|
Posted by Trendkill on July 9, 2008, 1:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Hello,
>
> for a particular installation I have set up two internet
> connections - one via leased line with fixed static IP addresses,
> the other one with PPPoE and dynamic IP addresses.
>
> The latter is a typical consumer product, i.e. "dirt cheap",
> high bandwidth downstream and billed flat. The leased line
> is a "business product" and offers less bandwidth, but
> symmetrical and with lower RTTs and better SLAs.
>
> The customer intends to use the cheap line for HTTP downloads
> as long as it is available. This was not that difficult to set
> up via policy routing:
>
> 1. the leased line:
> -------------------
> interface FastEthernet1
> =A0description leased line uplink
> =A0ip address x.y.z.42 255.255.255.252
>
> ip route 0.0.0.0 0.0.0.0 x.y.z.41 250
>
> interface Vlan3
> =A0description static network assigned by provider
> =A0ip address x.y.z.57 255.255.255.248
> =A0ip nat inside
> =A0ip route-cache policy
> =A0ip policy route-map no-http
>
> See below for the NAT and policy config.
>
> 2. The cheap line:
> ------------------
> interface FastEthernet0
> =A0description TDSL-Flat
> =A0no ip address
> =A0pppoe-client dial-pool-number 1
>
> interface Dialer1
> =A0description TDSL-Flat 1
> =A0ip address negotiated
> =A0ip mtu 1448
> =A0ip nat outside
> =A0ip virtual-reassembly
> =A0encapsulation ppp
> =A0dialer pool 1
> =A0dialer idle-timeout 0
> =A0dialer enable-timeout 2
> =A0dialer persistent
> =A0dialer-group 1
> =A0... (deleted PPP auth parameters)
>
> ip route 0.0.0.0 0.0.0.0 Dialer1
> dialer-list 1 protocol ip permit
>
> ip nat inside source list nat interface Dialer1 overload
>
> ip access-list extended nat
> =A0permit ip x.y.z.56 0.0.0.7 any
> =A0deny =A0 ip any any
>
> So we are NATing the official IP addresses assigned by the provider
> for the leased line for all traffic that is sent out the cheap one.
>
> 3. The policy route-map
> -----------------------
> ip access-list extended no-http
> =A0deny =A0 tcp any any eq www
> =A0permit ip any any
>
> route-map no-http permit 10
> =A0match ip address no-http
> =A0set ip next-hop x.y.z.41
>
> This sends anything but traffic destined to port 80 out the
> leased line and leaves traffic to port 80 alone, so it's
> send out the cheap line.
>
> The entire setup works as intended but for one minor point.
> In case the cheap PPPoE line fails, we want to use the
> leased line for HTTP traffic. I intended to do this
> via a floating static route, hence the two default route
> entries you see above.
>
> Unfortunately it seems not to work that way. If I administratively
> shutdown Dialer1, the result is as expected. The route to Dialer1
> is deleted from the routing table and the route to x.y.z.41 is
> used.
>
> But this is not the common mode of failure of that PPPoE line.
> If I simulate a failure on the cheap provider's side by
> administratively shutting down Fa0, the Dialer1 obviously
> times out and shuts down, eventually. Yet, the default
> route to Dialer1 is not deleted. The Dialer1 interface
> stays "up, line protocol is up (spoofing)", so the route
> stays in the routing table.
>
> Any hints on how to solve this greatly appreciated.
>
> Thanks,
> Patrick
> --
> punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
> Tel. 0721 9109 0 * Fax 0721 9109 100
> i...@punkt.de =A0 =A0 =A0http://www.punkt.de
> Gf: J=FCrgen Egeling =A0 =A0 =A0AG Mannheim 108285
PBR w/ tracking options. If your next hop on the PPoE is a public
hop, you may need to block ping to that address out of the other
router, but this should work if your feature set supports it:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example091=
86a0080211f5c.shtml
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map