Re: Making connected less preferred than remote route.......

From: Ivan (ivan@iip.net)
Date: Thu Aug 03 2006 - 07:18:16 ART

• Next message: Elias Chari: "Re: IEWB LAB 13 Task 4.3 RIP Why only "default-information"
• Previous message: Ivan: "Re: Multicast helper-map testing"
• Maybe in reply to: Geert Nijs: "Making connected less preferred than remote route......."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Think that description below may be incorrect. Routing applied only if host is
not local. If host connected packet to it directed to mac-address getted from
ARP-record.

> More specific match/netmask length is evaluated before everything else. So
> if locally you have :
> !
> int vlanA
> ip address 10.10.10.1 255.255.255.0
> !
> - and you have the same route (10.10.10.0/24) coming from remote end via
> whatever routing protocol, then you can either decrease mask length on int
> vlan A
> !
> int vlan A
> ip address 10.10.10.1 255.255.254.0
> !
> - or have remote end to advertise two /25 routes: 10.10.10.0/25 and
> 10.10.10.128/25
> Then configure a static route towards single IP pointing to the local
> interface:
> ip route 10.10.10.33 255.255.255.255 int vlan X 10.10.10.33
>
> HTH
> Cheers
> Alex
>
> ----- Original Message -----
> From: "Geert Nijs" <geert.nijs@simac.be>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, August 02, 2006 5:52 PM
> Subject: Making connected less preferred than remote route.......
>
> > All,
> >
> > I am breaking my head over this one:
> >
> > I am sitting at a core switch and i want to configure the following:
> >
> > I have a remote subnet x which is routed to my core switch.
> > I have this same subnet also configured locally on the switch:
> > int vlan A
> > ip address x.x.x.x
> > shut
> >
> > the vlan is shut. Of course from the moment i unshut the vlan, all
> > traffic to the remote site
> > is dropped and all is routed locally (since vlan is directly connected it
> > takes precedence over the remotely
> > learned vlan).
> >
> > What i want to do now is the following:
> >
> > I want to route ALL traffic to the remote subnet, even if i have a
> > locally connected subnet, EXCEPT for 1 ip address in this vlan. This ip
> > address, i want to route to the locally connected interface.
> >
> > I tried policy based routing like:
> >
> > route-map FORCEVPN, permit, sequence 10
> > Match clauses:
> > ip address (access-lists): 199 ------------------> match
> > single destination ip address
> > Set clauses:
> > set ip interface vlan 50 ->>>>>>>>> put
> > on local vlan
> > Policy routing matches: 0 packets, 0 bytes
> > route-map FORCEVPN, permit, sequence 20
> > Match clauses:
> > ip address (access-lists): 198 -------------------------> match
> > complete destination subnet x
> > Set clauses:
> > ip next-hop 10.129.4.1 ----------------> use
> > remote gateway so that it gets routed remotely
> > Policy routing matches: 1 packets, 60 bytes
> >
> >
> > Unfortunatly, it does not work ? from the moment i unshut the vlan ->
> > everything gets dropped. PBR does not seem to intercept the packets
> > Hardware is C6500 with S720 running 12.2(18)SXF4
> >
> > Any ideas ?
> >
> > regards,
> > Geert
> >
> > #########################################################################
> >############ Simac N.V. trades under the commercial name Simac ICT
> > Belgium.
> > This e-mail and any attached files are confidential and may be legally
> > privileged.
> > If you are not the addressee, any disclosure, reproduction, copying,
> > distribution,
> > or other dissemination or use of this communication is strictly
> > prohibited.
> > If you have received this transmission in error please notify Simac
> > immediately
> > and then delete this e-mail.
> >
> > Simac has taken all reasonable precautions to avoid virusses in this
> > email.
> > Simac does not accept liability for damage by virusses, for the correct
> > and complete
> > transmission of the information, nor for any delay or interruption of the
> > transmission,
> > nor for damages arising from the use of or reliance on the information.
> >
> > All e-mail messages addressed to, received or sent by Simac or Simac
> > employees
> > are deemed to be professional in nature. Accordingly, the sender or
> > recipient of
> > these messages agrees that they may be read by other Simac employees than
> > the official
> > recipient or sender in order to ensure the continuity of work-related
> > activities
> > and allow supervision thereof.
> > #########################################################################
> >############
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Ivan

• Next message: Elias Chari: "Re: IEWB LAB 13 Task 4.3 RIP Why only "default-information"
• Previous message: Ivan: "Re: Multicast helper-map testing"
• Maybe in reply to: Geert Nijs: "Making connected less preferred than remote route......."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:55 ART