Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: foundry

VIPs on multiple subnets

 

 

nsp foundry RSS feed   Index | Next | Previous | View Threaded


tom.banner.15 at gmail

Mar 11, 2011, 9:36 PM

Post #1 of 4 (699 views)
Permalink
VIPs on multiple subnets

I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.

I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.

When the default route is in place, only the /24 VIPs work. If I remove the default route, VIPs on all three networks work but there is a slight delay. If I reboot the si450 then none of the VIPs work. It seems the routes are cached when I remove the default route, which makes it all work but unreliably.

How can I have VIPs in 3 different subnets with their own gateway?




_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


dschout at high5

Mar 12, 2011, 12:32 AM

Post #2 of 4 (666 views)
Permalink
Re: VIPs on multiple subnets [In reply to]

Hello,

There's only one routing table and no VRF's or something.

So as far as I know, you can't.

The "ip default-network" feature allows you to specify multiple backup gateways in case the default gw becomes unavailable.

The gateway to the network specified should already be in the routing table and thus the default-network can't be a locally defined network.

See it as:

If default gw becomes unavailable, route traffic towards the gateway normally used to reach network X, where network X = default-network.

Greetings,

Diederik



Sent from my iPhone

On 12 mrt. 2011, at 06:36, Tom Banner <tom.banner.15 [at] gmail> wrote:

> I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.
>
> When the default route is in place, only the /24 VIPs work. If I remove the default route, VIPs on all three networks work but there is a slight delay. If I reboot the si450 then none of the VIPs work. It seems the routes are cached when I remove the default route, which makes it all work but unreliably.
>
> How can I have VIPs in 3 different subnets with their own gateway?
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp [at] puck
> http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


gk at ax

Mar 12, 2011, 10:12 AM

Post #3 of 4 (655 views)
Permalink
Re: VIPs on multiple subnets [In reply to]

Am 12.03.11 06:36, schrieb Tom Banner:
> I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.

Working with more then one static "default route" or "default network"
is always a bad thing in my opinion, because L3 routing has better ways
for using multiple IP networks. In your situation, I would remove all
the 3 "ip default-network" statements and leave only the "default route"
for the /24 alive. If that doesn't work, ensure that the two /29s are
being *routed* towards your SI IP address from your uplink gateway.

--
Gerald

_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


routehero at gmail

Mar 12, 2011, 10:30 AM

Post #4 of 4 (656 views)
Permalink
Re: VIPs on multiple subnets [In reply to]

You can use PBR on the interfaces to ensure that your next-hop is how you
want it.

something like..

access-list 10 permit ip 10.10.10.0 0.0.0.255 any

route-map DMZ1 permit 10
match ip address 10
set ip next-hop 10.10.10.254

Where 10.10.10.254 is the gateway of your choice for that network.

You can put this on the VE closest to the servers, but it really depends on
your routing setup more than anything.

Scott

On Sat, Mar 12, 2011 at 12:36 AM, Tom Banner <tom.banner.15 [at] gmail>wrote:

> I'm running an si450 with router code (boot image 10.2) and can't get VIPs
> on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29
> networks. I also have a default route for the /24 defined.
>
> When the default route is in place, only the /24 VIPs work. If I remove
> the default route, VIPs on all three networks work but there is a slight
> delay. If I reboot the si450 then none of the VIPs work. It seems the routes
> are cached when I remove the default route, which makes it all work but
> unreliably.
>
> How can I have VIPs in 3 different subnets with their own gateway?
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp [at] puck
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

nsp foundry RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.