I did something similar to this before. Building on what Bryan said, setup ip sla to do something like ping the default gateway your DSL ISP gives you. At the same time, have router B advertise a default route to router A. So, router A should have a static default route tied to the SLA pointing to your DSL, and a default route with a lower AD advertised from router B. If the SLA ping fails, your static route goes away and the one being advertised from router B kicks in.
"He not busy being born is busy dying" -- Dylan
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
74k/eLaYWYqu7YI=
=8HMA
-----END PGP PUBLIC KEY BLOCK-----
----- Original Message -----
From: "Jafar T" <jafar_at_paris.com>
To: "Bryan Bartik" <bbartik_at_ipexpert.com>
Cc: ccielab_at_groupstudy.com
Sent: Tuesday, April 21, 2009 10:49:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: a routing question
thanks for the idea,
but will not work, i always want A to use that static to firewall, i just
want A to fail over if the dsl on the far far side of that fireall drops,
in other words, if the dsl drops, A switch to B
how can i do this tweak, without changing the FW config ?
thanks
----- Original Message -----
From: "Bryan Bartik"
To: "Jafar T"
Cc: ccielab_at_groupstudy.com
Subject: Re: a routing question
Date: Tue, 21 Apr 2009 20:29:42 -0600
It sounds like you need Router A to recognize when it should no
longer use
it's static default route, remove it, and then use the route towards
B. You
can create an SLA Tracker and tie it to the route. One thing you
would watch
out for is that whatever you track through the firewall is not
reachable
through Router B, otherwise the tracker would pass and the route
would come
up again. Although, maybe you could tweak the tracker to
differentiate...Any
other ideas?
Bryan Bartik
CCIE #23707, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Apr 21, 2009 at 8:02 PM, Jafar T wrote:
> hi team,
>
> i have a scenario,
>
>
> isp.......routerB......mpls/BGP.......router
A.....firewall.....dsl...isp
>
> routeb, needs to act as a failover for A internet traffic
> router A, only has a static route to Firewall interface,
> routerA, will never detect the the dsl link down, since it is on
another
> subnet
> so no matter what router B advertise, floting static..default
> originate....etc
> it willl be no good for A, it can see that in the table, looks
good, but
> will never be activated as a another default route, since A always
will
> see the static route to firewall, and it looks fine as far as the
router
> a can tell,
> how can you change that,
> without
> enable a routing protocol on the firewall, in another words,
without
> doing any changes on the firewall ?
>
> cheers
>
> JT
>
> --
> It's News. It's Reviews. It's Interviews. It's Free. What Are You
Waiting
> For?
> www.movieline.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
Received on Wed Apr 22 2009 - 03:02:14 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART