GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Two default gateway (IP Route ..) posted 11/16/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Yes guys, it's working for outbound traffic

ip sla monitor 1
 type echo protocol ipIcmpEcho 62.3.0.32
 timeout 1000
 frequency 3
 threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 192.168.43.2 track 123
ip route 0.0.0.0 0.0.0.0 192.168.43.10 50

62.3.0.32 is the default gateway of ISP-1 (VSAT), so if VSAT link is down my
DSL link will become the ideal route to carry the entire outbound request.
I just have tested it in my home, its working fine as I wanted.
For the In bound traffic, primary DNS and secondary DNS formula may fail
because if the client request is coming from Secondary DNS NOT because
primary is down but because of the load on primary DNS then my internal
server will try to reply the request through VSAT connection because VSAT
connection is still up, but actually server was getting request from the DSL
connection, that might be a problem or not??

Thanx everyone for very useful reply, specially Tarun for the weblink. 

-----Original Message-----
From: David Prall [mailto:dcp@xxxxxxxxxxx] 
Sent: Wednesday, November 14, 2007 8:48 PM
To: 'Muhammad Saleem'; smorris@xxxxxxxxxxxx
Cc: ccielab@xxxxxxxxxxxxxx; 'Mohamed, Liban [NTK]'
Subject: RE: Two default gateway (IP Route ..)

How are you going to only advertise one DNS server. If you go to your NIC,
you have to have all of your DNS servers registered. You will get requests
to both DNS servers. Using something that can dynamically respond based on
the status of links and external reachability. You might be able to do
something like this using Distributed Director within Enterprise IOS. But
something like a Global Site Selector to determine what to return.

I prefer one link over the other by placing a number of DNS servers on that
side, and only one on the secondary/backup link. The secondary/backup still
gets requests, but a lot fewer then the primary.

David

--
http://dcp.dcptech.com
  

> -----Original Message-----
> From: Muhammad Saleem [mailto:msaleems@xxxxxxxxx] 
> Sent: Wednesday, November 14, 2007 12:01 PM
> To: smorris@xxxxxxxxxxxx
> Cc: ccielab@xxxxxxxxxxxxxx; dcp@xxxxxxxxxxx; 'Mohamed, Liban [NTK]'
> Subject: RE: Two default gateway (IP Route ..)
> 
> 
> My understanding is as following.
> Inbound request is coming to Primary DNS, P.DNS will respond 
> the IP add
> given by First ISP-1, if VSAT link is down the inbound 
> request will come to
> the Secondary DNS, S.DNS will respond the IP add given by 
> second ISP-2.
> Inbound request is coming from one of the ISP and terminating 
> at the server
> but in the return path when internal server is going to respond to the
> request (Web request or SMTP request) it will be going to the 
> L3 switch SVI
> and switch firstly try to respond from lower distance route 
> like (IP add of
> Internal NIC of Pix >> VSAT modem then ISP-1) if the route 
> does not respond
> like VSAT is down then switch will try to respond the request 
> from higher
> distance route like (IP add of Internal NIC of ISA >> DSL 
> modem then ISP-2).
> I want to use DSL only for this purpose.
> Please correct me if I am wrong.
> Saleem
> 
> -----Original Message-----
> From: Scott Morris [mailto:smorris@xxxxxxxxxxxx] 
> Sent: Wednesday, November 14, 2007 5:34 PM
> To: 'Muhammad Saleem'; 'Mohamed, Liban [NTK]'
> Cc: ccielab@xxxxxxxxxxxxxx; dcp@xxxxxxxxxxx
> Subject: RE: Two default gateway (IP Route ..)
> 
> If you are going through a PIX/ASA, the state table will have 
> entries for
> which NAT pool was used to translate (perhaps indicating 
> which incoming path
> was used) so at least proper translation on outbound packets 
> is completed.
> However, once it comes to routing if they are of the same 
> interface then
> it's simply in order of preference as far as I have seen.
> 
> If you have your two outside routes on separate inbound 
> interfaces, then the
> state table will actually "take care of" your outbound route choice by
> delivering the outbound packets back to the correct outside 
> interface and
> then it will look up it's 0/0 route appropriately.
> 
> In your case though, you are going to two completely separate 
> devices on the
> inbound.  So you're losing any sense of state when NAT'ing 
> internally.  Your
> packets get to servers/hosts/whatever, and they make their 
> own individual
> choices for sending packets out.  Once the packets get to 
> their outbound
> gateway, it'll go through whatever NAT/routing is configured 
> on that box
> with disregard to the other.
> 
> If you're doing this just on a single router we may be able 
> to play with
> other things like DSCP values and such, but you'd still have to have
> server/hosts able to mark in the same fashion otherwise you'd 
> mark inbound
> but have nothing for outbound distinction.
> 
> HTH,
> 
> 
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) 
> #4713, JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
> 
> A Cisco Learning Partner - We Accept Learning Credits!
> 
> smorris@xxxxxxxxxxxx
> 
>  
> 
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
> 
>  
> 
>  
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On 
> Behalf Of
> Muhammad Saleem
> Sent: Wednesday, November 14, 2007 2:16 AM
> To: 'Mohamed, Liban [NTK]'
> Cc: ccielab@xxxxxxxxxxxxxx; dcp@xxxxxxxxxxx
> Subject: RE: Two default gateway (IP Route ..)
> 
> VSAT-----CE1 (VSAT Modem>>External NIC of Pix FW >> Internal 
> NIC of Pix FW
> >>Internal Server (P-DNS, WEB, Email)
> DSL------CE2 (DSL Modem>>External NIC of Microsoft ISA FW >> 
> Internal NIC of
> Microsoft ISA FW >> Internal Server (S-DNS, WEB, Email) Pix 
> internal NIC,
> Microsoft ISA internal NIC and Internal servers are connected in CISCO
> Catalyst 3750 switch and belong to same VLAN, and I am 
> configuring static
> routes in the same switch.
> 
> Saleem
> 
> -----Original Message-----
> From: Mohamed, Liban [NTK] [mailto:Liban.Mohamed@xxxxxxxxxx]
> Sent: Wednesday, November 14, 2007 9:31 AM
> To: Muhammad Saleem
> Subject: RE: Two default gateway (IP Route ..)
> 
> Mohamed so just to understand your set up.
> 
> 
> VSAT-----CE1-----Internal Server (P-DNS, WEB) 
> DSL------CE1-----Internal
> Server (S-DNS, WEB-Server)
> 
> You want the DSL to take over in case the VSAT fails right? 
> Since the VSAT
> and the DSL comes to one CE you want to enter flooding static 
> route for
> default-route, that should work just fine, as you have 
> setting the admin
> distance of 192.168.43.10 to 50, hence it will be a back up
> 
> 
> Thanks,
> 
> Liban Mohamed
> NTAC-IP
> Sprint/Nextel
> www.sprint.net
> liban.mohamed@xxxxxxxxxx
> (W) 678-291-3438
> (PCS) 404-441-9701
> 
> 
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On 
> Behalf Of
> Muhammad Saleem
> Sent: Wednesday, November 14, 2007 12:47 AM
> To: groupstudy@xxxxxxxxxxxxxxxx
> Cc: ccielab@xxxxxxxxxxxxxx
> Subject: RE: Two default gateway (IP Route ..)
> 
> I have P.DNS and S.DNS servers, hosting inside of network, already
> registered with the SaudiNIC, P.DNS contains IP Add from 
> ISP-1(connected
> with VSAT), S.DNS will contains IP Add from ISP-2 (connected 
> with DSL), If
> client is trying to access Web server it will go through P.DNS and if
> ISP-1 link is down then the client request will go through 
> S.DNS (ISP-2, DSL
> link) and will reach my Web server.
> I have not implemented this scenario yet but I think its gona work.
> If I add one more IP Route like
> ip route 0.0.0.0 0.0.0.0 192.168.43.2
> ip route 0.0.0.0 0.0.0.0 192.168.43.10 50
> 
> Is it gona solve my problem?
> 
> Saleem
> 
> -----Original Message-----
> From: Tony Schaffran [mailto:groupstudy@xxxxxxxxxxxxxxxx]
> Sent: Wednesday, November 14, 2007 5:05 AM
> To: 'Muhammad Saleem'; ccielab@xxxxxxxxxxxxxx
> Subject: RE: Two default gateway (IP Route ..)
> 
> For what you are trying to accomplish, I am affraid it is a 
> little more
> complicated than it seems.
> 
> Without BGP, to get inbound traffic to your web and mail 
> servers, you will
> need something like a Fatpipe device or some kind of dynamic DNS
> implementation.
> 
> 
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>  
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals. 
>  
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On 
> Behalf Of
> Muhammad Saleem
> Sent: Tuesday, November 13, 2007 7:23 AM
> To: ccielab@xxxxxxxxxxxxxx
> Subject: Two default gateway (IP Route ..)
> 
> Hi Experts, 
> 
>  
> 
> This is a little odd question but related to one of the 
> routing issues.
> 
> I have one L3 switch, one Server VLAN, Two ISPs, one is 
> through VSAT which
> is primary link and second one is DSL link. 
> 
> VSAT is further connected to outside interface of CISCO Pix Firewall
> protecting Web and Email server. 
> 
> DSAL is further connected to Microsoft ISA firewall outside 
> interface, ISA
> FW will be use to publish Web and Email servers 
> 
>  
> 
> I am going to provide availability of Web and Email servers 
> in case of VSAT
> link is down.
> 
> In CISCO Cat 3750 switch I have defined VLAN for Web and 
> Email servers and
> in servers Default Gateway IP I defined the IP address of 
> VLAN IP address
> (SVI IP address) 
> 
> in CISCO Cat 3750 
> 
> ip route 0.0.0.0 0.0.0.0 192.168.43.2 
> 
> (192.168.43.2 is the Internal IP of CISCO Pix firewall) 
> 
> With this switch configuration VSAT connection is working 
> fine and I can
> access web and email server from outside and inside.
> 
>  
> 
> I want to use DSL link for inbound connection only if main 
> VSAT link is
> down, people should be able to access web and Email server 
> from Internet.
> 
>  
> 
> Now, I am going to add DSL connection in my network so, 
> should I just add
> one more 
> 
> IP ROUTE entry in my L3 switch like 
> 
> ip route 0.0.0.0 0.0.0.0 192.168.43.10 ?
> 
> (192.168.43.10 is the inside IP of Microsoft ISA firewall) 
> 
>  
> 
> Is this enough to get web and email service availability or 
> what should I do
> more?? 
> 
> How can I define two Gateways with different distance, so the 
> L3 switch
> recognize that main VSAT link (CISCO Pix) is down so use the 
> DSL link(ISA
> Server).
> 
>  
> 
> I will appreciate all the responses.
> 
> ______________________________________________________________
> _________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
> 
> ______________________________________________________________
> _________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
> 
> ______________________________________________________________
> _________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html