Re: Multiple WAN links between sites causing return path problem

pcresswell · ‎02-18-2004

Hi,

We are having a problem where traffic is not taking the same path in both directions between sites in different VLANs.

We have 2 sites (London & Conneticut) which both have 2 VLANs (Voice & Data). There are 2 WAN links between these sites, 1 for data and 1 for Voice. This next part is going to be hard to explain but here it goes:

The London Voice Subnet is 172.31.252.0/22 (DG=172.31.252.10).

The London Data Subnet is 172.31.4.0/22 (DG=172.31.4.80).

We are using a 4908 switch as our default gateway for both vlans in London.

The CT Voice Subnet is 172.30.252.0/22(DG=172.30.252.10).

The CT Data Subnet is 172.30.4.0/22 (DG=172.30.4.80).

We are using a 3550 switch as our default gateway for both vlans in CT.

The routers are set up with static routes for the other sites subnets so that voice traffic goes over the voice PVC etc.

An example of the problem is that if a device on the London Voice vlan needs to communicate with a device on the CT data VLAN, it’s local router will send the packet over the Data PVC (This is OK), but when the device on the CT data VLAN replies it’s local gateway sends the traffic over the voice pvc (NOT OK!).

This is fine for pings, but anything connection based isn’t working. I had thought about using Policy Based Routing to route depending on the source/destination addresses but this is not possible on the 4908 switches (plus we didn’t really want to run PBR if we can help it because of the processing overhead).

Please help!!!!!!!!!!!!!

Thanks,

Peter

calvinie2001 · ‎02-18-2004

post your diagram pls

it is realy maxup

pcresswell · ‎02-18-2004

Sorry about the poor quality diagram, the only app on my laptop to do this was MSPaint!! :-)

The CAT4908 includes this static routes:

ip route 172.30.4.0 255.255.252.0 172.31.5.1

ip route 172.30.252.0 255.255.252.0 172.31.252.80

The CAT3550 includes this static routes:

ip route 172.31.4.0 255.255.252.0 172.30.5.1

ip route 172.31.252.0 255.255.252.0 172.30.252.80

So to reiterate, if a device on London voice VLAN communicates with a device on the Norwalk Data VLAN the packets are sent over the Data PVC, but the replies are sent back through the Voice VLAN.

Thanks for helping!!

terry.knight · ‎02-19-2004

I'm pretty sure you could use NAT to prevent the asymmetric routing,using source address translation on the external interfaces of the 3550 and the 4908

and adding a couple of static routes at each end.

for example: Traffic originating from the London voice vlan destined for the

Norwalk Data vlan will get routed over the data PVC (by the static route thats already in place). If you were to Nat the source address

on the outgoing interface the return traffic would follow the correct path. (obviously you would need a static route on the 3550 to get back to the natted address).

If you were to replicate this configuration on all outbound interfaces on the 3550 and 4908, traffic should always be routed properly.

I've attached a diagram which will hopefully make this easier to understand as i'm having a hard time explaining it myself!!

However, I'm sure this will work.

Good Luck

calvinie2001 · ‎02-22-2004

Hi;

NAT will do the job well, but it is not a sulotion for VOICE device (which use like IAD)

try use policy map, it is a good path sellector

pcresswell · ‎02-23-2004

Thanks. Yes we have used NAT and it seems to be working OK. We couldn't use Policy based routing becuase the 4908 switches do not not support it.

Thanks for your help.