08-03-2007 06:00 AM - edited 03-03-2019 06:10 PM
We have just installed a new T1 at a location specifically for video conferencing.
Currently the router at the site has 2 ethernet interfaces. 1 for the data network, and 1 specifically for the video conferencing network.
The router also now has 2 T1's. 1 for the data network, and 1 specifically for the video conferencing network.
As you can see, we are trying to completely seperate our video from our data. This is being done purely for political reasons.
Now onto my question. Obviously, as soon as we turned on the other T1, OSPF saw the equal cost paths and started load balancing the links.
I know there are many ways that I can force data over one link and video over the other but I wanted to see what the general consensus is for this type of traffic engineering.
My initial feeling is to raise the cost of the Video T1 and then put in a route-map to force the video data accross the Video T1. What other options are there out there? Is the one I proposed the best/easiest?
Thanks
Solved! Go to Solution.
08-03-2007 07:16 AM
Fair enough. Suppose the video subnet is 192.168.100.0/24 for SiteA and 192.168.200.0/24 for SiteB
At SiteA
First, you create an ACL
ip access-list extended VIDEO
permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
Second, you create a route-map
route-map VIDEO permit 10
match ip address VIDEO
set ip next-hop 192.168.1.2
On this example, 192.168.1.2 represents the IP for the 'Video T1'.
At the LAN interface of this router, you need this command
interface f0/0
ip policy route-map VIDEO
At SiteB
ip access-list extended VIDEO
permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255
route-map VIDEO permit 10
match ip address VIDEO
set ip next-hop 192.168.1.1
On this example, 192.168.1.1 represents the IP for the 'Video T1'.
interface f0/0
ip policy route-map VIDEO
You will also need to raise the cost on the Video T1 at both routers so this won't be in the routing table. If it remains in the routing table, the data portion will be balanced with OSPF.
HTH,
08-03-2007 06:25 AM
The video conferencing network belongs to another IP subnet ?
Are these point-to-point links and you manage each end ?
Not only you need to engineer how the traffic leaves the network but also how it returns.
PBR (Policy Based Routing) would be the easiest solution here.
08-03-2007 07:08 AM
Video belongs to its own IP subnet.
These points are point to point 1.5mb serial links that we manage on both ends.
We have multiple field sites with dual links (one for video) that connect back to a POP router (7500), so we would be implementing PBR there as well if we went with that solution.
Thanks,
Aaron
08-03-2007 07:16 AM
Fair enough. Suppose the video subnet is 192.168.100.0/24 for SiteA and 192.168.200.0/24 for SiteB
At SiteA
First, you create an ACL
ip access-list extended VIDEO
permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
Second, you create a route-map
route-map VIDEO permit 10
match ip address VIDEO
set ip next-hop 192.168.1.2
On this example, 192.168.1.2 represents the IP for the 'Video T1'.
At the LAN interface of this router, you need this command
interface f0/0
ip policy route-map VIDEO
At SiteB
ip access-list extended VIDEO
permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255
route-map VIDEO permit 10
match ip address VIDEO
set ip next-hop 192.168.1.1
On this example, 192.168.1.1 represents the IP for the 'Video T1'.
interface f0/0
ip policy route-map VIDEO
You will also need to raise the cost on the Video T1 at both routers so this won't be in the routing table. If it remains in the routing table, the data portion will be balanced with OSPF.
HTH,
08-03-2007 08:01 AM
Aaron
Policy Based Routing is a good alternative (and probably what I would do) but there is another alternative which you might consider. You could use VRF Lite and configure a VRF which would include the video conferencing Ethernet and serial and another VRF which includes the data Ethernet and serial. This will keep the traffic entirely separate.
HTH
Rick
08-03-2007 08:54 AM
Thanks for verification on PBR being the best bet.
I implemented it just now and did a test, but did not see the result I thought I would see.
I raised the OSPF cost on that link and I did see that the route was removed from the table like I would expect, so everything went fine there.
I implemented the route-map on the ethernet interface:
interface FastEthernet0/1
description ***** FastEthernet 0/1 VIDEO CONFERENCE *****
ip address 10.122.100.222 255.255.255.224
ip helper-address 172.20.11.237
ip helper-address 172.20.11.238
ip policy route-map Video
ip ospf authentication-key 7 ****
duplex auto
speed auto
interface Serial0/3/0
description OCS VIDEO CONF
bandwidth 1544
ip address 10.121.3.102 255.255.255.248
ip ospf authentication-key 7 ******
ip ospf cost 100
load-interval 30
fair-queue
ip access-list extended Video
permit ip 10.122.100.192 0.0.0.31 any
route-map Video permit 10
match ip address Video
set ip next-hop 10.121.3.97
R#ping
Protocol [ip]:
Target IP address: 172.20.11.254
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.122.100.222
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.11.254, timeout is 2 seconds:
Packet sent with a source address of 10.122.100.222
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R#sh route-map
route-map Video, permit, sequence 10
Match clauses:
ip address (access-lists): Video
Set clauses:
ip next-hop 10.121.3.97
Policy routing matches: 0 packets, 0 bytes
As you can see, I sourced a ping from that particular IP address, but did not see any policy routing matches under that show command? I dont have any devices on that subnet yet to actually test it, so wanted to try a ping, is that not a good test?
Thanks
08-03-2007 09:18 AM
Aaron
There is a very simple explanation for this (and a simple fix). PBR is activated on the FastEthernet interface and will process all traffic that is THROUGH the interface. But you ping was sourced from the interface but did not go through the interface. Your PBR should work fine for the video traffic. If you want your ping to be policy routed then you need to activate local policy routing by using the command: ip local policy route-map map-tag
HTH
Rick
08-03-2007 09:20 AM
Aha!
Thanks for the explanations. I think I am on the right track with everything. Thanks very much to everyone.
08-03-2007 09:26 AM
You need to ping from a device sitting in the LAN, not from the router.
08-03-2007 12:08 PM
In addition to Edison's config, you could actually mention 2 next hops with the set ip next-hop command, the first being the T1 for video and the second as Data.
This way if the video T1 fails, it should fall back to the data T1 (just in case if you need redundancy). Data would always flow over to the other link in case of failures due to OSPF
HTH
Narayan
08-03-2007 12:30 PM
sorry it wont be required.
when the PBR nexgt hop is not reachable, the traffic would anyway use the routing table built by OSPF
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide