Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static routes failover - question 1

Status
Not open for further replies.
pigsback

pigsback

Technical User
Nov 1, 2005
8
IE
Hi, I have a question regarding how static routes work on Cisco routers. I have a router with static routes as follows,

ip route 10.10.10.70 255.255.255.255 10.10.10.68 10
ip route 10.10.10.70 255.255.255.255 10.10.10.67 40

The 10.10.10.68 and 10.10.10.67 addresses are two Nortel firewalls that cannot support VRRP/HSRP or any other routing protocols. When one fails eg 10.10.10.68 I assumed that the router would use the second route to the secondary firewall but this is not the case. It looks like the second static route is not used.... Is this because they are on the same interface and the interface is up so it continues to forward all traffic to 10.10.10.70 via the first static route regardless?

If so has anyone any suggestions what I can do?

Thanks.
 
Sort by date Sort by votes
The static route statement is saying " I want to route 10.10.10.70 255.255.255.255 to a gateway that is either 10.10.10.68 or 10.10.10.67" the 10 & 40 is a weight that the router will put on the route, ie use the lowest first.

therefore 10.10.10.70 will be routed and is notthe gateway, not 100% sure that you are explaing what you are trying to do correctly.

what is it you want to do?
 
Upvote 0 Downvote
Thanks for the reply, perhaps I can explain it better.

The static routes are working fine while the primary firewall is up (10.10.10.68). 10.10.10.70 is a that is NATed to another address.

If the 10.10.10.68 firewall if powered off should the router be "aware" that this route is not valid anymore? And therefore use the next static route with the higher metric?

Both of these next hops are out the same ethernet interface on the same LAN segment. Will static routing only work when an interface goes down or should it also work with my topology?
 
Upvote 0 Downvote
Static routes are never aware of a topology change. Unfortunately your static routing will ALWAYS send traffic to 10.10.10.68 regardless of what happens on the network. Connected routes are a little better as they can detect an interface going down (however not all failures will result in an interface going down so it's not 100% reliable).

If you want improved reliability you will have to consider either:

1. a routing protocol between your router and the firewalls (firewalls will need to support this protocol which is debatable)
2. upgrading/implementing firewalls that do support VRRP
3. deploy a reliable static routing method (following URL explains how to set that up - it talks about using this technology in VPN solutions but you can use it here also)


 
Upvote 0 Downvote
Thanks, this answers my question. I'll try this solution, it looks like it should do what I want.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
187
Zero6
Zero6
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
163
burtsbees
burtsbees
ameyUK
  • Locked
  • Question
Static routes and EIGRP
Replies
1
Views
92
pablo100
pablo100
billyj1900
  • Locked
  • Question
static routes
Replies
5
Views
96
imbadatthis
imbadatthis
LORDxGOLD
  • Locked
  • Question
WAN port failover - Cisco ASA 5512x
Replies
1
Views
103
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top