05-16-2024 01:55 AM - edited 05-16-2024 02:29 AM
I need same help for understanding...
The configuration:
RT1 and RT2 are layer 3 switches
FW is a Layer3 Firewall
RT1 holds networks (Range-1) of the range 10.0.0.0/17 and the connection to internet (default way)
RT2 holds networks (Range-2) of the range 10.128.0.0/17
Each Switch RT1 and RT2 have only 1 physical interface in VLAN B.
This interfaces are directly connected.
The network which is used fo VLAN B is part of the Range-2!
There are 2 Ways between RT1 and RT2:
Way 1 (through the firewall):
0.0.0.0/0 <-> FW1 ... IP-Range 10.0.0.0/17 <-> RT1 <-> VLAN A <-> FW2 <-> VLAN C <-> RT2 <-> IP-Range 10.128.0.0/17
Way 2 (Firewall bypass - should only used temporary):
0.0.0.0/0 ... IP-Range 10.0.0.0/17 <-> RT1 <-> VLAN B(direct cable) <-> RT2 <-> IP-Range 10.128.0.0/17
Target solution:
The goal is to be able to bypass the FW2 by simply install the direct attach cable in VLAN B, without to need any further changes.
FW2:
int vlan A
ip 10.0.1.1 255.255.255.248
int vlan C
ip 10.128.2.1 255.255.255.248
RT1:
int vlan A
ip 10.0.1.2 255.255.255.248
int vlan B
ip 10.128.2.1 255.255.255.248
int VLAN Range-1(example)
ip 10.0.255.1 255.255.255.0
ip route 10.128.0.0 255.255.128.0 10.0.1.1 20 name by_FW_to_RT2
ip route 10.128.0.0 255.255.128.0 10.128.2.2 10 name FW_bypass
RT2:
int vlan C
ip 10.128.2.2 255.255.255.248
int vlan B
ip 10.128.2.2 255.255.255.248
int VLAN Range-2(example)
ip 10.128.255.1 255.255.255.0
ip route 0.0.0.0 255.255.128.0 10.128.1.1 20 name by_FW_to_RT1
ip route 0.0.0.0 255.255.128.0 10.128.2.1 10 name FW_bypass
The problem:
As long, as the bypass is connected, every thing work.
But when I disconnect the bypass in one side, the ethernet interface(s) and the VLAB B go down, but the route of that way is still in the routing table.
Inside the routing table of RT1, the route to 10.128.0.0/17 still exist over 10.128.2.2!
As far as I understand it, the router tells me, that it still have a way to 10.128.2.2, because of his static route 10.128.0.0/17 via 10.128.2.2.
The question:
The question is, is there a way to force the router to remove routes from the forwarding table is case the directly connected network of the next hop is down?
The only idea I have so far is to use tracking of the interface, but is there a simpler way?
05-16-2024 02:06 AM
Sorry can you draw topolgy
Thanks
MHM
05-16-2024 02:24 AM
Here is a quick draw...
05-16-2024 03:03 AM
you use static, and static not like other IGP protocol using Hello message
so the only solution here is using IP SLA tracking in both L3SW to prevent blackhole when far link down
MHM
05-16-2024 03:29 AM
Because of the direct cable, when I disconnect it on one side, the other side goes down, too. Even the VLAN on both sides. So why will the route not be removed?
05-16-2024 03:37 AM
in RT2 the IP SLA track VLAN A, and this track use in static route (vlan C)
this way if the far VLAN A is down the RT detect it and shift traffic toward VLAN B
and same for RT1 the IP LSA track VLAN C and this track use in the static route (vlan A)
this way both RT1/2 detect far end down link and shit traffic to vlan B
05-18-2024 08:09 AM
Still wating your reply ?
MHM
05-18-2024 12:18 PM
05-18-2024 12:33 PM
update me
Thanks
MHM
05-16-2024 03:13 AM
Hello @Marsupilani ,
you can try to add Vlan-B in each of the static routes used for bypass by specifying the interface and the IP next-hop you should be able to achieve the desired behaviour.
Warning: this has to be checked performing tests .
Hope to help
Giuseppe
05-16-2024 08:03 AM
Thanks for the understanding
05-16-2024 08:08 AM
Yoh take about which staitc route' the one via ftd or direct?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide