[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::decnis

Title:	DEC Network Integration Server (DECNIS)
Notice:	Please read note 1 to use this conference effectively
Moderator:	MARVIN::WELCH

Created:	Wed Sep 18 1991
Last Modified:	Thu Jun 05 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	3660
Total number of notes:	15082

3596.0. "IP route failover if firewall fail" by TPOVC::MIKECHANG () Thu Apr 10 1997 03:59

 Belows is one of my customer network configuration. He added one DECNIS and
 disconnect e2 like below. In normal condition,his internal to internet via 
 e2 of DECNIS,firwall (Gateway &gatewaykeeper),router R1. He manually connect
 e0 if firewall has problem. He ask if DECNIS to internet via e0 automaticlly if
 firewall fail by DECNIS setting. All IP routing use RIP. Any recommand will be
 very appreciated. Thanks.
 
 
 		+------------+
		| Router R1  |-------> To Internet
		+------------+
		     | x.x.158.254
		     |
  -----------+-------+-------------------+-------------
	     |				 |
	     |x.x.158.253		 |x.x.158.1
        +----+-----+		    +----+----+
	|   e0     |		    | Gateway |
	|  DECNIS  |		    | Keeper  |
        |	   |		    +----+----+
	|e1   e2   |			 |x.x.159.1
	+-+----+---+			 |x.x.159.2
          |    |x.x.157.254         +----+----+
Intranet<-+    |		    | Gateway |
               |		    +----+----+
               |                         |x.x.157.2
             --+-----------+-------------+-----------
                           | 
                         Mail Gateway

T.R	Title	User	Date	Lines
3596.1		MARVIN::PATEL	`Fri Apr 11 1997 05:05`	5
	One way round this is ( if possible) to set the Router R1 and Gateway to announce their routes to the DECNIS at different metrics such it is more expensive for the DECNIS to go directly to R1 than to go via the Gateway so that in normal conditions the DECNIS goes through the Gateway but when the Gateway is down it goes through R1. This is a lot easier to achieve in OSPF/ISIS than RIP.
3596.2	UNIX system support OSPF/ISIS ? change metrics ?	TPOVC::MIKECHANG	`Mon Apr 14 1997 09:35`	2
	Gateway is UNIX base system that would support OSPF/ISIS ? and Could we change the metrics value for RIP in UNIX system ? Thanks.
3596.3		MARVIN::PATEL	`Tue Apr 15 1997 05:12`	8
	> Gateway is UNIX base system that would support OSPF/ISIS ? and Could we > change the metrics value for RIP in UNIX system ? Thanks. I have no idea what you can set up with the UNIX system with regards to RIP metric values or whether you can run OSPF/ISIS on it. It might be easier to set up receive filters on the DECNIS to change the RIP routes it receives from router R1 and the Gateway so that one is preferable to the other. This can be achieved by either changing the metric of the received route or chaning the preference.
3596.4	Is it work ?	TPOVC::MIKECHANG	`Wed Apr 16 1997 06:22`	7
	By setting up received route filtering,we could change default PREFERENCE for routing protocol,set ADRRESS MATCH TYPE,FILTER ACTION..etc. BUT we could not set METRIC COST or PREFERENCE for each interface and ONLY RIP is used for all routing protocol. metric cost is received from neighbour router and preference for diffenent routing protcol if two or more routing protocol is used. From maunal it seems to me it's not work.
3596.5		MARVIN::PATEL	`Thu Apr 17 1997 03:45`	6
	What you need to do is set up 2 RIP control protocols one for the RIP routes from R1 and another for RIP routes from the Gateway. Then set up receive filters on each of these control protocols and set the preference level on the receive filters appropriately. The other way of doing this is to leave the routes from R1 alone and only change the preference of the routes from the Gateway to be lower than RIP so that you only need to create one control protocol and receive filter.
3596.6	Thanks !	TPOVC::MIKECHANG	`Thu Apr 17 1997 22:58`	2
	Very thanks for your input,I will try this setting. Thanks.
3596.7	Is it work ?	TPOVC::MIKECHANG	`Thu May 01 1997 05:35`	47
	Below EXTRA file ENABLE.NCL is used to alter preference for interface e0 & e2 BUT routing control protocol both rip-firewall and rip-R1 is in OFF state in "NCL> show routing control protocol * all" ,suspect the new routing control protocl rip-firewall,rip-R1 overlap with default RipTxRx ,I will delete the address 140.96.157.254 & 140.96.158.253 in "...RipTxRx IP SUBNET {{address=... ." in NCLSCRPT.NCL file. and below file refer to "10.5.4 Setting Up a Filter to Change a Protocol Preference" in management manual DECNIS V3.1,is it work ? Thanks. !---------- ENABLE.NCL ---------------------------------------------------- ! This Extra file is to alter Preference,best preference (15) is firewall in ! nornal condition and next preference (16) is via Router R1 if firewall has ! some problem ! ! CREATE ROUTING CONTROL PROTOCOL rip-firewall TYPE IP RIP SET ROUTING CONTROL PROTOCOL rip-firewall RIP STATE SEND AND RECEIVE SET ROUTING CONTROL PROTOCOL rip-firewall IP SUBNET {{address=140.96.157.254, - mask=255.255.255.0}} CREATE ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall SET ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall IP ADDRESS - {{ADDRESS=140.96.157.254, MASK=255.255.255.0}} CREATE ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION - dest-firewall FILTER ACTION PASS SET ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall - DOMAINS {ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall} SET ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall - PREFERENCE 15 ENABLE ROUTING CONTROL PROTOCOL rip-firewall ENABLE ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall ! ! CREATE ROUTING CONTROL PROTOCOL rip-R1 TYPE IP RIP SET ROUTING CONTROL PROTOCOL rip-r1 RIP STATE SEND AND RECEIVE SET ROUTING CONTROL PROTOCOL rip-r1 IP SUBNET {{address=140.96.158.253, - mask=255.255.255.0}} CREATE ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1 SET ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1 IP ADDRESS - {{ADDRESS=140.96.158.253, MASK=255.255.255.0}} CREATE ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION - dest-R1 FILTER ACTION PASS SET ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1 - DOMAINS {ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1} SET ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1 - PREFERENCE 16 ENABLE ROUTING CONTROL PROTOCOL rip-R1 ENABLE ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1
3596.8		MARVIN::PATEL	`Thu May 01 1997 06:01`	6
	The ncl you have posted will not work. On the receive destination you do not want to specify any ip domains (an empty domain means all routes). The way you have it set up is saying set the preference for route (140.96.157.254/255.255.255.0) only and no other routes. So you either want to set an empty domain ( so that all routes in that RIP instance get set to the specified preference ) or set up the domain attribute with all the subnets in that rip instance that you want to affect.
3596.9	Sorry to respond slowly	TPOVC::MIKECHANG	`Thu May 08 1997 07:27`	72
	>> The ncl you have posted will not work. On the receive destination you do not >> want to specify any ip domains (an empty domain means all routes). The way >> you have it set up is saying set the preference for route (140.96.157.254/ >> 255.255.255.0) only and no other routes. So you either want to set an empty >> domain ( so that all routes in that RIP instance get set to the specified >> preference ) or set up the domain attribute with all the subnets in that >> rip instance that you want to affect. Sorry to respond is so slowly. although I have modified extra file in below BUT I'm not so surely in my scope,We seldom have chance to try it and to see if work or not,please point out the problem if my concept is not correct. +------------+ \| Router R1 \|-------> To Internet (no RIP exchange) +------------+ \| 140.96.158.254 \| -----------+-------+-------------------+------------- \| \| \|140.96.158.253 \|140.96.158.1 +----+-----+ +----+----+ \| e0 \| \| Gateway \| \| DECNIS \| \| Keeper \| \| \| +----+----+ \|e1 e2 \| \|140.96.159.1 +-+----+---+ \|140.96.159.2 \| \|140.96.157.254 +----+----+ Intranet<-+ \| \| Gateway \| \| +----+----+ \| \|140.96.157.2 --+-----------+-------------+----------- \| Mail Gateway ! below "" means the command is changed ! ! CREATE ROUTING CONTROL PROTOCOL rip-firewall TYPE IP RIP SET ROUTING CONTROL PROTOCOL rip-firewall RIP STATE SEND AND RECEIVE SET ROUTING CONTROL PROTOCOL rip-firewall IP SUBNET {{address=140.96.157.254, - mask=255.255.255.0}} CREATE ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall SET ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall IP ADDRESS - {{ADDRESS=0.0.0.0, MASK=0.0.0.0}} CREATE ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION - dest-firewall FILTER ACTION PASS SET ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall - DOMAINS {ROUTING NETWORK PROTOCOL IP DOMAIN domain-firewall} SET ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall - PREFERENCE 15 ENABLE ROUTING CONTROL PROTOCOL rip-firewall ENABLE ROUTING CONTROL PROTOCOL rip-firewall RECEIVE DESTINATION dest-firewall ! ! CREATE ROUTING CONTROL PROTOCOL rip-R1 TYPE IP RIP SET ROUTING CONTROL PROTOCOL rip-R1 RIP STATE SEND AND RECEIVE SET ROUTING CONTROL PROTOCOL rip-R1 IP SUBNET {{address=140.96.158.253, - mask=255.255.255.0}} CREATE ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1 **SET ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1 IP ADDRESS - {{ADDRESS=0.0.0.0, MASK=0.0.0.0}} CREATE ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION - dest-R1 FILTER ACTION PASS SET ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1 - DOMAINS {ROUTING NETWORK PROTOCOL IP DOMAIN domain-R1} SET ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1 - PREFERENCE 16 ENABLE ROUTING CONTROL PROTOCOL rip-R1 ENABLE ROUTING CONTROL PROTOCOL rip-R1 RECEIVE DESTINATION dest-R1