexer required for GM Host communication. It won't talk thru a gateway, and it must be at the remote site.
I guess my question is more of "Is there a way to get a packet into and out of an interface on the same network, without causing it to be a redirect?" because from what I understand, that's exactly what IP Redirect does, takes the packet, and redirects it to another address on the same network segment for routing. Otherwise, a router won't send a packet back out the same interface it comes in on, with IP redirection turned off.
As far as redesigning the routers goes, they all are on the backbone network, BUT there is a device on the far end at the C location that requires to be on the same network as the Unix box. It's an old serial multiplexer required for GM Host communication. It won't talk thru a gateway, and it must be at the remote site.
I guess my question is more of "Is there a way to get a packet into and out of an interface on the same network, without causing it to be a redirect?" because from what I understand, that's exactly what IP Redirect does, takes the packet, and redirects it to another address on the same network segment for routing. Otherwise, a router won't send a packet back out the same interface it comes in on, with IP redirection turned off.
ASKER
Also... This problem would be solved if I could instead remove that multiplexer from the network... I've got another question running... https://www.experts-exchange.com/questions/21878596/Serial-to-Ethernet-converter-that-handles-CTS-DTR.html
The problem is that I have to get serial data from the Unix box to a store that's several miles away, then into a serial port on a Hughes Pulsat unit. This whole problem exists because of that one device. If any of you are at all familiar with serial over ethernet, check out the above question. It's good for 500pts, too.
The problem is that I have to get serial data from the Unix box to a store that's several miles away, then into a serial port on a Hughes Pulsat unit. This whole problem exists because of that one device. If any of you are at all familiar with serial over ethernet, check out the above question. It's good for 500pts, too.
ASKER
Oh yeah, to the person who sent this reply...
Seems like the UNIX box is the problem, not your network....
If only I could get ADP to believe you...
Seems like the UNIX box is the problem, not your network....
If only I could get ADP to believe you...
If they don't want their Unix box doing any routing, why is it filling up its route table then? How does the box know about any network beyond the router (its def. gateway) - shouldn't the router be handling all the routing?
As for the IP redirection - is this how it is working:
- Unix box sends packet out bound for Host1
- Router receives packet on interface A
- Router processes packet and sends out interface A bound for Host1 on the same network where the Unix box is located
Is it possible to add one static route to the Unix box to specify how to get to Host1 ?
ASKER
OK, here's the deal... Let's say we're initiating Telnet from a remote client...
Client on Network B sends packet out to it's network router's Interface B. Packet routes back out thru Router B's Interface A on the backbone network. Packet goes from Router B Interface A to Router A's interface A. Interface A sends it back out to the Unix host.
A Unix originated packet (let's say the Telnet login prompt) would start at the Unix box, to the A router's A Interface, which is the Unix box's default gateway. It would redirect the packet (back out Interface A) to Router B's A Interface. The router would route it back out the B interface, and send it on it's merry way to the remote client. Now, of course, I haven't mentioned that a bridge and two switches lie in between, since they are seamless to the operation.
Step by step:
- Unix box sends packet out for Host1 (192.168.99.129)
- Router A recieves packet on Interface A (192.168.99.150)
- Router A redirects packet back out Interface A destined for Router B (Both on 192.168.99.x network)
- Router B recieves packet on Interface A (192.168.99.157)
- Router B sends packet back out on Interface B (192.168.43.1)
- Host recieves packet on it's ethernet interface. (192.168.43.100 for example)
Now, in the case of your example above, where the remote client and the unix box are involved, there is no routing whatsoever, as the packet leaves Unix, hits our switch, and then just gets passed on to the client. No routing or redirection involved.
Add a static route? I've already suggested that, and their response is they don't want their box routing.
As far as why it's doing that (learning routes), I have no idea. It sounds like a problem on their end to me. They say it's learning the routes from ther router's broadcasts. Now, to me, it would seem the most logical action would be to entirely turn off routing on the Unix Alpha box and just let the main (Network A) router just do what it's supposed to. I'm going to copy this thread and paste it into an e-mail to them, just if nothing else to get a response.
Client on Network B sends packet out to it's network router's Interface B. Packet routes back out thru Router B's Interface A on the backbone network. Packet goes from Router B Interface A to Router A's interface A. Interface A sends it back out to the Unix host.
A Unix originated packet (let's say the Telnet login prompt) would start at the Unix box, to the A router's A Interface, which is the Unix box's default gateway. It would redirect the packet (back out Interface A) to Router B's A Interface. The router would route it back out the B interface, and send it on it's merry way to the remote client. Now, of course, I haven't mentioned that a bridge and two switches lie in between, since they are seamless to the operation.
Step by step:
- Unix box sends packet out for Host1 (192.168.99.129)
- Router A recieves packet on Interface A (192.168.99.150)
- Router A redirects packet back out Interface A destined for Router B (Both on 192.168.99.x network)
- Router B recieves packet on Interface A (192.168.99.157)
- Router B sends packet back out on Interface B (192.168.43.1)
- Host recieves packet on it's ethernet interface. (192.168.43.100 for example)
Now, in the case of your example above, where the remote client and the unix box are involved, there is no routing whatsoever, as the packet leaves Unix, hits our switch, and then just gets passed on to the client. No routing or redirection involved.
Add a static route? I've already suggested that, and their response is they don't want their box routing.
As far as why it's doing that (learning routes), I have no idea. It sounds like a problem on their end to me. They say it's learning the routes from ther router's broadcasts. Now, to me, it would seem the most logical action would be to entirely turn off routing on the Unix Alpha box and just let the main (Network A) router just do what it's supposed to. I'm going to copy this thread and paste it into an e-mail to them, just if nothing else to get a response.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
BTW, to the person who suggested RIP V2, I'd love to be able to, but they're not supporting that either. I'm just going to forward all this along, and split the points between the two best answers, if nobody comes up with a better answer in the next 24 - 48 hours. Thanks everybody for your time. :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER