[c-nsp] IOS Firewall sessions
Gert Doering
gert at greenie.muc.de
Tue May 30 07:16:59 EDT 2006
Hi,
On Tue, May 30, 2006 at 10:01:33AM +0100, Sam Stickland wrote:
> > Or did I miss the long-asked-for feature that will remove the "connected"
> > router for HSRP passive interfaces (to enforce symmetric routing)?
>
> This sounds like quite a nice feature that would solve a lot of problems.
> What do you mean by "remove"? Would it only remove it if it had an IGP
> learned route for the subnet? Is there a danger of this causing routing
> loops?
Move the Interface to something like:
vlan3 is up, line protocol is up, IP protocol is HSRP-down
^^^^^^^^^^^^^^^^^^^^^^^^
on the same tangent, what I would *love* to see is
FastEthernet0 is up, lineprotocol is up, IP protocol is BFD-down
(consider bridged setups to customers, which always have a local link,
but might be broken "in between" - and no, you don't want to do dynamic
routing towards "SOHO" type customers).
What this would mean is that the router would behave as if the
line protocol were "down", but only regarding IP static/connected
route handling (and IPv6, of course!). So all "interface" routes
disappear from the routing table, and packets travel symmetrically.
> I assume that cisco have no official plans to implement this yet?
So do I - but hey, THEY are listening...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list