02-11-2003 05:51 PM - edited 03-02-2019 05:00 AM
I have a remote site with 2 routers and 2 circuits back to my data center. There are only workstations at the remote site; each workstation has multiple applications and has a single default gateway to only 1 WAN router.
I want application a, b, c from each workstation to use the first circuit to my data center and application x, y, z to use the second circuit to my data center. I want to use policy based routing to accomplish this. So, when one of the WAN routers receives IP traffic from a workstation, it will either forward it directly over the WAN circuit up to the data center, or forward it back over the LAN to the second WAN router which will then forward it to the data center over the second WAN circuit.
However, if 1 of my WAN circuits fail, is there any way that the application will failover to the remaining WAN circuit given that I am using policy based routing? If yes, what would the config look like?
02-12-2003 06:14 AM
You need to know the ports that the apps use, then you can try:
router1
int e0
description remote site LAN
ip add 1.1.1.1 255.255.255.0
ip policy route-map test
!
int s0
description WAN1 link
ip add 3.3.3.1 255.255.255.252
!
route-map test permit 10
match ip add 111
set ip next-hop 1.1.1.2 3.3.3.2 (if 1.1.1.2 drops, then failover to 3.3.3.2)
route-map test permit 20
match ip add 112
set ip next-hop 3.3.3.2 1.1.1.2 (if 3.3.3.2 drops, then failover to 1.1.1.2)
!
access-list 111 permit tcp/udp any any eq xxxx (application ports you want over WAN2)
access-list 112 permit tcp/udp any any eq yyyy (application ports you want over WAN1)
router2
int e0
description remote site LAN
ip add 1.1.1.2 255.255.255.0
ip policy route-map test
!
int s0
description WAN2 link
ip add 4.4.4.1 255.255.255.252
!
route-map test permit 10
match ip add 111
set ip next-hop 1.1.1.1 4.4.4.2
route-map test permit 20
match ip add 112
set ip next-hop 4.4.4.2 1.1.1.1
!
access-list 111 permit tcp/udp any any eq yyyy (application ports you want over WAN1)
access-list 112 permit tcp/udp any any eq xxxx (application ports you want over WAN2)
You can also look into the 'set ip next-hop verify-availability' command to see if it helps you.
Hope it helps.
Steve
02-14-2003 01:42 AM
Hi
i am having the problem as well.
If the WAN 1 is failed, LAN ip of 1.1.1.2 is still remain reachable,
will "set ip next-hop 1.1.1.2 3.3.3.2 " statement still forward the traffic to 1.1.1.2 & cause the traffic in the loop ?
thks
02-14-2003 01:49 AM
Not sure if it's possible, but is there a chance you can set the next hop to be the Wan Interface of the other router, and learn that address via a routing update across the lan . If the link goes down, that address will be flushed from the routing table?
02-14-2003 02:26 AM
I'm not sure if i understand you correct, but i guess you could solve it if you would implement in combination of policy routing and HSRP. With HSRP you could track the WAN-Link and if thisone fails the HSRP Address will move over to the second router.
So if all ist o.k the router 1 will policy route the packet according you policy routing. If the WAN link fails the HSRP address moves over to router 2 and
router 2 will handle all the packets.
Regards
Roger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide