Re: Web traffic route

Sameer -

Why not use the gre tunnel?

David's suggestion is a common and safe way to go. 24 bytes of overhead is not bad. You are trying to do some very tricky routing over 2 sites.

On Site B router, you need the policy route as showed in my sample config previously "with the set interface and the set ip next hop" and the gre tunnel to pull this off.

To classify this config for all you're doing
"Firewall/default gateway in the cloud, with multiple exit points to the internet, with www taking a specific exit."

You will also need a ip sla on Site B router to verify Site A has that internet connection that is working as a condition of this policy (can match a tracked obj in your policy route map)
Or in Lieu of an sla, this can be implemeted as a "tracking route" site A only sends to site B via mpls when site A has a valid internet link, and site B tracks in the rting table :)

-Joe

From: sameer inam [mailto:i_sameer_at_hotmail.com]
Sent: Thursday, July 07, 2011 03:45 AM
To: dcp_at_dcptech.com <dcp_at_dcptech.com>; roykhan123_at_hotmail.com <roykhan123_at_hotmail.com>; Joseph L. Brunner; gtosh_at_aeneas.net <gtosh_at_aeneas.net>; ccielab_at_groupstudy.com <ccielab_at_groupstudy.com>
Subject: RE: Web traffic route

David,

I was thinking about that to biuld the GRE tunnel between these two sites and using PBR send the www traffic but as you also mentioned that 24byte of tunnel overhead . and that why I m trying to fix without tunnel .

kind regards,

Sameer

> From: dcp_at_dcptech.com
> To: roykhan123_at_hotmail.com; joe_at_affirmedsystems.com; i_sameer_at_hotmail.com; gtosh_at_aeneas.net; ccielab_at_groupstudy.com
> Subject: RE: Web traffic route
> Date: Wed, 6 Jul 2011 22:02:58 -0400
>
> Sameer,
> When you say the second link is MPLS BGP, is this going to a carrier. Is the
> default route being received by the carrier from Site B. If Site A sends
> specific traffic to the MPLS carrier, and Site A is advertising the default
> to the same carrier, then the carrier will turn it around and send it back
> to you. If this is not happening, then the carrier has to have a default
> received via Site B so that the traffic is sent to B. A quick fix to this
> would be to create a tunnel interface between Site A and Site B, using the
> tunnel as the next hop interface and address. Then Site B will forward the
> traffic using its default route. Issue now is that you have added an
> additional 24 bytes of tunnel overhead to your traffic, that uses PBR.
>
> David
>
> --
> http://dcp.dcptech.com
>
>
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Roy Khan
> > Sent: Wednesday, July 06, 2011 9:10 PM
> > To: joe_at_affirmedsystems.com; i_sameer_at_hotmail.com; gtosh_at_aeneas.net;
> > ccielab_at_groupstudy.com
> > Subject: RE: Web traffic route
> >
> > Dear
> > Is it possible for you to create a default route on site A and point
> > toward
> > the Site B.
> >
> > > From: joe_at_affirmedsystems.com
> > > To: i_sameer_at_hotmail.com; gtosh_at_aeneas.net; ccielab_at_groupstudy.com
> > > Subject: RE: Web traffic route
> > > Date: Wed, 6 Jul 2011 02:04:32 +0000
> > >
> > > I don't think you have designed the use of policy routing well or
> > understand
> > > the feature - route by any layer 3 or layer 4 packet field, where
> > standard
> > > routing is simply by IP destination.
> > >
> > > Policy routing works independently of how your router learns ip
> > destination
> > > networks... so please post in very clear terms what you are trying to
> > do
> > and
> > > the configuration of all routers (use pastebin and make a link if
> > necessary).
> > > We'll figure it out
> > >
> > > -joe
> > >
> > > From: sameer inam [mailto:i_sameer_at_hotmail.com]
> > > Sent: Tuesday, July 05, 2011 6:55 AM
> > > To: gtosh_at_aeneas.net; Joseph L. Brunner; ccielab_at_groupstudy.com
> > > Subject: RE: Web traffic route
> > >
> > > its not working for me , actually I m using BGP between two sites ,
> > site-A
> > has
> > > two connection one for internet and other one is for BGP connection
> > with
> > > internal branches sites ....and what i m trying is to route www
> > traffic via
> > > bgp from site B to site A to use there internet connection .
> > >
> > > Kind regards,
> > >
> > > Sameer
> > >
> > > > Date: Wed, 29 Jun 2011 08:01:31 -0500
> > > > Subject: RE: Web traffic route
> > > > From: gtosh_at_aeneas.net
> > > > To: joe_at_affirmedsystems.com; i_sameer_at_hotmail.com;
> > ccielab_at_groupstudy.com
> > > >
> > > > "Joseph L. Brunner" <joe_at_affirmedsystems.com> wrote:
> > > >
> > > > >Same deal here bro - I send junk http/https traffic off to a cable
> > modem
> > > and let my high value voip and signaling traffic use the T-1
> > > > >
> > > > >(from a live router right now)
> > > > >
> > > > >ip access-list extended use-twc-policy
> > > > > permit tcp 192.168.1.0 0.0.0.255 any eq www
> > > > > permit tcp 192.168.1.0 0.0.0.255 any eq 443
> > > > >
> > > > >route-map int-f0/1-policy-route permit 10
> > > > > match ip address use-twc-policy
> > > > > set ip next-hop 24.108.91.65
> > > > > set interface Vlan100
> > > > >
> > > > >
> > > > >interface FastEthernet0/1
> > > > > description Lan-Inside
> > > > > ip address 192.168.1.1 255.255.255.0
> > > > > ip nat inside
> > > > > ip inspect fwpolicy in
> > > > > ip inspect fwpolicy out
> > > > > ip virtual-reassembly
> > > > > ip policy route-map int-f0/1-policy-route
> > > > >
> > > > >-----Original Message-----
> > > > >From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> > Behalf Of
> > > sameer inam
> > > > >Sent: Wednesday, June 29, 2011 2:35 AM
> > > > >To: ccielab_at_groupstudy.com
> > > > >Subject: Web traffic route
> > > > >
> > > > >Experts,
> > > > >I m trying to send the www traffic to my second internet link ,
> > which
> > has
> > > NAT
> > > > >configured but some reason traffic is not go through please see
> > below
> > the
> > > > >config ....if any one can help me on that .
> > > > >
> > > > >Thanks in advance
> > > > >
> > > > >interface fastethernet 0/0 Des WAN link
> > > > >
> > > > >!interface FastEthernet0/1Des LAN ip address 10.0.98.1
> > 255.255.255.0 ip
> > > > >policy route-map web speed 100 full-duplex!
> > > > >ip access-list extended webtraffic permit tcp 10.0.98.0 0.0.0.255
> > any eq
> > > www!
> > > > >
> > > > >route-map web permit 10 match ip address webtraffic set ip next-
> > hop
> > > > >172.168.0.10 ( next hope router WAN address which is connected
> > through
> > > > >MPLS-BGP )
> > > > >
> > > > >
> > > > >KInd regards,
> > > > >Sameer
> > > > >
> > > > >
> > > > >Blogs and organic groups at http://www.ccie.net
> > > > >
> > > >
> > >______________________________________________________________________
> > _
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > > > >Blogs and organic groups at http://www.ccie.net
> > > > >
> > > >
> > >______________________________________________________________________
> > _
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > Blogs and organic groups at http://www.ccie.net
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 07 2011 - 10:17:17 ART