[c-nsp] Dual Homing

Darwis Herman magic.hand at live.com
Wed May 14 00:44:39 EDT 2014 

Dear Gurus and Friend,

I am seeking a little help on my setup as below:-


                  /-----------1st Link  (C4500)----------\
ISP --------                                                              ---------------------- CUSTOMER (Fortigate 200B)
                  \-----------2nd Link (C4500)----------/


Current Setup:-

Customer is having 2 connection to a same ISP. 
ISP assigned both links with 2 VLANs with point-to-point (/30) IP addresses for gateway termination.
ISP also assigned a pool of /27 public IP addresses to CUSTOMER.
CUSTOMER requires the /27 public IP to be accessible from both links.



Situation:-

When both links are UP, CUSTOMER is able to use their public IP pools (natted within their Fortigate)
When 2nd link is DOWN, public IP still  usable.
When 1st link is DOWN, public IP no longer usable.
Fortigate side configured with policy based detection mechanism, whereby it will sense whichever usable link to route out traffics from natted host.


Configuration for both C4500:-

C4500 # (for link #1)

interface Vlan10
 description CUSTOMER_X_#1
 ip address 192.168.10.1 255.255.255.252
 no ip redirects
 no ip proxy-arp
end

----
router ospf 1
network 192.168.10.1 0.0.0.0 area 0

----

ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1

--------------

C4500_1#show access-lists IN_CUSTOMER_X_#1
Extended IP access list IN_CUSTOMER_X_#1
    10 permit ip any 172.21.200.32 0.0.0.31 (3640 matches)
C4500_1#

C4500 # (for link #2)

interface Vlan20
 description CUSTOMER_X_#2
 ip address 192.168.10.5 255.255.255.252
 no ip redirects
 no ip proxy-arp
end

----
router ospf 1
network 192.168.10.5 0.0.0.0 area 0

ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1

----------

C4500_2#show access-lists IN_CUSTOMER_X_#2
Extended IP access list IN_CUSTOMER_X_#2
    10 permit ip any 172.21.200.32 0.0.0.31 
C4500_2#

--------------------------------------------------------------------------------------------------------


By looking at the ACL hits, it seems that only 1st link being used all the time.

Is there anything else that is missing to complete redundancy routing?




Best Regards,

 

Darwis Herman



 

“This is 10% Luck, 20% Skill,
15%  Concentrated Power of Will,  5% Pleasure, 50% Pain And a 100%  Reason to Remember The Name!”

More information about the cisco-nsp mailing list