Mailing List Archive

VIPs on multiple subnets
I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.

I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.

When the default route is in place, only the /24 VIPs work. If I remove the default route, VIPs on all three networks work but there is a slight delay. If I reboot the si450 then none of the VIPs work. It seems the routes are cached when I remove the default route, which makes it all work but unreliably.

How can I have VIPs in 3 different subnets with their own gateway?




_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: VIPs on multiple subnets [ In reply to ]
Hello,

There's only one routing table and no VRF's or something.

So as far as I know, you can't.

The "ip default-network" feature allows you to specify multiple backup gateways in case the default gw becomes unavailable.

The gateway to the network specified should already be in the routing table and thus the default-network can't be a locally defined network.

See it as:

If default gw becomes unavailable, route traffic towards the gateway normally used to reach network X, where network X = default-network.

Greetings,

Diederik



Sent from my iPhone

On 12 mrt. 2011, at 06:36, Tom Banner <tom.banner.15@gmail.com> wrote:

> I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.
>
> When the default route is in place, only the /24 VIPs work. If I remove the default route, VIPs on all three networks work but there is a slight delay. If I reboot the si450 then none of the VIPs work. It seems the routes are cached when I remove the default route, which makes it all work but unreliably.
>
> How can I have VIPs in 3 different subnets with their own gateway?
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: VIPs on multiple subnets [ In reply to ]
Am 12.03.11 06:36, schrieb Tom Banner:
> I'm running an si450 with router code (boot image 10.2) and can't get VIPs on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29 networks. I also have a default route for the /24 defined.

Working with more then one static "default route" or "default network"
is always a bad thing in my opinion, because L3 routing has better ways
for using multiple IP networks. In your situation, I would remove all
the 3 "ip default-network" statements and leave only the "default route"
for the /24 alive. If that doesn't work, ensure that the two /29s are
being *routed* towards your SI IP address from your uplink gateway.

--
Gerald

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: VIPs on multiple subnets [ In reply to ]
You can use PBR on the interfaces to ensure that your next-hop is how you
want it.

something like..

access-list 10 permit ip 10.10.10.0 0.0.0.255 any

route-map DMZ1 permit 10
match ip address 10
set ip next-hop 10.10.10.254

Where 10.10.10.254 is the gateway of your choice for that network.

You can put this on the VE closest to the servers, but it really depends on
your routing setup more than anything.

Scott

On Sat, Mar 12, 2011 at 12:36 AM, Tom Banner <tom.banner.15@gmail.com>wrote:

> I'm running an si450 with router code (boot image 10.2) and can't get VIPs
> on multiple subnets to work.
>
> I have 3 default networks defined (ip default-network). One /24 and two /29
> networks. I also have a default route for the /24 defined.
>
> When the default route is in place, only the /24 VIPs work. If I remove
> the default route, VIPs on all three networks work but there is a slight
> delay. If I reboot the si450 then none of the VIPs work. It seems the routes
> are cached when I remove the default route, which makes it all work but
> unreliably.
>
> How can I have VIPs in 3 different subnets with their own gateway?
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>