If you truly can't change anything on the FW or routing with the ISP, then
the SLA tracker is a good solution. However, if you can get a dynamic
default route originated by the FW connected ISP, then you could point the
static default route on Router A (and Router B) with a higher admin distance
towards Router B. If the FW ISP goes down, the dynamic default route is
lost and the floating default takes over. That handles outbound routing.
Assuming you want the same failover rules for inbound traffic, either
solution is going to require BGP, or cooperation from the ISP to provide the
necessary traffic engineering.
-Josh
On Tue, Apr 21, 2009 at 10:29 PM, Bryan Bartik <bbartik_at_ipexpert.com> wrote:
> It sounds like you need Router A to recognize when it should no longer use
> it's static default route, remove it, and then use the route towards B. You
> can create an SLA Tracker and tie it to the route. One thing you would
> watch
> out for is that whatever you track through the firewall is not reachable
> through Router B, otherwise the tracker would pass and the route would come
> up again. Although, maybe you could tweak the tracker to
> differentiate...Any
> other ideas?
>
>
> Bryan Bartik
> CCIE #23707, CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On Tue, Apr 21, 2009 at 8:02 PM, Jafar T <jafar_at_paris.com> wrote:
>
> > hi team,
> >
> > i have a scenario,
> >
> >
> > isp.......routerB......mpls/BGP.......router A.....firewall.....dsl...isp
> >
> > routeb, needs to act as a failover for A internet traffic
> > router A, only has a static route to Firewall interface,
> > routerA, will never detect the the dsl link down, since it is on another
> > subnet
> > so no matter what router B advertise, floting static..default
> > originate....etc
> > it willl be no good for A, it can see that in the table, looks good, but
> > will never be activated as a another default route, since A always will
> > see the static route to firewall, and it looks fine as far as the router
> > a can tell,
> > how can you change that,
> > without
> > enable a routing protocol on the firewall, in another words, without
> > doing any changes on the firewall ?
> >
> > cheers
> >
> > JT
> >
> > --
> > It's News. It's Reviews. It's Interviews. It's Free. What Are You Waiting
> > For?
> > www.movieline.com
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 21 2009 - 23:05:17 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART