[c-nsp] easy way to re-route sql traffic down alternate link? -
verify commands
Rodney Dunn
rodunn at cisco.com
Wed Apr 13 12:06:40 EDT 2005
No..you have to reverse it for the return packet.
access-list 110 permit tcp any eq 1433 any
if it stays on the same port.
Rodney
On Wed, Apr 13, 2005 at 09:02:08AM -0700, Matt Bazan wrote:
> I've set up the same on router A but I don't believe this is matching
> the return traffic..
>
> Will the 'access-list 110 permit tcp any any eq 1433' match traffic
> where either the source or destination port is 1433? Thanks.
>
> > -----Original Message-----
> > From: Rodney Dunn [mailto:rodunn at cisco.com]
> > Sent: Tuesday, April 12, 2005 12:45 PM
> > To: Matt Bazan
> > Cc: Rodney Dunn; Bruce Pinsky; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] easy way to re-route sql traffic down
> > alternate link? - verify commands
> >
> >
> > On Tue, Apr 12, 2005 at 12:22:53PM -0700, Matt Bazan wrote:
> > > Here's how I plan to set this up. Looks very straightforward. If
> > > anyone would have a sec to point out problems I'd be very
> > > appreciative:
> > >
> > > SanRafael#(config) access-list 110 permit tcp any any eq 1433 //ACL
> > > for sql traffic
> > > SanRafael#(config) route-map SQL-Traffic permit
> > > SanRafael#(config-route-map) match ip address 110
> > > SanRafael#(config-route-map) set ip next hop <address of
> > 'C' router>
> > > //should I use an interface instead of IP here to insure proper
> > > route?
> >
> > No. I never recommend anyone use an interface as a next hop.
> >
> > > SanRafael#(config) int fa0/0
> > > SanRafael#(config-if) ip policy route map SQL-Traffic
> > > //if i understand correctly, policy map needs to be applied to
> > > interface that policy traffic enters on.
> >
> > Correct.
> >
> > >
> > > then setup reverse on the 'A' router. anything else? thanks again.
> >
> > Correct.
> >
> > You haven't looked in to the SAA stuff. Search for PBR object
> > tracking on CCO. If the link between A-C goes down PBR with
> > your current setup will send the SQL to C and C would route
> > it back through B to get to A. It will work but suboptimal.
> >
> > PBR is just like static routes. By themselves they don't
> > adjust to changes in the network which usually makes them a bad idea.
> >
> > You can path that somewhat with variations of SAA to detect a
> > failure in the path and change the forwarding behavior based
> > on that change.
> >
> > Rodney
> >
> >
> >
More information about the cisco-nsp
mailing list