Route-map not redirecting HTTP traffic

richard.priest · ‎10-11-2018

Hi,

Wondering if anyone can advise on what I might have misconfigured here.

Our network is quite complex, but simplified I'm trying to redirect certain traffic from a particular host out of a different gateway.

I'm doing this as at the minute our main internet gateway is running extremely slowly, Whilst most of the network services need to run out of this gateway typical internet traffic can be sent out of our alternative internet gateway without issues.

The route-map I've created is below:

route-map InternetSpeedTest, permit, sequence 10
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 10.98.190.54
Nexthop tracking current: 10.98.190.54
10.98.190.54, fib_nh:38555B58,oce:3E85E670,status:1

the relevant access list is:

Extended IP access list 102
10 permit ip host 10.211.15.78 host 104.82.226.132 (15 matches)

the route-map is applied to the relevant SVI (we use a layer3 switch for all our routing)

As can be seen on the access list it's been hit a few times.

If I run a traceroute on the test device 10.211.15.78 to the address 104.82.226.132 then I can see the traffic following the intended path. However when I browse to that host webpage- which is the fast.com speedtest site. and perform a speedtest I can see that it's source address is not the public address of our external gateway.

I've tried opening up the ACL to include a /16 for the destination addresses in case fast.com has a number of addresses spread about but this had the same result.

Is there something I'm missing in the config? Why is ICMP traffic following the correct route, but typical web traffic i.e. 80/443 isn't?

Georg Pauwen · ‎10-11-2018

Hello,

I am in The Netherlands, and fast.com translates to 23.2.230.102. When you do a traceroute from your location, what does Fast.com translate to ?

paul driver · ‎10-11-2018

Hello

Sounds like you could be policy routing on the wrong ip address

From UK.....

> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8

> fast.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name:    fast.com
Addresses: 2a02:26f0:30:388::24fe
          2a02:26f0:30:39d::24fe
          104.82.226.132

> server 8.8.4.4
Default Server: google-public-dns-b.google.com
Address: 8.8.4.4

> fast.com
Server: google-public-dns-b.google.com
Address: 8.8.4.4

Non-authoritative answer:
Name:    fast.com
Addresses: 2a02:26f0:30:388::24fe
          2a02:26f0:30:39d::24fe
          104.82.226.132

> server 194.168.8.100
Default Server: cache2.service.virginmedia.net
Address: 194.168.8.100

> fast.com
Server: cache2.service.virginmedia.net
Address: 194.168.8.100
Address: 92.242.132.24

> server 194.168.4.100
Default Server: cache1.service.virginmedia.net
Address: 194.168.4.100

> fast.com
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Non-authoritative answer:
Address: 92.242.132.24

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

richard.priest · ‎10-11-2018

Aw crap,

Thanks Paul, I made the assumption that when pinging the URL that the address resolved would be the same, but it won't necessarily as both internet providers are different.

Proper schoolboy error that one!

Georg Pauwen · ‎10-11-2018

Hello,

on a side note, according to the Robtex query linked below, Fast.com has six name servers and 27 IP numbers...

https://www.robtex.com/dns-lookup/fast.com

paul driver · ‎10-12-2018

Hey dont beat yourself up - I probably have had done the same, the things i have done it the past are laughable!

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul