Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   routing based on source ip, NOT dest ip.... (http://www.velocityreviews.com/forums/t33376-routing-based-on-source-ip-not-dest-ip.html)

Captain 05-08-2004 09:43 PM

routing based on source ip, NOT dest ip....
 
I have 2 gateways onto the internet:
x.x.x.1 and y.y.y.1

I have 2 different class Cs coming
into a cisco3640 router:
192.168.1.0 and 192.168.2.0


I want to send all traffic from 192.168.1.0
out the x.x.x.1 router and all traffic from
192.168.2.0 out the y.y.y.1 router.

How can this be done?

FYI: The standard ip route command only
routes according to dest ip not source ip.
ie.: ip route 0.0.0.0 0.0.0.0 x.x.x.1


Walter Roberson 05-08-2004 10:25 PM

Re: routing based on source ip, NOT dest ip....
 
In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
Captain <captain99_1999@yahoo.com> wrote:
:I have 2 gateways onto the internet:
:x.x.x.1 and y.y.y.1

:I have 2 different class Cs coming
:into a cisco3640 router:

:I want to send all traffic from 192.168.1.0
:out the x.x.x.1 router and all traffic from
:192.168.2.0 out the y.y.y.1 router.

:How can this be done?

The technique is called "policy routing". You start by creating
an acl, then a route-map that references that acl, and then you
apply the route-map as part of routing policy.

I don't know if it is supported on the 3640 (probably) or what
release or feature set you would need. The Feature Navigator will
tell you.
--
Whose posting was this .signature Google'd from?

Captain 05-09-2004 12:10 AM

Re: routing based on source ip, NOT dest ip....
 
On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
Roberson) wrote:

>In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
>Captain <captain99_1999@yahoo.com> wrote:
>:I have 2 gateways onto the internet:
>:x.x.x.1 and y.y.y.1
>
>:I have 2 different class Cs coming
>:into a cisco3640 router:
>
>:I want to send all traffic from 192.168.1.0
>:out the x.x.x.1 router and all traffic from
>:192.168.2.0 out the y.y.y.1 router.
>
>:How can this be done?
>
>The technique is called "policy routing". You start by creating
>an acl, then a route-map that references that acl, and then you
>apply the route-map as part of routing policy.
>
>I don't know if it is supported on the 3640 (probably) or what
>release or feature set you would need. The Feature Navigator will
>tell you.

/////////////////////////////////////////////

Ok, I tried the following, but everything is still
going out the x.x.x.1 pipe?



!
ip route 0.0.0.0 0.0.0.0 x.x.x.1
!
access-list 15 permit 192.168.1.0 0.0.0.255
access-list 17 permit 192.168.2.0 0.0.0.255
route-map 1 permit 5
match ip address 17
set ip next-hop y.y.y.1
!
route-map 1 permit 10
match ip address 15
set ip next-hop x.x.x.1
!
!





Barry Margolin 05-09-2004 02:49 AM

Re: routing based on source ip, NOT dest ip....
 
In article <1htq90tl58t5qqk0fkrvhnlv9mf3mg4mna@4ax.com>,
Captain <captain99_1999@yahoo.com> wrote:

> On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
> Roberson) wrote:
>
> >In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
> >Captain <captain99_1999@yahoo.com> wrote:
> >:I have 2 gateways onto the internet:
> >:x.x.x.1 and y.y.y.1
> >
> >:I have 2 different class Cs coming
> >:into a cisco3640 router:
> >
> >:I want to send all traffic from 192.168.1.0
> >:out the x.x.x.1 router and all traffic from
> >:192.168.2.0 out the y.y.y.1 router.
> >
> >:How can this be done?
> >
> >The technique is called "policy routing". You start by creating
> >an acl, then a route-map that references that acl, and then you
> >apply the route-map as part of routing policy.
> >
> >I don't know if it is supported on the 3640 (probably) or what
> >release or feature set you would need. The Feature Navigator will
> >tell you.

> /////////////////////////////////////////////
>
> Ok, I tried the following, but everything is still
> going out the x.x.x.1 pipe?


Did you apply the route-map to the LAN interfaces?

interface Ethernet0
ip policy route-map 1

BTW, route-maps are usually given mnemonic names, not meaningless
numbers.

>
>
>
> !
> ip route 0.0.0.0 0.0.0.0 x.x.x.1
> !
> access-list 15 permit 192.168.1.0 0.0.0.255
> access-list 17 permit 192.168.2.0 0.0.0.255
> route-map 1 permit 5
> match ip address 17
> set ip next-hop y.y.y.1
> !
> route-map 1 permit 10
> match ip address 15
> set ip next-hop x.x.x.1
> !
> !


--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Captain 05-09-2004 02:02 PM

Re: routing based on source ip, NOT dest ip....
 
On Sat, 08 May 2004 22:49:14 -0400, Barry Margolin
<barmar@alum.mit.edu> wrote:

>In article <1htq90tl58t5qqk0fkrvhnlv9mf3mg4mna@4ax.com>,
> Captain <captain99_1999@yahoo.com> wrote:
>
>> On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
>> Roberson) wrote:
>>
>> >In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
>> >Captain <captain99_1999@yahoo.com> wrote:
>> >:I have 2 gateways onto the internet:
>> >:x.x.x.1 and y.y.y.1
>> >
>> >:I have 2 different class Cs coming
>> >:into a cisco3640 router:
>> >
>> >:I want to send all traffic from 192.168.1.0
>> >:out the x.x.x.1 router and all traffic from
>> >:192.168.2.0 out the y.y.y.1 router.
>> >
>> >:How can this be done?
>> >
>> >The technique is called "policy routing". You start by creating
>> >an acl, then a route-map that references that acl, and then you
>> >apply the route-map as part of routing policy.
>> >
>> >I don't know if it is supported on the 3640 (probably) or what
>> >release or feature set you would need. The Feature Navigator will
>> >tell you.

>> /////////////////////////////////////////////
>>
>> Ok, I tried the following, but everything is still
>> going out the x.x.x.1 pipe?

>
>Did you apply the route-map to the LAN interfaces?
>




Yes I did, but its still not working right?!?!?!






>interface Ethernet0
> ip policy route-map 1
>
>BTW, route-maps are usually given mnemonic names, not meaningless
>numbers.
>
>>
>>
>>
>> !
>> ip route 0.0.0.0 0.0.0.0 x.x.x.1
>> !
>> access-list 15 permit 192.168.1.0 0.0.0.255
>> access-list 17 permit 192.168.2.0 0.0.0.255
>> route-map 1 permit 5
>> match ip address 17
>> set ip next-hop y.y.y.1
>> !
>> route-map 1 permit 10
>> match ip address 15
>> set ip next-hop x.x.x.1
>> !
>> !



Scott Enwright 05-09-2004 02:56 PM

Re: routing based on source ip, NOT dest ip....
 
Barry Margolin wrote:
> In article <1htq90tl58t5qqk0fkrvhnlv9mf3mg4mna@4ax.com>,
> Captain <captain99_1999@yahoo.com> wrote:
>
>
>>On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
>>Roberson) wrote:
>>
>>
>>>In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
>>>Captain <captain99_1999@yahoo.com> wrote:
>>>:I have 2 gateways onto the internet:
>>>:x.x.x.1 and y.y.y.1
>>>
>>>:I have 2 different class Cs coming
>>>:into a cisco3640 router:
>>>
>>>:I want to send all traffic from 192.168.1.0
>>>:out the x.x.x.1 router and all traffic from
>>>:192.168.2.0 out the y.y.y.1 router.
>>>
>>>:How can this be done?
>>>
>>>The technique is called "policy routing". You start by creating
>>>an acl, then a route-map that references that acl, and then you
>>>apply the route-map as part of routing policy.
>>>
>>>I don't know if it is supported on the 3640 (probably) or what
>>>release or feature set you would need. The Feature Navigator will
>>>tell you.

>>
>>/////////////////////////////////////////////
>>
>>Ok, I tried the following, but everything is still
>>going out the x.x.x.1 pipe?

>
>
> Did you apply the route-map to the LAN interfaces?
>
> interface Ethernet0
> ip policy route-map 1
>
> BTW, route-maps are usually given mnemonic names, not meaningless
> numbers.
>
>
>>
>>
>>!
>>ip route 0.0.0.0 0.0.0.0 x.x.x.1
>>!
>>access-list 15 permit 192.168.1.0 0.0.0.255
>>access-list 17 permit 192.168.2.0 0.0.0.255
>>route-map 1 permit 5
>> match ip address 17
>> set ip next-hop y.y.y.1
>>!
>>route-map 1 permit 10
>> match ip address 15
>> set ip next-hop x.x.x.1
>>!
>>!

>
>


Configuration looks good - what happens if you debug ip packet do you
see the route-map being applied? Be carefull with this command as it
could bring the router to a halt and would be good to do it during
production hours.

Captain 05-09-2004 05:21 PM

Re: routing based on source ip, NOT dest ip....
 
On Sun, 09 May 2004 14:56:20 GMT, Scott Enwright <unknow@nowhere.com>
wrote:

>Barry Margolin wrote:
> > In article <1htq90tl58t5qqk0fkrvhnlv9mf3mg4mna@4ax.com>,
> > Captain <captain99_1999@yahoo.com> wrote:
> >
> >
> >>On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
> >>Roberson) wrote:
> >>
> >>
> >>>In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
> >>>Captain <captain99_1999@yahoo.com> wrote:
> >>>:I have 2 gateways onto the internet:
> >>>:x.x.x.1 and y.y.y.1
> >>>
> >>>:I have 2 different class Cs coming
> >>>:into a cisco3640 router:
> >>>
> >>>:I want to send all traffic from 192.168.1.0
> >>>:out the x.x.x.1 router and all traffic from
> >>>:192.168.2.0 out the y.y.y.1 router.
> >>>
> >>>:How can this be done?
> >>>
> >>>The technique is called "policy routing". You start by creating
> >>>an acl, then a route-map that references that acl, and then you
> >>>apply the route-map as part of routing policy.
> >>>
> >>>I don't know if it is supported on the 3640 (probably) or what
> >>>release or feature set you would need. The Feature Navigator will
> >>>tell you.
> >>
> >>/////////////////////////////////////////////
> >>
> >>Ok, I tried the following, but everything is still
> >>going out the x.x.x.1 pipe?

> >
> >
> > Did you apply the route-map to the LAN interfaces?
> >
> > interface Ethernet0
> > ip policy route-map 1
> >
> > BTW, route-maps are usually given mnemonic names, not meaningless
> > numbers.
> >
> >
> >>
> >>
> >>!
> >>ip route 0.0.0.0 0.0.0.0 x.x.x.1
> >>!
> >>access-list 15 permit 192.168.1.0 0.0.0.255
> >>access-list 17 permit 192.168.2.0 0.0.0.255
> >>route-map 1 permit 5
> >> match ip address 17
> >> set ip next-hop y.y.y.1
> >>!
> >>route-map 1 permit 10
> >> match ip address 15
> >> set ip next-hop x.x.x.1
> >>!
> >>!

> >
> >

>
>Configuration looks good - what happens if you debug ip packet do you
>see the route-map being applied? Be carefull with this command as it
>could bring the router to a halt and would be good to do it during
>production hours.



It did bring the router to a halt!

I won't be using that command again!!!!



Kevin Widner 05-10-2004 03:53 PM

Re: routing based on source ip, NOT dest ip....
 
Try using an extended access-list where you are defining the source
and destination traffic. By not doing so, you are only telling the
router that you are interested in destination traffic.

ex:
access-list extended rmap1 permit ip 192.168.1.0 0.0.0.255 any

Kevin



Captain <captain99_1999@yahoo.com> wrote in message news:<lems90hds5dh98ato2aa24br1ae30rfmsj@4ax.com>. ..
> On Sun, 09 May 2004 14:56:20 GMT, Scott Enwright <unknow@nowhere.com>
> wrote:
>
> >Barry Margolin wrote:
> > > In article <1htq90tl58t5qqk0fkrvhnlv9mf3mg4mna@4ax.com>,
> > > Captain <captain99_1999@yahoo.com> wrote:
> > >
> > >
> > >>On 8 May 2004 22:25:57 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
> > >>Roberson) wrote:
> > >>
> > >>
> > >>>In article <gpkq905pl36opmg797c5ca09o3bt4se9id@4ax.com>,
> > >>>Captain <captain99_1999@yahoo.com> wrote:
> > >>>:I have 2 gateways onto the internet:
> > >>>:x.x.x.1 and y.y.y.1

>
> > >>>:I have 2 different class Cs coming
> > >>>:into a cisco3640 router:

>
> > >>>:I want to send all traffic from 192.168.1.0
> > >>>:out the x.x.x.1 router and all traffic from
> > >>>:192.168.2.0 out the y.y.y.1 router.

>
> > >>>:How can this be done?
> > >>>
> > >>>The technique is called "policy routing". You start by creating
> > >>>an acl, then a route-map that references that acl, and then you
> > >>>apply the route-map as part of routing policy.
> > >>>
> > >>>I don't know if it is supported on the 3640 (probably) or what
> > >>>release or feature set you would need. The Feature Navigator will
> > >>>tell you.
> > >>
> > >>/////////////////////////////////////////////
> > >>
> > >>Ok, I tried the following, but everything is still
> > >>going out the x.x.x.1 pipe?
> > >
> > >
> > > Did you apply the route-map to the LAN interfaces?
> > >
> > > interface Ethernet0
> > > ip policy route-map 1
> > >
> > > BTW, route-maps are usually given mnemonic names, not meaningless
> > > numbers.
> > >
> > >
> > >>
> > >>
> > >>!
> > >>ip route 0.0.0.0 0.0.0.0 x.x.x.1
> > >>!
> > >>access-list 15 permit 192.168.1.0 0.0.0.255
> > >>access-list 17 permit 192.168.2.0 0.0.0.255
> > >>route-map 1 permit 5
> > >> match ip address 17
> > >> set ip next-hop y.y.y.1
> > >>!
> > >>route-map 1 permit 10
> > >> match ip address 15
> > >> set ip next-hop x.x.x.1
> > >>!
> > >>!
> > >
> > >

> >
> >Configuration looks good - what happens if you debug ip packet do you
> >see the route-map being applied? Be carefull with this command as it
> >could bring the router to a halt and would be good to do it during
> >production hours.

>
>
> It did bring the router to a halt!
>
> I won't be using that command again!!!!


Eric Sorenson 05-10-2004 06:12 PM

Re: routing based on source ip, NOT dest ip....
 
Captain <captain99_1999@yahoo.com> wrote:

> access-list 15 permit 192.168.1.0 0.0.0.255
> access-list 17 permit 192.168.2.0 0.0.0.255
> route-map 1 permit 5
> match ip address 17
> set ip next-hop y.y.y.1
> !
> route-map 1 permit 10
> match ip address 15
> set ip next-hop x.x.x.1


When I've done this in the past, I found I had to do
'set interface <output int>' as the action



--
Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation

Barry Margolin 05-10-2004 09:30 PM

Re: routing based on source ip, NOT dest ip....
 
In article <1084212816.624858@palladium.transmeta.com>,
Eric Sorenson <eric@transmeta.com> wrote:

> Captain <captain99_1999@yahoo.com> wrote:
>
> > access-list 15 permit 192.168.1.0 0.0.0.255
> > access-list 17 permit 192.168.2.0 0.0.0.255
> > route-map 1 permit 5
> > match ip address 17
> > set ip next-hop y.y.y.1
> > !
> > route-map 1 permit 10
> > match ip address 15
> > set ip next-hop x.x.x.1

>
> When I've done this in the past, I found I had to do
> 'set interface <output int>' as the action


That shouldn't be necessary if the router knows which interface to use
to get to y.y.y.1 and x.x.x.1.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


All times are GMT. The time now is 01:15 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.