[c-nsp] Policy-routing for a protocol

Gert Doering gert at greenie.muc.de
Tue Mar 9 03:01:10 EST 2010


Hi,

On Mon, Mar 08, 2010 at 04:54:56PM -0500, Church, Charles wrote:
> 	Outbound seems a bit trickier.  Seems like I need to policy route
> the traffic, matching on the source address of the VTC gear.  The next hop
> is what I'm getting stuck on, since I could be black-holing VTC traffic if
> that BGP peer was down, but the interface was up (it's metro ethernet, local
> link doesn't guarantee BGP is up).  There is a 'verify-availability' option,
> but seems to be tied to CDP, and upstream uses Juniper. 

On the 7200, you could set the next-hop to an address that is learned via
BGP from the neighbour in question.

So: the ISP will announce "10.0.0.1" to you on the 10m link (any prefix
will do, but your router needs to prefer it via the 10m link - either
"not visible on the other link at all" or "force it via local-pref").

Your route-map will direct the packets via "set next-hop 10.0.0.1".

If the BGP route goes down, you router needs a floating static route
("ip route 10.0.0.1 255.255.255.255 <otherlink> 240") that will get
installed if nothing else is there -> fallback to 50m link.

Caveats:

 - Traffic to "10.0.0.1" will always go to the 10m link, so pick something
   that will not attract lots of traffic :-)
 - you need a somewhat recent IOS to support recursive next-hop resolution
   for policy-routing.  I'm not sure when it got added, I think it was 12.3,
   but it could have been 12.4 - some years ago, in any case, so no need
   for bleeding-edge stuff
 - on hardware-forwarding plattforms like the 6500 and 7600, the hardware
   cannot do this, so you fall back to software-forwarding.  No problem 
   for your 7200, but I just want to point it out.


Alternative approaches could be the use of VRFs for routing-table isolation,
but I think this would be more complicated and won't give you more benefits.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100309/d1c6d739/attachment.bin>


More information about the cisco-nsp mailing list