[c-nsp] Dual Homing
Gert Doering
gert at greenie.muc.de
Wed May 14 12:28:19 EDT 2014
Hi,
On Wed, May 14, 2014 at 09:57:45PM +0800, Darwis Herman wrote:
> I am not sure it it was a coincident or something, but during my
> troubleshooting at customer premise, when I shutdown the VLAN in
> one of the C4500, I can still ping the NATed IP from public. Same
> goes when I changed to the primary connection. Only when I asked
> to turn off the WAN link from their Fortigate, it fails. Does this
> explains something? I didn't check if the routing disappeared or
> not during that time.
Well, actually checking this would have been enlightening :-) - welcome
to the world of Ethernet based circuits. One side going down usually
doesn't signal anything to your end, so your port and VLAN will still
be "up", and you'll happily sink all traffic..
This sort of setup will not work reliably without an end-to-end
signalling that tells both ends whether the *path* works (as opposed
to "the local ethernet segment"). Like, IP SLA from the 4500 towards
the customer interface, and then using object track on the routes.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140514/7b7491cd/attachment.sig>
More information about the cisco-nsp
mailing list