cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1046
Views
0
Helpful
2
Replies

Traffic Shifting

Hello Experts,

 

I have seen a network design that all internet traffic flows via internet firewall and mpls traffic flows via wan firewall. So what kind of policy they would have written in core switch to split the traffic

 

Regards,

Sathish

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

There are couple of ways to do.

 

1. You need to decide which traffic to go which side ling like to use.

2. you want to achieve active/active or active / standby failover

 

3. If this is active / Standby, you can do IP SLA and track far end GW IP, when not reachable you can failover.

4. If you looking Active / Active  ( is this BGP involved ?) - below steps no part of BGP in mind.

5. Decide what IP range required to use the Internet, make NAT - same for MPLS

6. Another method you can only use certain traffic, then PBR for the next gateway.

 

best is to split the user traffic to a different route, and failover config-if that link fails to another link active.

 

This way you can use optimally.

 

here is good reference start with :

 

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your response. I have an couple of doubts. I had implemented the NAT in the WAN primary and the secondary firewall(both are in different location acting as POP)

I had enabled below NAT in Wan FW.
nat (inside,wan) 25 source dynamic obj-10.70.20.0 obj-200.132.209.44 destination static Obj_128.233.16.30_32 Obj_128.233.16.30_32.

The 10.70.20.0 belongs to VSScore switch and when I do show IP route for 128.233.16.30 it shows as below:

Known via "bgp 65534", distance 20, metric 0
Tag 65535, type external
Redistributing via ospf 1
Advertised by ospf 1 metric 10 metric-type 1 subnets
Last update from 10.60.245.51 4d03h ago
Routing Descriptor Blocks:
* 10.60.245.51, from 10.60.245.51, 4d03h ago
Route metric is 0, traffic share count is 1
AS Hops 7
Route tag 65535
MPLS label: none

Questions:
1. Whether the bgp is running between coreswitch and firewall?
2. I dont seen any static route placed in core switch pointing towards WAN firewall. Then how the destination 128.233.16.30 is shifted towards WAN firewall rather than the Internet firewall?
3. How can I found in which device the bgp AS 65535 is running?
4. What is meant by Transit VLAN?

Regards,
Sathish
Review Cisco Networking for a $25 gift card