I have a small 2600 (running IOS 12.2(15)T14), 2 ethernet interfaces, (not Fastethernet) and 2 serial (only one used). I have two T1's in the setup, from two seperate carriers, one T1 has it's own router so I connected it's ethernet to my routers ethernet0/0 via a hub (we have more hubs and switches than we do crossover cables) and the other T! is hooked to one of the serials (serial0/0) on my router, that is the default route. My goal is to have all but specific http/s traffic go out ethernet0/0 and the rest of the traffic go out serial0/0, for load balancing. I did some traffic analysis and found that web traffic was
1/2 our load (or there abouts). We may migrate other traffic latter is the balance is not right. My problem is I can't get route-map to work, here is my setup:Ethernet0/1 is connected to our PIX and I have a nat rule setup that says "any icmp from myhost (call it A.A.A.A) bound for external host (C.C.C.C) change the sourse address to B.B.B.B" and this works, I do a capture on the outside interface of the pix and I can see the echo requests comming from B.B.B.B2 heading for C.C.C.C just fine. On my router I have a route map setup on ethernet0/1 as follows:
access-list 10 permit B.B.B.B2 route-map traffic_shape permit 10 match ip address 10 set ip next-hop B.B.B.B1
and on ethernet0/1 I have: interface Ethernet0/1 ip address D.D.D.D1 255.255.255.192 ip policy route-map traffic-shape load-interval 30 half-duplex
By the way I should mention that the new T1 is delivered to us as B.B.B.B/27 (255.255.255.255.224) but on my router I split it out to
255.255.255.252 (on the ethernet0/0 interface) and 255.255.255.240 with the pix as the default route (I lose some routeable addresses between the two ranges but that's not as big an issue as the route-map at this point). From the router I'm able to ping both directions just fine so I think it's happy, but... This could be my problem I just don't know. It seems to be a valid use of VSM but I'm relatively new at this.As mentioned above my goal is to have http/s go out ethernet0/0 so I used the PIX's NAT and ACL to map (in my test setup I'm using icmp but later I'll change it to http/s) icmp bound for C.C.C.C the source address of the packet to B.B.B.B and then on the router the 10 access-list should be the match statement for the route-map and the set statement should change the next-hop for the packet as B.B.B.C (which in the routing table is listed as directedly connected:
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
B.0.0.0/8 is variably subnetted, 2 subnets, 2 masks S B.B.B.240/28 [1/0] via D.D.D.D2 C B.B.B.224/30 is directly connected, Ethernet0/0 D.0.0.0/26 is subnetted, 1 subnets C D.D.D.0 is directly connected, Ethernet0/1 E.0.0.0/30 is subnetted, 1 subnets C E.E.E.12 is directly connected, Serial0/0 S* 0.0.0.0/0 is directly connected, Serial0/0
My problem is the packets still keep going out the old T1. I can't get the route map to redirect to the next hop of the new T1's router. When I do a "show access-list 10" I see no hits. When I do a "show route-map" it does show 14 hits, but it never increases and I don't recall ever seeing it raise to 14 (I don't know where they came from).
Any help would be greatly apreciated.
Tom
Note:
A.A.A.A is my internal address space, 1918 B.B.B.B is the new T1's address space B.B.B.B1 is the new T1's routers IP B.B.B.B2 is the IP I'm using as a PAT on the PIX, note the pix is normaly D.D.D.D with it's own PAT C.C.C.C is the IP of the external host I'm pinging (I have shell access to it so I can run dump of traffic to see if my pings are getting there D.D.D.D is the old T1s address space for our corporate use (in use now) E.E.E.E is the old T1's IP exiting the router.