Hi Iwaan,
I don't think so it will work actually just posted to confirm from experts
the picture is i will divide in Numbers and statement below:
1-----Webservers
2------Firewall
3------Dist-A and Dist-B
4------Core-1 and Core-2
5------ISP--A and ISP---A
From firewall 2 links,1 is heading to Dist-A and another to Dist-B. Dist-A
and Dist-B is connected as a redundant to Core-1 and Core-2 with 2 uplinks
to each Core,and Core -1 & Core2 is connected to same ISP-1,
Customer want all his traffic (Inbound) from both the links to be hit on
firewall interface which is connected to Dist-A .Customer firewall is
associated to VRF on Dist-A and Dist-B, How can i do this ????? Am running
static routes for networks behind firewall for webservers and redistributing
them in VRF
Am pretty sure it can't be done with B because if i point a static route to
firewall interface which is connected to Dist-A as a next-hop all traffic
from B will be blackhole??? correct me if am wrong but want to listen from
you'll experts
Thanks Iwan
On Tue, Nov 17, 2009 at 11:12 PM, Iwan Hoogendoorn <iwan_at_ipexpert.com>wrote:
> Adam,
>
> Can you send a real picture ... or a link to 1 ...
> It;s getting a bit unclear the ASCII diagram ...
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer � IPexpert, Inc.
> URL: http://www.IPexpert.com <http://www.ipexpert.com/>
>
>
>
> On Tue, Nov 17, 2009 at 12:47 PM, adam gibs <adamgibs7_at_gmail.com> wrote:
> > WEB Servers
> > |
> > Firewall (Customer Z VRF)
> > 10.20.20.1| | 10.10.10.1
> > | |
> > Switch
> > / \
> > / \
> > (20.2) A B (10.2)
> > | \ / |
> > | / \ |
> > RR-1---Core-2 Core-1----RR-2
> > | |
> > ISP-1 ISP-1
> >
> > There are two redundant links from Dist-A and Dist B,to firewall,and
> > redundant links from Dist-A and Dist-B to Core-1 and Core-2, firewall
> want
> > to prefer Dist-A rather than Dist-B pointing static route with high AD
> to
> > B to remote sites located on other end of ISP.Am receiving routes from
> > another end (behind ISP) from active Core 1 and core-1 is passing routes
> to
> > Dist-A and Dist-B,
> >
> > Customer Z VRF Firewall want the traffic to be from the interface
> 10.20.20.1
> > for webservers,when applying static routes for webservers on Dist-A and
> > Dist-B the static route on B pointing to 10.20.20.1 will it work or
> traffic
> > will be blackholed.Or give me alternate solution or any link with example
> > configuration
> >
> > Dist-A
> > ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1
> > ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2
> >
> > Dist-B
> >
> > ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1
> > ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2
> >
> > I can't ping the 10.20.20.1 from Dist-B but what i understand is ,always
> > ping is not success in MPLS networks,without ping also traffic paasses.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer � IPexpert, Inc.
> URL: http://www.IPexpert.com <http://www.ipexpert.com/>
Blogs and organic groups at http://www.ccie.net
Received on Wed Nov 18 2009 - 00:01:30 ART