Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: foundry

Routing problem

  

 
nsp foundry RSS feed   Index | Next | Previous | View Threaded


dlawson at azzaron

Mar 21, 2012, 7:15 AM

Post #1 of 2 (299 views)
Permalink
Routing problem
Hi guys,



A Foundry newb here, but having a major routing issue.



We put an RX-16 into place last night and all seemed good as we tested
inbound and outbound routes to the system from various points around the
country.



However, this morning, several diverse locations are unable to access the
system. We have a *very* simple (maybe too simple) setup.



We have port 1/1 and 3/1 connected via HSRP to the ISP. We have ports 1/2
and 3/2 connected to a firewall. All ports are in a Layer 2 VLAN ID 4000.



We have two internal public subnets (one /24 and one /28) that are supposed
to *route* to the ISP, so we simply added the IP of the routed interface to
1/1 and then added a static route for all traffic (0.0.0.0/0.0.0.0) to point
to the ISP. This seemed to work in the initial tests, but now hundreds of
users are blocked by our system, seemingly from certain ISPs.



Have we committed a routing faux pas by using the static route as our
default gateway? Any help is appreciated.



Thanks,

David Lawson


dlawson at azzaron

Apr 5, 2012, 2:41 PM

Post #2 of 2 (268 views)
Permalink
Re: Routing problem [In reply to]
You're exactly right! Works great.

-----Original Message-----
From: Igor Ybema [mailto:igor [at] ergens]
Sent: Thursday, March 22, 2012 1:16 PM
To: David Lawson
Cc: foundry-nsp [at] puck
Subject: Re: [f-nsp] Routing problem

> Have we committed a routing faux pas by using the static route as our
> default gateway?  Any help is appreciated.

If I understand correctly you have connected 1/1 AND 3/1 to your ISP (via
HSRP on their side). However, you have only configured 1/1 as a routing
interface. This means that all traffic from your ISP received on 3/1 is
being dropped as this interface does not know how to handle the traffic.

You should create a routing virtual interface in your vlan 4000
('router-interface ve 1') and configure your ISP routing IP-net in that
interface (int ve 1) and NOT on the interface 1/1. That interface and
interface 3/1 should only be switch ports in vlan 4000. (vlan 4000
-> untag e 1/1 e 3/1).
Or you could also use HSPR (VRRP in non-cisco terms) on your router and
configure it on interface 1/1 and 3/1. But I don't see why you would want
this because you have only one router which is already the SPOF.

regards, Igor


_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp

nsp foundry RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.