[c-nsp] stateful dynamic traffic forwarding solution
Peter Rathlev
peter at rathlev.dk
Mon Mar 23 15:29:03 EDT 2009
Hi Ibrahim,
On Mon, 2009-03-23 at 12:59 +0200, Ibrahim Abo Zaid wrote:
> I am looking for IOS feature or solution can do the following , there
> are 2 hosts A and B from the same subnet , when host A connects to
> host B , router should forward traffic to next-hop X while when host B
> connects to A , router should forward traffic to next-hop Y
>
> both A and B are random IPs from the same subnet and X and Y are fixed
> next-hop
How would traffic hit the router when the hosts are on the same subnet?
Isolated/protected ports and "local-proxy-arp" or something like that?
> is there any kind of dynamic access-list can be used in PBR so ACL-AB
> forward traffic to X and a reverse version created automatically
> ACL-BA forwards the traffic to Y ?
How would you recognize the flows? I could only see this work if the
router knew what hosts to cover. What algorithm would the router use to
select next-hop X or Y for a given flow?
Are you thinking about the time difference, so the first flow in time
would select one next-hop, and the reverse flow would select another?
I'm pretty sure IOS and ASA can't do this. Don't know about ACE and the
like. You might be able to hack something together with BSD or Linux
tools.
> can that be done with FW or ASA instead of router ? or can that be
> done using content switch or content networking feature ?
Assuming X and Y are static next hops, the combination of L2 isolated
ports, local-proxy-arp and PBR would be able to do it on IOS, but only
if you know in a deterministic fashion what hosts to route where.
Regards,
Peter
More information about the cisco-nsp
mailing list