Hi.
I've got a question. If i got two router acting has default gateway connected to a third router. How could I specified a default gateway by ACL. Like, if I want all match with ACL 101 (who permit HTTP, SMTP) router over Router A and the rest goes to router B.
Thanks.
Steve.
You want "policy based routing" (PBR). Probably you want to combine it with "ip nat".
Actually, there is no nat involved under this scenario.
I'll search google about PBR.
Thanks.
Steve.
IP policy routing.
If I understand correctly we're on router C. And we want to choose our next hop gateway as router A or router B based on matches to an ACL.
Example (smtp default via router A, http default via router B, everything else uses regular default gateway):
ip access-list extended traffic-for-router-A permit tcp any any eq smtp
ip access-list extended traffic-for-router-B permit tcp any any eq http
route-map override-default-gateway permit 10 match ip address traffic-for-router-A set ip default next-hop 1.1.1.1 ! if router A is at 1.1.1.1
route-map override-default-gateway permit 20 match ip address traffic-for-router-B set ip default next-hop 2.2.2.2 ! if router B is at 2.2.2.2
interface Ethernet0 ! (Whatever interface this traffic is _arriving_ at) ip policy route-map override-default-gateway
If you have your default route pointing through router B then the router B ACL and the router B clause in the route-map are redundant. I included them for symmetry and completeness. You wouldn't need them.
Steve, use route-map which appropriately match your traffic and direct it to proper interface leading to RA or RB. Wlodek.
You want to select the outgoing routing by protocol, not by IP. You will presenting outgoing packets to router A and to router B that have the same source address (as other outgoing packets) {and possibly even the same destination address but different ports.)
Now, when the remote systems respond to those packets, which path will the responses take back to you? Through router A or through router B? The remote systems don't know anything about your outgoing packet arrangements, so the remote systems are going to route back to you according to the IP only, without consideration of the port. And that implies that all the responses (for a given host) are going to come back through the same router, regardless of port.
The solution to this is to NAT the outgoing packets so that the source IP corresponds to a public IP address in the range handled by the router the packet went out through. Then the remote systems are going to route the responses back to the appropriate router, which will de-NAT the destination and pass the data on to the internal systems.
Note, by the way, that what you propose to do is not at all robust if either of the routers goes down (or the path through it becomes unavailable.) Especially if the router that goes down is the single router that all the response traffic would travel through if you are not NAT'ing.
If robustness is an issue in the situation, then I recommend that you read Vincent C. Jones' white papers at networkingunlimited.com
He never said he wanted the return traffic to be routed specially, just the outgoing traffic. Asymmetric routing isn't inherently bad, although there certainly are times when you don't want it.
Thanks everyone for answer, but I read today that the router I got does not support route-map.
Many thanks anyway..
Steve.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.