Aaron,
Do a "debug rip" on each router and see what advertisements its receiving
from the FW's. It sounds like one FW is not advertising any routes. You
should see something like this:
RIP: received v1 update from a.b.c.d on
0.0.0.0 in 1 hops
If both FW's are advertising the routes, the routers should behave as you
say, they should pick the best route based on metric (hop count). If they
have equal cost paths, both routes should appear in the routing table:
R* 0.0.0.0/0 [120/1] via a.b.c.d, 00:00:07,
R 0.0.0.0/0 [120/1] via e.f.g.h, 00:00:08,
Once you have this working, a few things you might also want to consider:
1) Have the Internet router source the default. The best way to do this
would be to receive a default route via BGP from your upstream provider and
then redistribute the default route into RIP. There are other ways you
could do this as well. (it keeps you from having to manually intervene to
shut down a FW or an interface)
2) You may want to consider using RIPv2 and authenticated updates, and you
may want to consider tweaking the RIP timers. RIP can take minutes to
converge, but if you tweak the update, holddown and flush timers you can get
it to converge in a few seconds.
3) You don't say if the outside routers are using the same provider or not
and if you have your own address space. Depending on your setup, you'll
need to think about a scenario where traffic leaves through one FW but
returns through another FW.
HTH,
Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Aaron Bowlsbey
Sent: Wednesday, March 20, 2002 8:09 PM
To: [EMAIL PROTECTED]
Subject: Stupid Rip/Default Route question [7:38999]
Sorry if this is obvious. My network:
Router ---NortelFW--Lan1--router--router--Lan2--NortelFW--Router
RIP is running on the both Firewalls and both internal routers. Both
NortelFW are advertising their default route (out their connected external
router). Users on both Lans are using their closest internal router as their
default gateway.
I had hoped that the internal routers would learn of both default routes and
select the nearest Firewall as their default route. If anything happened to
one of the local loops, I could switch off the connected firewall, which
would end the rip advertisements, and the network would eventually reroute
all external traffic out the working Internet link.
I could've sworn that this was working in my test environment and for at
least a week in production. Now both internal routers are selecting one
default route or the other but not necessarily the best (hop count) route.
Daaaaaa whats wrong with this approach? Firewalls aren't routers....??
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39036&t=38999
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
