Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2560
Views
5
Helpful
9
Replies

Routing Loop between two ISP Link. Is there any issue with PBR?

Go to solution
Dipesh Patel
Level 2
Level 2

‎01-18-2013 05:35 PM - edited ‎03-04-2019 06:45 PM

Dear Experts,

We have two Internet link - One with TCL IP address and One with APNIC IP address.

I need to NAT one Webserver with two Internet iP address - one from TCL and One from APNIC.

DIagram and Configration is attacched.

After this configuration when I have cheked the tracert  I found :

:\>tracert -d 103.15.248.173

Tracing route to 103.15.248.173 over a maximum of

  1   120 ms    82 ms    96 ms  172.29.145.65
  2   101 ms    97 ms    81 ms  172.29.145.67
  3   105 ms    95 ms    85 ms  172.29.145.102
  4   165 ms    94 ms    84 ms  115.113.165.53
  5    90 ms    84 ms   153 ms  115.113.165.242
  6   172 ms    87 ms    99 ms  182.79.252.66
  7   108 ms    92 ms    77 ms  59.144.105.230
  8   112 ms    93 ms   106 ms  121.242.118.1
  9   145 ms    95 ms   101 ms  121.242.118.174
10   137 ms    98 ms    97 ms  121.242.118.1
11   103 ms   118 ms    91 ms  121.242.118.174
12    98 ms   102 ms    86 ms  121.242.118.1
13   176 ms    92 ms   103 ms  121.242.118.174
14    93 ms    94 ms    96 ms  121.242.118.1
^C

If I will add static route for the specific IP address of Internet user on TCL internet router than it's  working.

Can you guide me what is the problem?

Is any problem with NAT or PBR?

Regards

Labels:
Preview file
193 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Abzal
Level 7
Level 7
In response to Dipesh Patel

‎01-19-2013 02:05 AM

Ok, thanks for additional information.

TCL Router:

access-list 101 permit tcp host 103.15.248.173 eq 80 any

route-map RM-AIRTEL-OUT permit 10

match ip address 101

set ip next-hop 121.242.118.174

int g0/0

no ip policy route-map RM-APNIC-OUT-AIRTEL

ip policy route-map RM-AIRTEL-OUT

I suppose there is a default route pointing to toward neighbor ISP on Airtel CEs.

AIRTEL Router:

no ip route 103.15.248.173 255.255.255.255 121.242.118.1

ip route 103.15.248.173 255.255.255.255 121.242.118.2

And is there any other servers behind Firewall? If no then I think you could like that:

ip route 103.15.248.173 255.255.254.0 null0

Let me know the status.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Abzal
Level 7
Level 7

‎01-18-2013 10:20 PM

Hi,

Yes, there is a problem with PBR on TCL CE router. It a route-map that matches with your webserver and forwards packets to Airtel CE router.

route-map RM-APNIC-OUT-AIRTEL

On other hand Airtel CE router a static route to webserver point to TCL CE router. That's why there is a looping issue.

What are you trying to achieve?

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

Go to solution
Dipesh Patel
Level 2
Level 2
In response to Abzal

‎01-19-2013 12:50 AM

Dear Abzal,

Here I want to access the Web Server from the Internet using Two internet IPs i.e. one using TCL Internet IP address and one using APNIC Internet IPs which is advertised from the Airtel link.

Using this, My Migration of Internet IPs from TCL IP address to Apnic IP address will be very smooth. But I am stucked up here.

Please Suggest.

I have NATed webserver with two Internet IP address as mentioned. It's working via TCL link using TCL  NAT IP address but not via Airtel link with APNIC  NAT IP address.

The Aim to add Route-map on TCL router is that I already have default route on TCL router to outside. So can not add another static default route pointing to Airtel Router. Thats why I have added route-map selecting traffic from APNIC (NAT) address than go to airtel and than to outside via Internet. But unfortunately it is looping.

Regards

0 Helpful

Go to solution
Abzal
Level 7
Level 7
In response to Dipesh Patel

‎01-19-2013 01:26 AM

Ok, I see. I'll try to help you.

Ouestions:

1. Which IPs on webserver belong to which to provider, 103.15.248.173 --> Airtel, 121.242.118.173 --> TCL?

2. What is model of the firewall and the switch between routers and webserver?

3. Can you post BGP configurations from both CEs?

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

Go to solution
Dipesh Patel
Level 2
Level 2
In response to Abzal

‎01-19-2013 01:50 AM

Dear Abzal,

Please find my answeres :

1. Which IPs on webserver belong to which to provider, 103.15.248.173 --> Airtel, 121.242.118.173 --> TCL?   ---- Yes

2. What is model of the firewall and the switch between routers and webserver?  ----- Firewall : Cisco ASA 5520  and   Switch : Cisco Catalyst 2960

3. Can you post BGP configurations from both CEs?  -------

1. TCL Router is working with Static routing - only default route is there pointing to outside.

2. Airtel router :

router bgp 2.1315

no synchronization

bgp asnotation dot

bgp log-neighbor-changes

network 103.15.248.0 mask 255.255.254.0

neighbor 59.144.105.229 remote-as 9498

no auto-summary

I think all the required intended configuration is there in diagram.

Regards

Regards

0 Helpful

Go to solution
Abzal
Level 7
Level 7
In response to Dipesh Patel

‎01-19-2013 02:05 AM

Ok, thanks for additional information.

TCL Router:

access-list 101 permit tcp host 103.15.248.173 eq 80 any

route-map RM-AIRTEL-OUT permit 10

match ip address 101

set ip next-hop 121.242.118.174

int g0/0

no ip policy route-map RM-APNIC-OUT-AIRTEL

ip policy route-map RM-AIRTEL-OUT

I suppose there is a default route pointing to toward neighbor ISP on Airtel CEs.

AIRTEL Router:

no ip route 103.15.248.173 255.255.255.255 121.242.118.1

ip route 103.15.248.173 255.255.255.255 121.242.118.2

And is there any other servers behind Firewall? If no then I think you could like that:

ip route 103.15.248.173 255.255.254.0 null0

Let me know the status.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

Go to solution
Dipesh Patel
Level 2
Level 2
In response to Abzal

‎01-19-2013 02:55 AM

Thanks Abzal,

But I have a doubt that if I will change route for 103.15.248.173 to directly firewall i.e. 121.242.118.2 than return traffic will flow via Firewall to TCL router to Airtel. Is it ok? or it should follow the same path.

Brhind the firewall or in DMS there are otehr servers also. But for testing I am doing this configuration for one Test Web server only.

Regards

0 Helpful

Go to solution
Abzal
Level 7
Level 7
In response to Dipesh Patel

‎01-19-2013 03:32 AM

I think it should be ok.

Policy routing happens before routing. So I believe because of PBR on TCL router web traffic that comes from Airtel goes back to Airtel.

Instead of it you could keep your current configuration, but on TCL change the PBR on G0/0 as I showed before. Because on my example PBR happens for return traffic from web server to outside.

Then test it from outside.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Go to solution
Dipesh Patel
Level 2
Level 2
In response to Abzal

‎01-19-2013 04:32 AM

Thanks,

Now it's working just to change the ROute-MAP.

Regards

0 Helpful

Go to solution
Abzal
Level 7
Level 7
In response to Dipesh Patel

‎01-19-2013 04:38 AM

You're welcome! I'm glad that helped you.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents