[nsp] Redundant Default gateway

Jared Mauch jared@puck.nether.net
Tue, 12 Nov 2002 23:51:40 -0500


On Tue, Nov 12, 2002 at 11:48:10PM -0500, Richard Walsh wrote:
> That's what I thought. The clients point to the router as their gateway,
> and the router points to a firewall on the same ethernet segment. If the
> firewall goes down, protocol is still up. Is there a way for the router
> to determine that it's default gateway is no longer valid, and then
> switch over to a secondary route? Thanks Jared!!

	Run ospf or something similar on the firewall.  Have it announce
0.0.0.0 across the ethernet to your router.  Configure your static route
out the frame pvc with a high enough metric (i think it's
over 128) that the ospf route will take priority when it's
there.  then configure the firewall to not announce default (0/0)
unless it's valid/accessible.

	you could also use another protocol (bgp, etc..) but ospf
would probally be the easiest way to do it.. assuming
your firewall will support it at all.

	- jared

> Jared Mauch wrote:
> > 
> > On Tue, Nov 12, 2002 at 11:26:36PM -0500, Richard Walsh wrote:
> > > Hi,
> > >
> > > Yes I'm using point-to-point for the private frame. The default gateway
> > > is on the same network as the ethernet int. The routing config looks
> > > like this:
> > > ip route 0.0.0.0 0.0.0.0 209.x.x.28 (the route to the firewall)
> > > ip route 0.0.0.0 192.168.1.17 10 (the new route over the frame with the
> > > .17 address the serial address of the remote site.
> > > So, instead of pointing to the address of the other router, I should
> > > point to the pvc? (serial0/0.5)
> > 
> >         you have a problem here.
> > 
> >         unless the physical ethernet interface goes down it will
> > always assume that "if i can arp for it, it's up"
> >         (ie line proto up).
> > 
> >         so unless you have some igp going between you and the .28
> > router that can detect if default is gone, then you likely
> > can't do this.
> > 
> >

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.