Route for a single host?

Maybe I'm a dumbass for even asking this, but here goes.

We're working on a disaster recovery plan and one part includes our
mainframe being reloaded in a different state. We're planning on
relocating the rest of our servers to a different branch.

Here's the problem though. Our mainframe and other critical servers
are sitting on a 172.17.1.0 subnet. I really want to avoid having to
change the IP's of the servers because it will cause a major headache.

Our mainframe is on IP 172.17.1.5 will be in Florida. All other
servers on the 172.17.1.0 subnet will be in Cali. Is it possible to
add a route statement to the router to point traffic to 172.17.1.5
down a single pipe to Florida and have all other servers in the
172.17.1.0 subnet at Cali?

Thanks

 

:We're working on a disaster recovery plan and one part includes our
:mainframe being reloaded in a different state. We're planning on
:relocating the rest of our servers to a different branch.

:Here's the problem though. Our mainframe and other critical servers
:are sitting on a 172.17.1.0 subnet. I really want to avoid having to
:change the IP's of the servers because it will cause a major headache.

:Our mainframe is on IP 172.17.1.5 will be in Florida. All other
:servers on the 172.17.1.0 subnet will be in Cali. Is it possible to
:add a route statement to the router to point traffic to 172.17.1.5
:down a single pipe to Florida and have all other servers in the
:172.17.1.0 subnet at Cali?

It is a bit more complicated than that. You would need to set up
a VPN of some sort between the two locations. That could be an IPSec
tunnel in 'lan extension mode', or it could be a PPTP in which the
Florida router was "dynamically" allocated 172.17.1.5 [you have
to watch the routing closely on this one], or it could be a GRE tunnel
between the lans.

I don't know enough to say which would be the preferred mechanism. If
you have non-IP traffic (e.g., IPX) then GRE would be the choice.
If your traffic is pure IP, then lan-extension mode might be better
from a security standpoint. I wouldn't do PPTP or L2TP unless the other
two possibilities didn't work out.

 

On the Cali router:

ip route 172.17.1.5 255.255.255.255 <interface>

where <interface> is the connection between the Cali and Florida routers
(if you don't have a WAN link between them, you can set up a VPN and
point the route to the Tunnel interface).

On the Florida router:

ip route 172.17.1.5 255.255.255.255 <interface>

where <interface> is the LAN interface that the mainframe is on, e.g.
Ethernet0.

 

Hi,

it´s possible, but not a really good design for me.

It is necessary, that "Proxy Arp" is enabled on both router´s (on Cisco it´s active default). Because the servers in Cali think´s, that the sever with 172.17.1.5 is in the own network. So nobody uses the default gateway to talk to 172.17.1.5.

Regards

Carsten Remien

--
\|/
(o o)
---------------------oOOO--(_)--OOOo----------------------
Out the 100Base-T, off the firewall, through the router, down
the T1, over the leased line, off the bridge, nothing but Net.
(Use ROT13 to see my email address)
.oooO Oooo.
----------------------( )---( )-----------------------
\ ( ) /
\_) (_/
| Maybe I'm a dumbass for even asking this, but here goes.
|
| We're working on a disaster recovery plan and one part includes our
| mainframe being reloaded in a different state. We're planning on
| relocating the rest of our servers to a different branch.
|
| Here's the problem though. Our mainframe and other critical servers
| are sitting on a 172.17.1.0 subnet. I really want to avoid having to
| change the IP's of the servers because it will cause a major headache.
|
| Our mainframe is on IP 172.17.1.5 will be in Florida. All other
| servers on the 172.17.1.0 subnet will be in Cali. Is it possible to
| add a route statement to the router to point traffic to 172.17.1.5
| down a single pipe to Florida and have all other servers in the
| 172.17.1.0 subnet at Cali?
|
| Thanks

 

Change your current network, so that the mainframe is on a separate IP
subnet, then your DRP issue (from an IP addressing perspective) will
be trivial.

 

Proxy arp is not required. If he enters a route with a /32 mask,
longest match rule will kick in. Not a great design, but it will work.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

 

sorry, but you are wrong.

Network nodes in Subnet 172.17.1.0/24 does not talk to the gateway when the destination address is 172.17.1.5. Because 172.17.1.5 is in the same subnet. So you need a node (like the router) that listen to this address and routes it to florida.

--
\|/
(o o)
---------------------oOOO--(_)--OOOo----------------------
Out the 100Base-T, off the firewall, through the router, down
the T1, over the leased line, off the bridge, nothing but Net.
(Use ROT13 to see my email address)
.oooO Oooo.
----------------------( )---( )-----------------------
\ ( ) /
\_) (_/
| In article <>, says...
| > Hi,
| >
| > it=3Fs possible, but not a really good design for me.
| >
| > It is necessary, that "Proxy Arp" is enabled on both router=3Fs (on Cisco it=3Fs active default). Because the servers in Cali think=3Fs, that the sever with 172.17.1.5 is in the own network. So nobody uses the default gateway to talk to 172.17.1.5.
|
| Proxy arp is not required. If he enters a route with a /32 mask,
| longest match rule will kick in. Not a great design, but it will work.
|
|
| --
|
| hsb
|
| "Somehow I imagined this experience would be more rewarding" Calvin
| *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
| ********************************************************************
| Due to the volume of email that I receive, I may not not be able to
| reply to emails sent to my account. Please post a followup instead.
| ********************************************************************

 

Been on vacation - almost forgot I posted this message here.

Thanks for the help everyone. It's more clear now than it was last
week. I will most likely end up changing the network a bit to put the
mainframe on it's own subnet, like mh said.