Network Routing

[chieftan999]

Hi,

I will try and explain this as best as possible.

I have a system where I am trying to route information using OSPF from one network to another.
I have a serial interface from one network, traversing through a second router then onto a third router and out of the ethernet interface to the switch.
A also have a FastEthernet Interface going from the first router through another secondary Radio Router onto the third router via its FA interface and then out onto the second network.
Here is the problem:- OSPF will obviously advertise the cheapest route using COST and BANDWIDTH, so the routing table on the first router shows the correct route to the other network. I need to be a able to force certain traffic down one route and other traffic down the other route. I have tried using static routes and Access lists to block the ports, but the static routes overwrite the OSPF route, and I still end up with only one route in the routing table to the second network. How is it possible to get certain information down one route while getting other information down the other route to the same network destination?

 

[lui3]

try policy routing

 

[baddos]

If you want two routes to the same destination, you need to put in the multiple paths in your OSPF configuration.

router ospf (process id)
maximum-paths 2

By default OSPF puts the best route into the routing table. If you look into the OSPF database, you will see that you are receiving both routes but OSPF is only installing one.

 

[bell1996]

cheiftan999 -

you mentioned that you want certain traffic to take one path, and other traffic to take another path. You may want to investigate policy base routing (PBR). I'll post a link to Cisco's site with info related to PBR later.

Are you basing you traffic decisions on destination, source or port number??? PBR can accommodate any of these.

Secondly, static routes have a lower admin distance and will therefore be put into the routing table over an OSPF route (or any other routing protocol).

Third, by default OSPF routing will install into the routing table 4 equal paths (equal metrics). The OSPF database may contain many more routes, but only 4 equal routes will be installed. The maximum number of equal routes that a router will put into the routing table is 6.

 

[chieftan]

Thanks for the response. It is much appreciated. I will try these options.

 

[baddos]

You probably wouldn't want your router to install two unequal routes into the routing table. If one route is FastEthenet and the other is Serial T1, then the FastEthernet one is probably always going to be a faster and more stable route.

Also the two links aren't the same bandwidth. If you have two equal cost routes in the routing table, your route will start loadbalancing between the two links. However, since your T1 will fill up before the LAN this isn't a good idea.

 

[chieftan999]

I have tried the maximum paths command with no success.

Policy based routing looks like it has to be applied to the incoming interface on the router, therefore, has no use to me.
I will test on the serial Interface of the outbound router and see if it works.

Apologies for not mentioning, but we are trying to seperate the traffic using specific port numbers, for example:-

Only traffic using port 5007 goes over the FA interface and any other traffic goes via the Serial interface.

I have set up extended access lists to block port 5007 from exeting via the serial interface, but because only that route is showing then the packets are dropped.

As said, I will try and apply PBR to the Interfaces on the outbound router and see if that works.

 

[baddos]

You'll need to use PBR for forwarding traffic based on port numbers.

 

[bell1996]

chieftan999 -

I don't see why PBR can't be used here, for incoming traffic. There are several things that you need to do get PBR up and working:

1. Create an access-list for the specific traffic.

access-list 101 permit tcp any any eq 5007

2. Create a route-map to set the next hop:

route-map PORT5007 permit 10
match ip access 101
set ip next-hop <ip_address_of_adjacent_router_FE_Int>

route-map PORT5007 permit 20
set ip next-hop <ip_address_of_adjacent_router_Ser_Int>

3. Apply the PBR to the incomng interface

interface <incoming_interface>
ip policy route-map PORT5007


So, what this does is forward all traffic with TCP port 5007 through the FE interface. All other traffic will get forwarded out the serial interface.

Since you config is not posted I did't put int the interface or IP info. Posting you config would help tremendously.

 

[chieftan999]

Bell1996

Thankyou for the help.

Unfortuanately I cannot send the configuration due to the sensitive nature of the project I am working on.

I have tried establishing the route maps, but this seems to make no difference. It still takes the route that is in the routing table.

I know that it is not traversing to the required next hop as I have a network sniffer attached to that Radio Router and the information is not coming in.
If i change the cost on the serial interface to 20, and then look at the routing table it will then send the info over the radio network, but the problem here is that it will send all info over this link.

As an example:-

Cisco Routers are R1, R2 and R3 and the Radio routers are R4 and R5. The network behind R1 is 10.66.0.0 / 24 and the receiving network is 10.67.0.0 / 24 behind R3.
S0/1 is attached to R2 and this in turn attached to R3. The FA0/1 interface of R1 is attached to the NIC of the Radio net router R4, this is set in a cloud and is attached to R5. R5 is the other link to R3.
So, again, anything that is port 5007 needs to go via R4 and R5 to R3, and anything else needs to go via R2.
The Emulated software on the radio net routers works okay and is there to provide Radio packet interpretation.
As said, I can get the info over the radio network by changing the cost, but this is not the result required.

Hoping someone can help with this problem.

Thanks for the help so far.

 

[bell1996]

ok. your last post makes sense for a description. I now have a mental picture. Question:

Which router is the default router for the devices on Radio net? Is it R1 or R4??
I'll go with the assumption fo R1 for now.

All these commands are enterd on R1 ONLY:

1. Create an access-list for the specific traffic.

access-list 101 permit tcp any any eq 5007

2. Create a route-map to set the next hop:

route-map PORT5007 permit 10
match ip access 101
set ip next-hop <ip_address_of_R4>

route-map PORT5007 permit 20
set ip next-hop <ip_address_of_R2>

3. Apply the PBR to the incomng interface

interface <incoming_LAN_interface_of_R1>
ip policy route-map PORT5007

 

[chieftan999]

Bell1996

Thanks for your help.

Default router is R1.

I think I applied the Policy map to the wrong interface. I applied it to the FA interface and not the LAN interface. I will try this and see if it works.

I forgot to mention that the Cisco routers are 2611 running IOS 12.2 (8) T5, and do not appear to have the statement:-

match ip access 101

The IOS only has the following option for access list allowance:-

match ip address 101

Will the above statement be okay and work okay?

Thanks

 

[bell1996]

just a typo. YOur are correct. It should "address".

 

[chieftan999]

Thanks for the help.

It sends the information correctly to the next hop but that then sees the route going back the other way and sends it back again and then via R2.....

Dohhhhhh.

 

[bell1996]

Just some clarification needed. The traffic with Port 5007 takes the path R4 to R5 to R3. The return path, from what I think you're saying, takes R2 to R1. It does a "loop".

You can fix this by, putting policy routing on the R3 router. Basically, have R3 send all traffic with port 5007 to R5 and everything else take R2.

Does this make sense?? Or am I missing something.

 

[chieftan999]

bell1996

The information you have supplied has been really great. It has helped and appears to kind of work but then does'nt.

Lets just say the interfaces are as follows:-

R1 - S0/1 - 10.0.8.1
FA0/1 - 10.64.64.1

R4 - Nic - 10.64.64.2
Internal cloud interface - 192.168.52.254

R2 - S0/1 - 10.0.8.2

The policy map on the Ethernet interface of R1 tells all packets using PORT 5007 to go to the next hop of 10.64.64.2 and the rest of the packets to go to the next hop of 10.0.8.2. So I have set up the following:-

access-list 101 permit tcp any any eq 5007
access-list 101 permit udp any any eq 5007

route-map PORT5007 permit 10
match ip access 101
set ip next-hop 10.64.64.2

route-map PORT5007 permit 20
set ip next-hop 10.0.8.2

I then apply this route map to the Ethernet Interface.

When I send information using port 5007 it goes to the Nic 10.64.64.2 Interface (Next hop) but then because this radio router shows the route to the 10.67.0.0 network as via 10.64.64.1 it goes back to R1 and then Via R2 and R3. I cannot seem to get the Radio Router to note that the 10.67.0.0 network should be going via the cloud, and I think this is because of the way OSPF metrics are used.

I apologise if I seem to be confusing you, as this issue is now confusing me.

Thanks for all the help so far.

 

[bell1996]

We'll use static routes to override the OSPF routes.
From what you've told me, there are 5 routers involved. R1, R2, R3, R4 & R5.

Any one of these routers that has a serial interface, make sure there is a corresponding bandwidth statement. Example:

router 1:
interface serial1/0
bandwidth 512 <----- this is the actually circuit speed
....
....

do this for all serial interfaces involved. Leave the LAN interfaces as they are. no need to add the bandwidth statement for LAN interfaces.

Do a SHOW IP ROUTE and see if the destination subnet is now taking a next hop of R5.

If not, then on R4 just put in a static route for R3's LAN with a next hop being R5. Example:

Router R4:
ip route <R3_LAN_Subnet> 255.255.255.0 <R5_Next_Hop_IP>

Do the same SHOW IP ROUTE on R5 and see if the destination subnet is now taking a next hop of R3.

If not, the on R5 just put in a static route for R3's LAN subnet, with a next hop being R3's serial interface. Example:

Router R5:
ip route <R3_LAN_Subnet> 255.255.255.0 <R3_Serial_IP>

This should give you the results you are looking for.

 

[chieftan999]

Bell1996

Thanks for all your help on this.

I have achieved the desired results by adding the following onto the emulated R4 Router:-

route ADD 10.67.0.0 MASK 255.255.255.0 192.168.52.252 METRIC 1

When the packet arrived at the Nic interface of R4, the routing table was updated with a lower metric and passed the information the correct way. This was the information for port 5007 and all other information went via the other route, so it now works fine.

Thanks again for the help. It was much appreciated.