Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

Mutiply Default routes

I am looking for a way to set up redundency between two routers

In the digram below, the part in the blue box is out side of my control. These are the two routers that give me access to the out side world, and I can't swap routing information with them.

the two 3650 switchs (Actuly 4506's) run HRSP between them to give me redundency of my defaultgate way IP and act as the main routers for internal routing.

now I currently have routes set up on both the 4506's of

0.0.0.0 0.0.0.0 10.0.0.1 10
0.0.0.0 0.0.0.0 10.0.0.5 20

this seems to wark and means that if the primary router is turned of or the link to it goes down, then the back up router kicks in to life.

however if the primary router loses connection higher up (on its wan side) my 4506's will continue sending packets to that router. Is there any way for me to monitor the "health" of the routers, so the defualt route will automaticaly fail over if nessery.

I hope that explains what I need but if not I can give you more info.

Due to working in side the GSI network I have some restrictions in what I can and can't do. Idealy I dont want to have to make any configeration changes on the WAN routers (doing this could take months of discussions and be high in cost)
Digram.png
0
Aaron Street
Asked:
Aaron Street
  • 4
  • 2
  • 2
2 Solutions
 
hau_itCommented:
Hi there if i understand the diagram and what you are saying try the following:

Because you have HSRP enabled you do not need both static default routes.
On switch 0 type ip route 0.0.0.0 0.0.0.0 10.0.0.1
and on switch1  type ip route 0.0.0.0 0.0.0.0 10.0.0.5

in the config that you type above the second switch (switch1) will use the 10.0.0.5 only if the connection between the switches goes down. Otherwise all the packets will take the path through switch1- switch0 router 10.0.0.1

Also in HSRP configure, if youhave not done already, the track interface option
0
 
hau_itCommented:
Always remember that in HSRP failover happens automatically!!
0
 
ionut_mirCommented:
I tried to simulate a scenario close to your network (see the attached picture):

The relevant configuration of R1:

ip sla monitor 1
 type echo protocol ipIcmpEcho 10.3.3.3 source-ipaddr 10.1.1.2
 frequency 5
ip sla monitor schedule 1 start-time now

!
track 2 rtr 1 reachability
!
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1 track 2



Give it a try!
router.JPG
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Aaron StreetInfrastructure ManagerAuthor Commented:
If you look at the digram below it might make more sence.

I have about 100 swichs hanging of the 4506 switchs with redundent links. The HSRP is set up to make sure that if either of the core 4506 switchs fail, then clients have access to the default gate way.

each 4506 is turn has two links, one to each of the routers.

this part all works fine. my only issue is if one of the routers that I dont have control of loses connection further up stream and my 4506 continue trying to send packets to it.

I think ionut has the right idea. I need to test this out to insure its what I am looking at.

I assume the line "type echo protocol ipIcmpEcho 10.3.3.3 source-ipaddr 10.1.1.2"

dosent have to be the interface of the router (10.3.3.3) but could if I wanted be say Googles ipaddress to check the link the whole way through. (ok I wont use google but I assume any IP address that is pingabable should work?)


Digram.png
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
OK where do you find IP SLA ? what routers is that running on ?

0
 
ionut_mirCommented:
I have tested it with two routers (3640), because I can't simulate 4506 :D
I have checked on one of my client's 4506, but there is no command "ip sla..." :(
I will keep looking and try to find an alternative.
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
OK thank you,

Same here not much seems to simulate layer 3 switchs.

Of course the alternitive is to look in to taking over owneship of the routers. However this could be a lenthy process,

other than that I could purchase two new routers, however then there only function woudl be to monitor the links.
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
Ok just to make it clear what I am looking for.

In the digram below the right hand PC (192.168.2.0/24) and router are under my control. The three left hand routers and pc are outside of my control. the two IBM switchs are set to forward all traffic to the to the 192.168.2.0 network to my 4506.

And in turn my 4506 has two statice defualt routes back. one to the primary IBM router with a metrix of 10 and one to the secondy with a metrix of 20.

So under normaly conditions all traffic is sent to the primary router..

now if link 1 or 2 goes down, all is well and my 4506 will switch to the alternate IBM router. However if link 3 goes down. my 4506 will continue to send data to the primary router.... and my network will be down.

What I am looking for is a way to detect if link 3 fails. and have my 4506 swap over to use the back up router for forwarding traffic to.

No routing information can be swapped between the IBM routers and the 4506, and I don't want to have to make any config changes on the IBM routers.


update-again.jpg
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now