routing
Hi,
I would like to add a permanent route (with a different gateway) for a specific range of ip addresses (1 subnet).
Does anyone have advice as to how to go about it?
Example:
default gateway is 10.0.7.254 (255.255.248.0) for all traffic except 10.0.24.x...10.0.31.254 (255.255.248.0) where the gateway would be 10.0.7.253.
Any advice would be appreciated.
Thanks,
Mark
I would like to add a permanent route (with a different gateway) for a specific range of ip addresses (1 subnet).
Does anyone have advice as to how to go about it?
Example:
default gateway is 10.0.7.254 (255.255.248.0) for all traffic except 10.0.24.x...10.0.31.254 (255.255.248.0) where the gateway would be 10.0.7.253.
Any advice would be appreciated.
Thanks,
Mark
Ernie Beek
Do you have a DHCP server on your network? Then you could just distribute it that way.
You'll need elevated privs, but you'd enter:
route -p add 10.0.24.0 mask 255.255.248.0 10.0.7.253 metric 1
route -p add 10.0.24.0 mask 255.255.248.0 10.0.7.253 metric 1
ASKER
How would one implement this with a DHCP server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, in case you don'w have Windows Server xxxx
hmmmm.... there must be a typo because the target addresses are outside the subnet of the gateway.
And, after thinking about it, I think you're saying you want "source-based" routing. That is, you want routing based on where the traffic is coming FROM and not TO.
But, if I ignore that minor detail :-) and overcome it by assuming:
The current subnet is really 10.0.0.0 / 19 or 255.255.224.0 with 10.0.7.254 the gateway address within that subnet.
Now we have a subnet that includes BOTH 10.0.7.254 AND 10.0.31.254 which appears to be what you need (without using a router between subnets).
Add a SOURCE route in the gateway:
IF SOURCE: 10.0.24.0/21 or 255.255.248.0 route to 10.0.7.253
(note that this isn't really a "subnet" but an address range as it's a set of addresses within a larger proper subnet).
Now, packets initiated at 10.0.8.0 to 10.0.31.254 will be directed to 10.0.7.253 from the current gateway. It adds a hop doing it that way but it's flexible in that you can cut it up into whatever chunks you want. That's what gateways are for - to help make routing simple to manage.
Many gateway-type devices won't do this. Juniper Networks will and there must be others.
default gateway is 10.0.7.254 (255.255.248.0) for all traffic except 10.0.24.x...10.0.31.254 (255.255.248.0) where the gateway would be 10.0.7.253.
hmmmm.... there must be a typo because the target addresses are outside the subnet of the gateway.
And, after thinking about it, I think you're saying you want "source-based" routing. That is, you want routing based on where the traffic is coming FROM and not TO.
But, if I ignore that minor detail :-) and overcome it by assuming:
The current subnet is really 10.0.0.0 / 19 or 255.255.224.0 with 10.0.7.254 the gateway address within that subnet.
Now we have a subnet that includes BOTH 10.0.7.254 AND 10.0.31.254 which appears to be what you need (without using a router between subnets).
Add a SOURCE route in the gateway:
IF SOURCE: 10.0.24.0/21 or 255.255.248.0 route to 10.0.7.253
(note that this isn't really a "subnet" but an address range as it's a set of addresses within a larger proper subnet).
Now, packets initiated at 10.0.8.0 to 10.0.31.254 will be directed to 10.0.7.253 from the current gateway. It adds a hop doing it that way but it's flexible in that you can cut it up into whatever chunks you want. That's what gateways are for - to help make routing simple to manage.
Many gateway-type devices won't do this. Juniper Networks will and there must be others.
If policy based routing, PBR, is supported by your router that will do what you want.
You set up a policy to tell the router what to do with packets meeting your conditions and tell it to bypass the route table and use the next hop you configure in the policy.
You set up a policy to tell the router what to do with packets meeting your conditions and tell it to bypass the route table and use the next hop you configure in the policy.
@fmarshal - Um... I beg to differ with you on that one. 10.0.24.0/21 (255.255.248.0) gives you an address range of 10.0.24.1-10.0.31.254. His main network is 10.0.0.0/21, which would give you addresses in the range of 10.0.0.1-10.0.7.254. If the target addresses were within the 0-7 range, they'd be local LAN addresses, and wouldn't need a router at all.
PBR is way overblown for what you need. It's a single route! The best solution is what erniebeek suggested: Deliver the other route via DHCP, which would give each client that static route as part of their DHCP configuration.
There is another way, but it's a little unorthodox, and your router may not like it: You might be able to put the static route on your default router, and leave the clients alone. Your clients would send to the default route, which would then forward those packets out the same interface through which they came in (that's the part the router may not like) and to the 7.253 router, which has the proper route.
PBR is way overblown for what you need. It's a single route! The best solution is what erniebeek suggested: Deliver the other route via DHCP, which would give each client that static route as part of their DHCP configuration.
There is another way, but it's a little unorthodox, and your router may not like it: You might be able to put the static route on your default router, and leave the clients alone. Your clients would send to the default route, which would then forward those packets out the same interface through which they came in (that's the part the router may not like) and to the 7.253 router, which has the proper route.
doughboy:
I found it "interesting" that the gateway addresses in the example were outside the address range of the subnet of interest..... that's all. It seems a rather important point.
Then, in response again to the example:
"All traffic coming from 10.0.24.0/21 must be directed to 10.0.7.253 as the gateway".
Perhaps the notion of "gateway" needs to be better defined ... as in mbudman's context.
- does it mean "the internet gateway"?
- does it mean "the next hop"?
One can well understand how "the next hop" might be dealt with using DHCP but "the next hop" can't be outside the local subnet. So how does that work? I'm simply ignorant on that subject.
If it means "the internet gateway" then there are all kinds of routing things that can be done.
I believe that the stated requirement may be interpreted to *require* source-based routing. But, as above, it's fuzzy isn't it?
I think it's time for mbudman to help us out here with a bit more participation and clarification.....
@fmarshal - Um... I beg to differ with you on that one. 10.0.24.0/21 (255.255.248.0) gives you an address range of 10.0.24.1-10.0.31.254. His main network is 10.0.0.0/21, which would give you addresses in the range of 10.0.0.1-10.0.7.254. If the target addresses were within the 0-7 range, they'd be local LAN addresses, and wouldn't need a router at all.I don't understand where the "differing" would be. I agree with everything you say above. I don't think I suggested anything else.
I found it "interesting" that the gateway addresses in the example were outside the address range of the subnet of interest..... that's all. It seems a rather important point.
Then, in response again to the example:
default gateway is 10.0.7.254 (255.255.248.0) for all traffic except 10.0.24.x...10.0.31.254 (255.255.248.0) where the gateway would be 10.0.7.253.I agree that the wording is a little vague and I can understand how one might come to a different conclusion than I do but this seems to me to be saying:
"All traffic coming from 10.0.24.0/21 must be directed to 10.0.7.253 as the gateway".
Perhaps the notion of "gateway" needs to be better defined ... as in mbudman's context.
- does it mean "the internet gateway"?
- does it mean "the next hop"?
One can well understand how "the next hop" might be dealt with using DHCP but "the next hop" can't be outside the local subnet. So how does that work? I'm simply ignorant on that subject.
If it means "the internet gateway" then there are all kinds of routing things that can be done.
I believe that the stated requirement may be interpreted to *require* source-based routing. But, as above, it's fuzzy isn't it?
I think it's time for mbudman to help us out here with a bit more participation and clarification.....
Sorry for the confusion. I see, now, how you read it. That's not the way I did. My understanding of the question was: I want all non-local, outbound traffic to be sent to 10.0.7.254, EXCEPT for anything destined for 10.0.24.0/21, which should be directed to 10.0.7.253 instead.
If that's not what Mark wanted, then I completely misunderstood. Perhaps he can clarify.
Given that my understanding was as I described, I thought you were suggesting that, in order for him to send traffic to the 24.0/21 network, he would have to have that network being part of his local network, which just didn't make any sense at all. That's where I differed.
Also, given my understanding, I don't think it makes any difference whether "gateway" is being used to mean "Internet router" or any other router. The default gateway (aka the default router) is just where you send things you don't otherwise know where to send. From the LAN perspective, it doesn't matter whether the default route of that router is an ISP or another internal router. All the LAN needs to know is where to send the packets, including Internet-bound packets.
So thanks for clearing that up!
Oh, as for DHCP including the "next hop" information, DHCP can include a whole list of options - it's not just the IP address. It can include the DNS servers to use, routes, time servers, and a whole slew of other options. So for Mark's purposes, the easiest way to do this would be to set the DHCP server to include the route TO 10.0.24.0/21 as pointing to 10.0.7.253, reboot the machines (so they re-request their DHCP information), and that would be that.
If that's not what Mark wanted, then I completely misunderstood. Perhaps he can clarify.
Given that my understanding was as I described, I thought you were suggesting that, in order for him to send traffic to the 24.0/21 network, he would have to have that network being part of his local network, which just didn't make any sense at all. That's where I differed.
Also, given my understanding, I don't think it makes any difference whether "gateway" is being used to mean "Internet router" or any other router. The default gateway (aka the default router) is just where you send things you don't otherwise know where to send. From the LAN perspective, it doesn't matter whether the default route of that router is an ISP or another internal router. All the LAN needs to know is where to send the packets, including Internet-bound packets.
So thanks for clearing that up!
Oh, as for DHCP including the "next hop" information, DHCP can include a whole list of options - it's not just the IP address. It can include the DNS servers to use, routes, time servers, and a whole slew of other options. So for Mark's purposes, the easiest way to do this would be to set the DHCP server to include the route TO 10.0.24.0/21 as pointing to 10.0.7.253, reboot the machines (so they re-request their DHCP information), and that would be that.
d0ughb0y:
Yes, if you're talking about Windows Server DHCP. There are lots of routers/DHCP servers that won't do all those things.......
The reason I took the trouble to differentiate between "internet gateway" and "next hop" is because people might get confused in dealing with this question. As you know, it's entirely possible to use a router as a gateway that re-routes traffic to the actual internet interface router. In that case, yes, the latter would look like the internet gateway to a host but a trace route would reveal the difference.
Yes, if you're talking about Windows Server DHCP. There are lots of routers/DHCP servers that won't do all those things.......
The reason I took the trouble to differentiate between "internet gateway" and "next hop" is because people might get confused in dealing with this question. As you know, it's entirely possible to use a router as a gateway that re-routes traffic to the actual internet interface router. In that case, yes, the latter would look like the internet gateway to a host but a trace route would reveal the difference.
fmarshall:
It's true, a lot of DHCP server devices won't include those advanced features. But they are in the spec. ;)
If Mark isn't using a Windows (or decent *nix) DHCP server, then you're right - it may not work. It'd be helpful if Mark would come back and address some of these questions, given that neither of us actually know what his environment looks like. In any case, if he's not then he could try my other suggestions. :)
It's true, a lot of DHCP server devices won't include those advanced features. But they are in the spec. ;)
If Mark isn't using a Windows (or decent *nix) DHCP server, then you're right - it may not work. It'd be helpful if Mark would come back and address some of these questions, given that neither of us actually know what his environment looks like. In any case, if he's not then he could try my other suggestions. :)
ASKER
Hi,
I would like to thank everyone for their answers. We are running an internal network.
My goal was:
I want all non-local, outbound traffic to be sent to 10.0.7.254, EXCEPT for anything destined for 10.0.24.0/21, which should be directed to 10.0.7.253 instead.
That being said, erniebeek understood my request correctly.
I was using Windows DHCP server and Windows DNS, but the updates were not being recorded in a timely fashion for non-window (Linux) boxes.
We decided to scrap this configuration and made a complete distinct network outside of the production network. Communication between the2 networks is accomplished via PPTP VPN.
I would like ot thank everyone for their comments and participation in responding to my initial query.
Best,
Mark
I would like to thank everyone for their answers. We are running an internal network.
My goal was:
I want all non-local, outbound traffic to be sent to 10.0.7.254, EXCEPT for anything destined for 10.0.24.0/21, which should be directed to 10.0.7.253 instead.
That being said, erniebeek understood my request correctly.
I was using Windows DHCP server and Windows DNS, but the updates were not being recorded in a timely fashion for non-window (Linux) boxes.
We decided to scrap this configuration and made a complete distinct network outside of the production network. Communication between the2 networks is accomplished via PPTP VPN.
I would like ot thank everyone for their comments and participation in responding to my initial query.
Best,
Mark
ASKER
Thank you for your time and advice.
Cheers,
Mark
Cheers,
Mark