cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3511
Views
10
Helpful
2
Replies

two gateways in one layer 3 switch

hi

i have not tested it but i dont any lab env in my network. so the questions is i have my core 6509 in the datacenter which is connected to firewall.

the core has the gateway of last resort ip address as the inside IP address of the firewall. i want to connect an another firewall to my core and a another gateway so that in case on route fails we can use the other. is that possible ?

ex ip route 0.0.0.0 0.0.0.0 172.25.254.1

                 0.0.0.0 0.0.0.0 172.254.253.1

please dont cuss me if its absurd

thank you

2 Replies 2

Vaibhava Varma
Level 4
Level 4

Hi Karthikeyan

Every Question is a valid one.

Yes we can have multiple default-routes on the c6509 pointing to different L3 Next-Hops for redundancy.

There are two possibilities here:

1. Using Both Gateways in Active:Active mode for which above config hold good.

2. Using Active:Standby combination of the Gateways whereby for the standby gateway the default-route's AD value has to be increased so that the Routing Table of c6509 sees the increased AD route as a poor candidate for placing in the RT as long as primary route is up. This is called as Floating-Static Route and will be confgured as below:

ip route 0.0.0.0 0.0.0.0 x.x.x.x 254 ( for the standby gateway)

Hope this helps to answer your query

Regards

Varma

HI,

im sure this should work on your C6509, you can try using IP SLA for configuring 2 default routes.. 

so if one destination is unavailable, the other route is picked up..

eg..

192.168.0.1 is your f/w 1 & 10.0.0.1 is ur f/w 2   behind both the f/ws is ur primary & secondry ISP1 & ISP2

lets say behind f/w 1 is ISP1's network which is 200.10.10.1

so you would want to track that network's availability....

----------------------------------------------------------------------------

track 10 ip sla 1 reachability

ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 10

ip route 0.0.0.0 0.0.0.0 10.0.0.1 100

ip sla 1

icmp-echo 200.10.10.1

threshold 500

timeout 500

threshold 500

frequency 3

ip sla schedule 1 life forever start-time now

--------------------------------------------------------------------------

what this does it it checks the ISP's ip availability (this IP can be the public ip on the f/w or the gateway address ont he ISP's side)

so whenever the ISP1 is unavailable the SLA feature will transfer the default route via ISP2 within 3-5 seconds and your network shifts to the backup ISP2

when the ISP1 comes back your network shifts back to the primary

how you handel the nattting on the f/w or the router is dependant on your network

floating - static routes did not work for me because we never have problem in the last mile connectivity (fiber to the ISP's office) therefor  when the ISP had service problem on their backend, our ntwork never shifted becuse the last mile connectivity to the firewall / edge router was always available...

we have even tried weighted fair que earlier but the IP SLA is the best as it shifts in 3 sec and reverts back when primary is restored..

hope this helps..

Review Cisco Networking for a $25 gift card