11-17-2009 04:57 AM - edited 03-04-2019 06:44 AM
WEB Servers
|
Firewall (Customer Z VRF)
10.20.20.1 | | 10.10.10.1
| |
Switch
/ \
/ \
(20.2) A B (10.2)
| \ / |
| / \ |
RR-1---Core-2 Core-1----RR-2
| |
ISP-1 ISP-1
There are two redundant links from Dist-A and Dist B,to firewall,and
redundant links from Dist-A and Dist-B to Core-1 and Core-2, firewall want
to prefer Dist-A rather than Dist-B pointing static route with high AD to
B to remote sites located on other end of ISP.Am receiving routes from
another end (behind ISP) from active Core 1 and core-1 is passing routes to
Dist-A and Dist-B,
Customer Z VRF Firewall want the traffic to be from the interface 10.20.20.1
for webservers,when applying static routes for webservers on Dist-A and
Dist-B the static route on B pointing to 10.20.20.1 will it work or traffic
will be blackholed??? give me alternate solution or any link with example
configuration that link between Dist-A and firewall shld be active and the link between Dist-B shld be standby.
Dist-A
ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1
ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2
Dist-B
ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1
ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2
11-24-2009 05:04 AM
Hello Adam,
your question is not totally clear.
I've understood you would like to have a clear hierachy for customer Z routes coming from web servers and going to customerZ remote sites via core routers.
However, it is not clear where VRF segregation terminates: that is are the core routers VRF aware and have a logical interface for VRF customerZ?
you have presented an example of configuration for the two distribution nodes but it is not clear if the IP subnets involved as IP next-hops of these static routes are in VRF customerZ or not.
This because you wonder about possible blackholes.
In addition a dynamic routing protocol has to be preferred for its capability to detect topology failures.
or if static routes are mandatory you should use reliable static routing with object tracking if supported by your devices.
see
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
Also knowing what devices are involved and what IOS image they are running would help
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide