How about this... Since the exit point is based on destination address,
could you use floating static routes? For example...
ip route 255.255.255.255 50
ip route 255.255.255.255 100
ip route 255.255.25.255 50
ip route 255.255.25.255 100
ip route 0.0.0.0 0.0.0.0 50
ip route 0.0.0.0 0.0.0.0 100
This would provide failover while also accomplishing the stated goal.
The downside is that as the number of priority sites increased you'd
have to add a new static route.
If I misunderstood the original goal and we're are basing the exit
point on internal source IP address then policy routing would definitely
be the way to go.
If you wanted to go completely overboard, you could run BGP on both
links and set the WEIGHT attribute higher on the T-1 for the prefixes
leading to the priority servers. That would also provide dynamic
failover but I wouldn't consider it to be the best solution. Besides,
it's probably difficult to get a provider to run BGP over DSL.
John
>>> "Chuck Larrieu" 4/12/01 10:28:52 AM >>>
Ok - only solution we could come up with pending better customer
information
or a better design idea:
Internet-----edgerouter-------firewall--------inside
Recall that there are two internet connections terminating on the edge
router.
Policy routing on the edge router interface connecting to the
firewall.
inbound to the edge router )
Extended access-lists to identify an categorize the customer
internet-bound
traffic
Policy routing implemented using a route-map which refers to the
access-lists
Howard's point was interesting - issue of redundancy being, perhaps,
misunderstood. The RFI specifically mentioned failover if one or the
other
interfaces was down..
Here's where I am not sure even policy routing will assure failover.
Packet
matches a policy, if forwarded to the designated interface. That path
is
down - packet dropped? I'm pretty sure that's how it works. So no
automatic
failover in the design above.
So - now what?
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
Chuck Larrieu
Sent: Tuesday, April 10, 2001 11:07 PM
To: [EMAIL PROTECTED]
Subject: Design Challoenge - a bit off topic [7:195]
Howard's comment brings to mind a problem my Design Engineer raised
when
responding to a customer RFI.
Howard's comment: . (Pause for usual mystification on why someone
wants
routing protocols to pass through
a firewall, a fairly frequent question).
The customer RFI stated requirement ( wording as best as I can remember
):
Solution will entail two internet connections, a T1 and a DSL. Routing
will
be configured such that priority traffic will use the T1 connection,
and
ordinary internet browsing will use the DSL connction.
Lindy and I were having a real good laugh about the vagueness of the
requirement, when we decided to try to come up with a solution. We came
up
with a number of questions for the customer to elaborate upon, and a
possible solution. Would anyone else care to use this as a test of
design
issues?
If memory serves, the customer defined "priority" traffic as e-mail
and
connectivity to a certain external web site.
So:
1) what are some of the questions the customer still needs to answer?
2) What are some possible solutions to this requirement?
( assume the T1 and the DSL terminate on the same router )
Chuck
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=352&t=195
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
