Hi, On Mon, Mar 08, 2010 at 04:54:56PM -0500, Church, Charles wrote: > Outbound seems a bit trickier. Seems like I need to policy route > the traffic, matching on the source address of the VTC gear. The next hop > is what I'm getting stuck on, since I could be black-holing VTC traffic if > that BGP peer was down, but the interface was up (it's metro ethernet, local > link doesn't guarantee BGP is up). There is a 'verify-availability' option, > but seems to be tied to CDP, and upstream uses Juniper.
On the 7200, you could set the next-hop to an address that is learned via BGP from the neighbour in question. So: the ISP will announce "10.0.0.1" to you on the 10m link (any prefix will do, but your router needs to prefer it via the 10m link - either "not visible on the other link at all" or "force it via local-pref"). Your route-map will direct the packets via "set next-hop 10.0.0.1". If the BGP route goes down, you router needs a floating static route ("ip route 10.0.0.1 255.255.255.255 <otherlink> 240") that will get installed if nothing else is there -> fallback to 50m link. Caveats: - Traffic to "10.0.0.1" will always go to the 10m link, so pick something that will not attract lots of traffic :-) - you need a somewhat recent IOS to support recursive next-hop resolution for policy-routing. I'm not sure when it got added, I think it was 12.3, but it could have been 12.4 - some years ago, in any case, so no need for bleeding-edge stuff - on hardware-forwarding plattforms like the 6500 and 7600, the hardware cannot do this, so you fall back to software-forwarding. No problem for your 7200, but I just want to point it out. Alternative approaches could be the use of VRFs for routing-table isolation, but I think this would be more complicated and won't give you more benefits. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpN8T5YfQCAl.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/