Hullabeano
asked on
Failover Default Routes
Hi Experts,
My first post, so go easy on me....
Brief Background info; I have 2 sites:-
1. Production
2. DR/Backup
-We have seperate internet feeds to both sites.
-Failover of services (Market Data, AD, SQL) Clustering (Exchange, Data etc.)
-The network has been spanned 10.100.0.0/16 given MS2003 clustering requires the same network addressing to work correctly (According to the MS specialist here).
-Production site I am running 2 x c3560G and I have implemented HSRP on particular VLANS
for localised redundancy.
-DR site currently 1 c3560g with required VLANS and routes setup(VPN traffic via Firewall only) - routing and VLANs required here for DR purposes - i.e. if the PROD site gets blown up!
-10mb LES link Site2Site - Required VLANS trunked across (dot1q)
-All works as it should
However, I need to weight the default routes out to the internet; thus in the event that we loose Internet connectivity at PROD, the secondary default route will take over and route traffic via the DR Internet link.
I have tried to set up the following, after some reading on EE and Cisco
0.0.0.0 0.0.0.0 10.100.150.50
0.0.0.0 0.0.0.0 10.100.150.30 50
I 'pulled the plug' on the internet feed at PROD, however the 2nd route never took over.
I tested this further by removing the first default route on the Core and pointed to 10.100.150.30
only...i could browse the inetrnet no problem.
Any advice would be much appreciated guys - and I hope this all makes sense!!
Cheers
My first post, so go easy on me....
Brief Background info; I have 2 sites:-
1. Production
2. DR/Backup
-We have seperate internet feeds to both sites.
-Failover of services (Market Data, AD, SQL) Clustering (Exchange, Data etc.)
-The network has been spanned 10.100.0.0/16 given MS2003 clustering requires the same network addressing to work correctly (According to the MS specialist here).
-Production site I am running 2 x c3560G and I have implemented HSRP on particular VLANS
for localised redundancy.
-DR site currently 1 c3560g with required VLANS and routes setup(VPN traffic via Firewall only) - routing and VLANs required here for DR purposes - i.e. if the PROD site gets blown up!
-10mb LES link Site2Site - Required VLANS trunked across (dot1q)
-All works as it should
However, I need to weight the default routes out to the internet; thus in the event that we loose Internet connectivity at PROD, the secondary default route will take over and route traffic via the DR Internet link.
I have tried to set up the following, after some reading on EE and Cisco
0.0.0.0 0.0.0.0 10.100.150.50
0.0.0.0 0.0.0.0 10.100.150.30 50
I 'pulled the plug' on the internet feed at PROD, however the 2nd route never took over.
I tested this further by removing the first default route on the Core and pointed to 10.100.150.30
only...i could browse the inetrnet no problem.
Any advice would be much appreciated guys - and I hope this all makes sense!!
Cheers
ASKER
Hi,
Thanks for answer.
So, to be sure as the Cores are C3560G switches; I would add the following:-
ip route 0.0.0.0 0.0.0.0 gi 0/XX 10.100.150.30 50
Thx
Thanks for answer.
So, to be sure as the Cores are C3560G switches; I would add the following:-
ip route 0.0.0.0 0.0.0.0 gi 0/XX 10.100.150.30 50
Thx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
IP SLA looks to be very useful, but I can't run it on my 3560's
#sh ver
WS-C3560G-24TS 12.2(35)SE5 C3560-IPBASE-M
#sh ver
WS-C3560G-24TS 12.2(35)SE5 C3560-IPBASE-M
is it solved here ??
ASKER
Nope..
Sorry for slow response, as I work for a Stockbroker staff are here between 06:30 and 20:00 daily, so the weekend is my test window!
I tried your suggestion with WAN.Link in a number of different ways; however, I receive the following:- %Must specify a L3 port as the next hop interface
As my site to site connection is a Trunk on a switch port gi 0/20...i need to find another way to fail that route to the Disaster Recovery site Internet Gateway. Perhaps HSRP with Standby timers.
IP SLA would be useful although it isn't supported on the version of IOS we are running, and as we don't have the SmartNET contracts ready yet I cannot upgrade!
Any other suggestions in the meantime would be greatlfully received :-)
Thanks
Sorry for slow response, as I work for a Stockbroker staff are here between 06:30 and 20:00 daily, so the weekend is my test window!
I tried your suggestion with WAN.Link in a number of different ways; however, I receive the following:- %Must specify a L3 port as the next hop interface
As my site to site connection is a Trunk on a switch port gi 0/20...i need to find another way to fail that route to the Disaster Recovery site Internet Gateway. Perhaps HSRP with Standby timers.
IP SLA would be useful although it isn't supported on the version of IOS we are running, and as we don't have the SmartNET contracts ready yet I cannot upgrade!
Any other suggestions in the meantime would be greatlfully received :-)
Thanks
plz send you current config.. remove password,,
ASKER
See config for Core SCM-SW02...
SCM-SW01 the same with Standby Timers and HRSP addresses configured for correct failover
Routing
Gateway of last resort is 10.100.150.50 to network 0.0.0.0
69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 69.191.192.0/18 [1/0] via 10.100.60.12
S 69.184.0.0/16 [1/0] via 10.100.60.12
S 206.156.53.0/24 [1/0] via 10.100.60.12
S 205.216.112.0/24 [1/0] via 10.100.60.12
S 208.22.56.0/24 [1/0] via 10.100.60.12
S 208.134.161.0/24 [1/0] via 10.100.60.12
208.184.40.0/32 is subnetted, 1 subnets
S 208.184.40.10 [1/0] via 10.100.150.50
S 208.22.57.0/24 [1/0] via 10.100.60.12
S 205.183.246.0/24 [1/0] via 10.100.60.12
160.43.0.0/24 is subnetted, 1 subnets
S 160.43.250.0 [1/0] via 10.100.60.12
10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
S 10.34.50.11/32 [1/0] via 10.100.150.50
S 10.22.5.0/24 [1/0] via 10.100.61.5
S 10.22.6.0/24 [1/0] via 10.100.61.6
C 10.100.40.0/24 is directly connected, Vlan40
C 10.100.60.0/24 is directly connected, Vlan60
C 10.100.61.0/29 is directly connected, Vlan61
C 10.100.50.0/24 is directly connected, Vlan50
C 10.100.10.0/24 is directly connected, Vlan10
C 10.100.11.0/24 is directly connected, Vlan11
C 10.100.30.0/24 is directly connected, Vlan30
C 10.100.20.0/24 is directly connected, Vlan20
C 10.100.21.0/24 is directly connected, Vlan21
C 10.100.150.0/24 is directly connected, Vlan500
S* 0.0.0.0/0 [1/0] via 10.100.150.50
S 199.105.176.0/21 [1/0] via 10.100.60.12
S 199.105.184.0/23 [1/0] via 10.100.60.12
SCM-SW02-update.doc
SCM-SW01 the same with Standby Timers and HRSP addresses configured for correct failover
Routing
Gateway of last resort is 10.100.150.50 to network 0.0.0.0
69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 69.191.192.0/18 [1/0] via 10.100.60.12
S 69.184.0.0/16 [1/0] via 10.100.60.12
S 206.156.53.0/24 [1/0] via 10.100.60.12
S 205.216.112.0/24 [1/0] via 10.100.60.12
S 208.22.56.0/24 [1/0] via 10.100.60.12
S 208.134.161.0/24 [1/0] via 10.100.60.12
208.184.40.0/32 is subnetted, 1 subnets
S 208.184.40.10 [1/0] via 10.100.150.50
S 208.22.57.0/24 [1/0] via 10.100.60.12
S 205.183.246.0/24 [1/0] via 10.100.60.12
160.43.0.0/24 is subnetted, 1 subnets
S 160.43.250.0 [1/0] via 10.100.60.12
10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
S 10.34.50.11/32 [1/0] via 10.100.150.50
S 10.22.5.0/24 [1/0] via 10.100.61.5
S 10.22.6.0/24 [1/0] via 10.100.61.6
C 10.100.40.0/24 is directly connected, Vlan40
C 10.100.60.0/24 is directly connected, Vlan60
C 10.100.61.0/29 is directly connected, Vlan61
C 10.100.50.0/24 is directly connected, Vlan50
C 10.100.10.0/24 is directly connected, Vlan10
C 10.100.11.0/24 is directly connected, Vlan11
C 10.100.30.0/24 is directly connected, Vlan30
C 10.100.20.0/24 is directly connected, Vlan20
C 10.100.21.0/24 is directly connected, Vlan21
C 10.100.150.0/24 is directly connected, Vlan500
S* 0.0.0.0/0 [1/0] via 10.100.150.50
S 199.105.176.0/21 [1/0] via 10.100.60.12
S 199.105.184.0/23 [1/0] via 10.100.60.12
SCM-SW02-update.doc
ASKER
unsolved
keep the 1st route as it's but
the 2nd must be like this
ip route 0.0.0.0 0.0.0.0 (WAN.interface) 10.100.150.30 50