[c-nsp] PBR on traffic originating from the router
Let's say a router is setup with connection to ISP 1 and ISP 2, which are both non-BGP connection and traffic coming in from ISP 1 can't go out ISP 2 and visa versa. Default route is set on ISP 1, with IP SLA, failover to ISP 2. I can configure NAT so it will NAT on the correct IP for each egress connection. This is not the issue. Is there a way, for example, a ping to the router coming into ISP2 can be sent back out ISP2 when ISP2 is not the default route? Normal PBR applied to ingress traffic on the interface so I wasn't sure what could be done with traffic originating on the router. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PBR on traffic originating from the router
Hello Jay, you can a apply a route-map that would do PBR on the traffic generated by the router like this: route-map LocalPolicy permit 10 match ip address PingISP_A set interface Serial0/0/0 ip local policy route-map LocalPolicy Seems like your scenario perfectly matches the one described by Ivan on http://www.nil.com/ipcorner/RedundantMultiHoming/ -pavel On Thu, Jul 28, 2011 at 8:29 AM, Jay Nakamura zeusda...@gmail.com wrote: Let's say a router is setup with connection to ISP 1 and ISP 2, which are both non-BGP connection and traffic coming in from ISP 1 can't go out ISP 2 and visa versa. Default route is set on ISP 1, with IP SLA, failover to ISP 2. I can configure NAT so it will NAT on the correct IP for each egress connection. This is not the issue. Is there a way, for example, a ping to the router coming into ISP2 can be sent back out ISP2 when ISP2 is not the default route? Normal PBR applied to ingress traffic on the interface so I wasn't sure what could be done with traffic originating on the router. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PBR on traffic originating from the router
Thanks everyone! I got it working with the ip local policy. On Thu, Jul 28, 2011 at 6:08 AM, Pavel Skovajsa pavel.skova...@gmail.com wrote: Hello Jay, you can a apply a route-map that would do PBR on the traffic generated by the router like this: route-map LocalPolicy permit 10 match ip address PingISP_A set interface Serial0/0/0 ip local policy route-map LocalPolicy Seems like your scenario perfectly matches the one described by Ivan on http://www.nil.com/ipcorner/RedundantMultiHoming/ -pavel On Thu, Jul 28, 2011 at 8:29 AM, Jay Nakamura zeusda...@gmail.com wrote: Let's say a router is setup with connection to ISP 1 and ISP 2, which are both non-BGP connection and traffic coming in from ISP 1 can't go out ISP 2 and visa versa. Default route is set on ISP 1, with IP SLA, failover to ISP 2. I can configure NAT so it will NAT on the correct IP for each egress connection. This is not the issue. Is there a way, for example, a ping to the router coming into ISP2 can be sent back out ISP2 when ISP2 is not the default route? Normal PBR applied to ingress traffic on the interface so I wasn't sure what could be done with traffic originating on the router. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PBR on traffic originating from the router
Hi, On Thu, Jul 28, 2011 at 02:29:59AM -0400, Jay Nakamura wrote: Is there a way, for example, a ping to the router coming into ISP2 can be sent back out ISP2 when ISP2 is not the default route? Normal PBR applied to ingress traffic on the interface so I wasn't sure what could be done with traffic originating on the router. ip local policy route-map PBR for traffic originated by the router. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpGgDD7J343K.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/