Re: Punching a hole in policy routing

From: Jesper Skriver (jesper@skriver.dk)
Date: Thu Jan 06 2000 - 21:34:33 EST

Next message: Earl Smith: "Re: Punching a hole in policy routing"
Previous message: Earl Smith: "Punching a hole in policy routing"
In reply to: Earl Smith: "Punching a hole in policy routing"
Next in thread: Earl Smith: "Re: Punching a hole in policy routing"
Reply: Earl Smith: "Re: Punching a hole in policy routing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

On Thu, Jan 06, 2000 at 09:02:44PM -0500, Earl Smith wrote:
> I have a 2620 that has two T1s connected to two different
> providers in preparation for multihoming (no, I don't intend to
> take full views). Provider A routes me a /23. Provider B routes
> me a /24. The 2620 has 2 WICs and 1 Ethernet.
>
> I have added a secondary IP to the e0/0 so there are addresses
> from both blocks on the e0. I have set up policy routing on the
> e0 so that packets sourced from each provider's IP block
> are routed to the appropriate interface using a simple set of
> standard access list statements and a route-map. This all works
> fine. Traffic is being routed properly from hosts on each
> network to its proper T1. The route map is on e0.
>
> My problem is that the source based policy routing is sending
> traffic from each of the two networks (on the same segment) bound
> for the other network out the appropriate T1 through the internet
> and back through the other T1 back to the host. This is expected
> actually.
>
> But this is kinda dumb for accessing a mail server that is
> connected to the same piece of wire. I've tried proxy-arp; s
> static routes don't work. I know the way I have it set up is
> dumb. I just need to make it work temporarily so I have
> something to fall back on while I get BGP, etc. set up
>
> What's the secret?

Subnet A: 1.1.1.0/23
Subnet B: 2.2.2.0/24

access-list 100 permit 1.1.1.0 0.0.1.255 2.2.2.0 0.0.0.255
access-list 100 permit 2.2.2.0 0.0.0.255 1.1.1.0 0.0.1.255
access-list 101 permit 1.1.1.0 0.0.1.255 any
access-list 102 permit 2.2.2.0 0.0.0.255 any

route-map POLICY deny 5
match ip address 100
!
route-map POLICY permit 10
match ip address 101
set interface Serial1/0
!
route-map POLICY permit 20
match ip address 102
set interface Serial1/1
!
interface Ethernet0/0
ip policy route-map POLICY

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk
Work:    Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: Geek            @ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

Next message: Earl Smith: "Re: Punching a hole in policy routing"
Previous message: Earl Smith: "Punching a hole in policy routing"
In reply to: Earl Smith: "Punching a hole in policy routing"
Next in thread: Earl Smith: "Re: Punching a hole in policy routing"
Reply: Earl Smith: "Re: Punching a hole in policy routing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:08 EDT