Route maps and set ip next-hop
Hey guys...been working on a real world solution using a route map and set ip next-hop. Here is the scenario. I've got a group of servers on a /24 subnet that all have the same default gateway (192.168.10.2) There are a few servers on this subnet that need to use 192.168.10.2 for private traffic but need to hit a firewall (192.168.10.1) to go out to the Internet.
I've written the route map and corresponding ACL to set the next hop only when the selected servers need to access the Internet. My concern is the possibility of a routing loop between the two gateways. Can I use route tagging to prevent this possibility similar to two way route redistribution?
I've written the route map and corresponding ACL to set the next hop only when the selected servers need to access the Internet. My concern is the possibility of a routing loop between the two gateways. Can I use route tagging to prevent this possibility similar to two way route redistribution?
Cisco was my first networking love, but my "other" router is a Mikrotik...
Comments
-
networker050184 Mod Posts: 11,962 ModI don't think a route tag would be of any use in this situation.
What makes you think there will be a loop? As long as the .1 device doesn't send the traffic back to the .2 device you should be ok.
It might just be easier to add routes on the server to point private address space to .1 and everything else to .2.An expert is a man who has made all the mistakes which can be made. -
down77 Member Posts: 1,009If its just for a handful of servers it kind of sounds like you're over complicating the solution. At a previous environment we had a similar situation where all internal traffic had to use Gateway-1 and external traffic had to use Gateway-2. The solution we used was simple: create static routes on the server for all internal routes and set the default route to Gateway-2.
Example:
route add 192.168.1.0 mask 255.255.255.0 192.168.10.2
route add 192.168.2.0 mask 255.255.255.0 192.168.10.2
route add 0.0.0.0 mask 0.0.0.0 192.168.10.1CCIE Sec: Starting Nov 11 -
vinbuck Member Posts: 785 ■■■■□□□□□□I'm still trying to verify that the two aren't pointed at each other and that there aren't any other routes that could cause a loop between the two. Both the router and the firewall carry an extremely large amount of public traffic with hundreds of entry/exit points, so sorting through it is taking a while.
Dual default routes on the servers aren't an option...can't really get into why without breaking NDACisco was my first networking love, but my "other" router is a Mikrotik... -
networker050184 Mod Posts: 11,962 ModMississippiGuardsman wrote: »Dual default routes on the servers aren't an option...can't really get into why without breaking NDA
You don't need dual defaults. Point private traffic at one and a single default to the other.An expert is a man who has made all the mistakes which can be made. -
vinbuck Member Posts: 785 ■■■■□□□□□□networker050184 wrote: »You don't need dual defaults. Point private traffic at one and a single default to the other.
Let me re-phrase can't be a server-side solution.Cisco was my first networking love, but my "other" router is a Mikrotik... -
down77 Member Posts: 1,009networker050184 wrote: »You don't need dual defaults. Point private traffic at one and a single default to the other.
Agreed. Private traffic to dedicated routes (Static or Dynamic mapping) and external traffic to the default route. Remembering one of the basic rules of routing "The longest match to a route prevails," this should work.
I'd still be more fun to attempt multiple default routes... gives you experience in troubleshooting packet loss as data is sent to the wrong default route. I learned this one the hard way many many years ago.CCIE Sec: Starting Nov 11