?
Solved

ip default next-hop (source based routing)

Posted on 2014-04-07
6
Medium Priority
?
736 Views
Last Modified: 2014-04-08
So on a cisco router i can configure

set ip next-hop verify-availability 10.1.1.1 1 track 10

but I cant configure

ip default next-hop, with a tracking object attached.

Any ideas how I can get the same effect.

I want to say

if source is subnet A then use default route of X
if source is subnet B then use default route of Y

now that can fail over find if the router x or Y goes down, but not if the route upstream of these has issues.
0
Comment
Question by:Aaron Street
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 17

Expert Comment

by:pergr
ID: 39985338
This is what you want to do:
http://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/48003-pbrtracking.html

Now, your questions are mixing "source based routing", and "default route". Note that "default route" is always for the "destination ip address", and not the "source ip address".
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39985436
Trouble is this will over ride the routing table.

So say Router X has 4 connections,

one from Subnet A
one from subnet B

One to subnet X (default route)
One to subnet Y (default route)

If a packet comes in from subnet A destined for subnet B then I want it to go out the interface to B

but setting a next hop in a policy map would over ride this as with 4 connections it would have to be applied to the incoming interface of A.

This is why I wanted to use "default next-hop", in the route map as it apply only if there is no more specific route in the routing table.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39985558
Do a

route-map alpha permit 5


With rules for routing between A and B, which will kick in before the policy based routing.
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 16

Author Comment

by:Aaron Street
ID: 39985578
yes but this means a route map to deal with tons of internal routes that would need to be applied to each internal interface to deal with all the internal routes.

At the moment OSPF deals with all the dynamic routing, I don't want to have to manually set this all up as route maps.
0
 
LVL 17

Accepted Solution

by:
pergr earned 2000 total points
ID: 39985594
You usually do not need to enter each route specifically.

For example, you can have a rule matching destination 10./8 (10.0.0.0 255.0.0.0) as the "permit 5". Most likely two rules (10./8 and 192.168./16) are enough.

Another option, of course, is to do the routing between A and B on some L3 switch inside the router.
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39985654
you are right, but when the primary router I am talking about is the core switch and a few hundred routes and vlans terminating on it.....

Oh actually of course,

Just 3 rules  that says

Rule 1 For any internal destination then rule 1 simple permit.
Rule 2 For any source A use next hop X
Rule 3 For any source B use next hop Y

And then apply it to the incoming interfaces.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question