Cisco Configuration Engine Installation & Configuration Guide, 3.5
multihomed
Downloads: This chapterpdf (PDF - 175.0KB) The complete bookPDF (PDF - 2.38MB) | Feedback

Setting Up a Multihomed System

Table Of Contents

Setting Up a Multihomed System

Setup Restrictions

Typical Deployment of the Multihomed System

Understanding the Routing Table

Manually Updating the Routing Table

Indirect Routes

Displaying the Routing Table

Adding Indirect Routes to the Routing Table

Deleting a Route from the Routing Table

Persistent Update—Indirect Routes

Default Route

Changing the Default Route

Persistent Update—Default Routes

Direct Routes

Persistent Update—Direct Routes

Reloading the Routing Table

Information About the /etc/hosts File


Setting Up a Multihomed System


By default, the installation of the Cisco Configuration Engine software offers a single-homed system setup. If you require a multihomed system setup, you must manually customize the network parameters of the Cisco Configuration Engine server. This chapter provides instructions for manually customizing these network parameters. It contains the following sections:

Setup Restrictions

Typical Deployment of the Multihomed System

Understanding the Routing Table

Manually Updating the Routing Table

Reloading the Routing Table

Information About the /etc/hosts File

Setup Restrictions

Two network interfaces are installed in the Cisco Configuration Engine server: eth0 (Ethernet 0) and eth1 (Ethernet 1). Both interfaces can be configured and connected to networks. Cisco Configuration Engine setup has the following restrictions:

1. The hostname and domain name that are input at setup make up the identity for eth0.

2. There are no hostname and domain name assignments for eth1.

3. For both eth0 and eth1 interfaces, the default gateway must be configured on the same network as eth0.

4. Ethernet0 is used to connect to the management network. The customer premises equipment (CPE) resides in the management network.

5. There are no setup prompts that allow you to add additional routes into the routing table.

6. The Cisco Configuration Engine user interface does not allow you to manipulate the routing table.

7. The routing table changes are not automatically backed up and saved.

Typical Deployment of the Multihomed System

Figure 4-1 shows a typical deployment of Cisco Configuration Engine server with the Cisco Configuration Engine software in a two-network environment: private network and public network.

Private Network—The private network contains the Network Operation Center (NOC), where the provisioning applications connect to the Cisco Configuration Engine through the CNS Event Bus.

Public Network—The public network is the entry to the management network where CPE connects to the Cisco Configuration Engine through TCP connections.

This deployment provides security to network management because it physically isolates provisioning applications from external traffic.

Figure 4-1 Typical Deployment of a Multihomed System

See Figure 4-1 and Setup Restrictions, and note the following:

Ethernet0 is used for connecting to the CPE in the public (management) network (restriction 4) and eth1 is used for connecting to the provisioning applications in the private network.

Gateway 209.165.202.132 is the default gateway because setup restricts the location of the default gateway (restriction 3). In effect, this restriction requires all routes going to the private network to be explicitly declared (or controlled) in the Cisco Configuration Engine server's routing table.

The CNS Event Bus Network Parameter prompt in the Cisco Configuration Engine setup controls the location of the CNS Event Bus. By default, the CNS Event Bus is set to eth0, which means that the event bus is started on the public network. If you choose to start the event bus on the private network, you must set the CNS Event Bus Network Parameter to the eth1 IP address.

By default, Cisco Configuration Engine setup automatically creates direct and default routes in the routing table. The network administrator must manually add the indirect routes to the routing table (restriction 5). For details, see Adding Indirect Routes to the Routing Table.


Note In the public network, the routes leading to networks 209.165.201.0/27, 192.168.0.0/16, and 209.165.200.224/27 could be defined either in the default gateway or in the Cisco Configuration Engine server. Defining the routes in the default gateway is preferable because it reduces management burden on the Cisco Configuration Engine server. In this chapter, however, we defined the routes in the Cisco Configuration Engine server to illustrate the routing table management tasks that you can perform on the server.


Understanding the Routing Table

The routing table in the Cisco Configuration Engine server plays a major role in maintaining the two network topologies. The Cisco Configuration Engine server is not a gateway for passing traffic between the public and private network, and it should be controlled and restrained from network access. Thus, the number of routes to be maintained in the routing table must be small. The current approach for maintaining the routing table is static routing.

Each route in the routing table describes a path from the network interface to the reachable network for directing outbound traffic. There are three types of routes required in the routing table: direct, indirect, and default.

Understanding Direct Routes

Direct routes specify the networks that are directly connected to the network interfaces. For example, the two directly connected networks in Figure 4-1 are networks 10.1.0.0/24 and 209.165.202.128/27. The two direct routes are:

eth1 > 10.1.0.0/24

eth0 > 209.165.202.128/27

Understanding Indirect Routes

Indirect routes describe the paths from the directly connected gateways to the indirectly connected networks. See Figure 4-1, and note the following information.

The indirectly connected networks in the public network are:

10.2.0.0/24

209.165.201.0/27

192.168.0.0/16

209.165.200.224/27

The indirect routes in the public network are:

209.165.202.133 > 209.165.201.0/27

209.165.202.132 > 192.168.0.0/16

209.165.202.133 > 209.165.200.224/27


Note A packet destined for network 209.165.200.224/27 is first forwarded to gateway 209.165.202.133, which sends it to gateway 209.165.201.7; therefore, the route 209.165.202.133 > 209.165.200.224/27 is required in the Cisco Configuration Engine server's routing table.


The indirect route in the private network is:

10.1.0.6 >10.2.0.0/24

Understanding Default Route

The default route specifies the default gateway for sending outgoing packets that have no matching routes. The default route in Figure 4-1 is 209.165.202.132 > 0.0.0.0/0.


Note Network 0.0.0.0/0 is a wildcard notation that matches any network address.


Manually Updating the Routing Table

By default, Cisco Configuration Engine setup automatically creates the direct and default routes in the routing table. The network administrator must manually add the indirect routes to the routing table. The following sections provide the steps for manually adding indirect routes and changing the default route:

Indirect Routes

Default Route

Direct Routes


Note When modifying the routing table, we recommend that you log in through the serial port console connection.


Indirect Routes

Use variations of the route command to display, add, or delete routes from the routing table. The following sections provide more information:

Displaying the Routing Table

Adding Indirect Routes to the Routing Table

Deleting a Route from the Routing Table

Persistent Update—Indirect Routes

Displaying the Routing Table

Use the route -n command to display the routing table:

Router# route -n


Note The -n part of the command allows numerical addresses to be displayed instead of symbolic hostnames, thus avoiding DNS for hostname lookup. This prevents the command from hanging if the DNS is not ready or reachable.


Example of the Routing Table

Kernel IP routing table


Destination       Gateway            Genmask        Flags  Metric  Ref    Use Iface
209.165.202.128   0.0.0.0            255.0.0.0      U      0       0      0   eth0
10.1.0.0          0.0.0.0            255.255.255.0  U      0       0      0   eth1
172.16.0.0        0.0.0.0            255.0.0.0      U      0       0      0   lo
0.0.0.0           209.165.202.132    0.0.0.0        UG     0       0      0   eth0


Note The first two lines are direct routes (eth0 > 209.165.202.128 and eth1 > 10.1.0.0).

The last line is the default route (209.165.202.132 > 0.0.0.0). This default route was configured during Cisco Configuration Engine setup.

The third line is the route for using the loopback interface (lo > 172.16.0.0). This is the interface with a special IP address:172.16.0.1. This loopback interface is configured by default during setup.


Adding Indirect Routes to the Routing Table

Use the route add command to add indirect routes to the routing table. You must specify the network address, network mask, gateway address, and network interface identifier in the command:

route add -net 10.2.0.0        netmask 255.255.255.0 gw 10.1.0.6        dev eth1
route add -net 209.165.201.0   netmask 255.0.0.0     gw 209.165.202.133 dev eth0
route add -net 192.168.0.0     netmask 255.0.0.0     gw 209.165.202.132 dev eth0
route add -net 209.165.200.224 netmask 255.0.0.0     gw 209.165.202.133 dev eth0


Note In the example, the first line adds the indirect route for the private network: 10.1.0.6 > 10.2.0.0/24.

The next three lines add the indirect routes for the public network:

209.165.202.133 > 209.165.201.0/27

209.165.202.132 > 192.168.0.0/16

209.165.202.133 > 209.165.200.224/27


After you add the indirect routes, use the route -n command to display the updated routing table:

Router# route -n

Example of the Updated Routing Table

Kernel IP routing table

Destination   Gateway           Genmask      Flags Metric Ref    Use Iface
10.2.0.0        10.1.0.6          255.255.255.0   UG    0      0        0 eth1
10.1.0.0        0.0.0.0           255.255.255.0   U     0      0        0 eth1
192.168.0.0     209.165.202.132   255.0.0.0       UG    0      0        0 eth0
209.165.201.0   209.165.202.133   255.0.0.0       UG    0      0        0 eth0
127.0.0.0       0.0.0.0           255.0.0.0       U     0      0        0 lo
209.165.200.224 209.165.202.133   255.0.0.0       UG    0      0        0 eth0
209.165.202.128 0.0.0.0           255.0.0.0       U     0      0        0 eth0
0.0.0.0         209.165.202.132   0.0.0.0         UG    0      0        0 eth0

Deleting a Route from the Routing Table

Use the route del command to delete a route from the routing table. For example, to delete the route to network 209.165.200.224, enter the following command:

route del -net 209.165.200.224 netmask 255.0.0.0 gw 209.165.202.133 dev eth1

Persistent Update—Indirect Routes

Modifying the routing table with the route command provides only a temporary solution that is in effect until the machine reboots. For a persistent update, add the indirect routes into the file /etc/sysconfig/static-routes, in the following format:

any <type destination-address> netmask <netmask-address> gw <gateway-address> dev 
<interface number>

Example

any net 10.2.0.0         netmask 255.255.255.0 gw 10.1.0.6        dev eth1
any net 209.165.201.0    netmask 255.0.0.0     gw 209.165.202.133 dev eth0
any net 192.168.0.0      netmask 255.0.0.0     gw 209.165.202.132 dev eth0
any net 209.165.200.224  netmask 255.0.0.0     gw 209.165.202.133 dev eth0

When the server reboots, the network startup script, /etc/rc.d/init.d/network, executes the following route add command for each line in the static routes table, beginning with the keyword any (as shown in the example above):

route add <type destination-address> netmask <netmask-address> gw <gateway-address> dev 
<interface number>

Note If the routes are no longer required, you must physically remove them from the /etc/sysconfig/static-routes file.


Default Route

Use the route command to change the default route on the routing table. The following sections provide more information:

Changing the Default Route

Persistent Update—Default Routes

Changing the Default Route

To change the default route, you must first delete the existing default route and then add the new default route to the routing table. For example, to change the default route in Figure 4-1 so that it points to the default gateway 10.1.0.6 that is connected to eth0 on the public network, follow these steps:


Step 1 Delete the default route. To delete the default route 209.165.202.132, enter the following command:

route del default gw 209.165.202.132

Step 2 Add the default route. To add the default route 10.1.0.6, enter the following command:

route add default gw 10.1.0.6


Example of the Routing Table with the Default Gateway 10.1.0.6

Kernel IP routing table

Destination     Gateway          Genmask         Flags Metric Ref    Use Iface
10.2.0.0        10.1.0.6        255.255.255.0   UG    0      0        0 eth1
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     209.165.202.132 255.0.0.0       UG    0      0        0 eth0
209.165.201.0   209.165.202.133 255.0.0.0       UG    0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
209.165.200.224 209.165.202.133 255.0.0.0       UG    0      0        0 eth0
209.165.202.128 0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         10.1.0.6        0.0.0.0         UG    0      0        0 eth1


Note The last line displays the new default route.


Persistent Update—Default Routes

The /etc/sysconfig/network file stores the following network parameters:

NETWORKING=yes
HOSTNAME=rain106.cisco.com
DOMAINNAME=cisco.com
GATEWAY=209.165.202.132
GATEWAYDEV=eth0

For a persistent default route update, you must substitute the GATEWAY parameter and the GATEWAYDEV parameter with the new desired values; for example, 10.1.0.6 and eth1.


Note The Setup program updates the file with the gateway parameters, but your manual changes are lost when you rerun the Setup program.


Direct Routes

Because the direct routes are already defined at setup, you do not need to manually define them.

Persistent Update—Direct Routes

The files ifcfg-eth0 and ifcfg-eth1 in the /etc/sysconfig/network-scripts directory store the network parameters for eth0 and eth1. These files are used to configure the network interface and to create direct routes after each reboot.

Reloading the Routing Table

You can reload the routing table in one of the following ways:

Use the route command to update temporary changes, modify the associated file, and then reboot the machine for persistent changes.

Enter the following command directly at the command line: /etc/rc.d/init.d/network restart. This updates the routing table with all persistent changes without rebooting your machine.

Information About the /etc/hosts File

The hostname and domain name that you added during the Cisco Configuration Engine Setup program defined the identity of the system and of eth0. This information is stored in the /etc/hosts file. If a name is required for eth1, you can add it to the /etc/hosts file. However, the setup script removes eth0 and eth1 entries from the /etc/hosts file at setup and regenerates the eth0 entry only. Therefore, you must re-add the eth1 entry after each setup. Other entries are not affected.