topic Routing Config Issue in Routing and SD-WAN

Routing Config Issue

Joe Lee — Tue, 05 Mar 2019 00:45:05 GMT

All-

To make it easier to explain my problem, I am attaching the network diagram.

R1 is remote site that runs IPSec VPN and it setup the accordingly primary and failover L2L VPN to R2 and R7. R2 and R3 are in the data center, and R6 and R7 are in the seondary data cenetr. R3, R4, R5, and R6 are all connected to the MPLS cloud via BGP. All the router are running eBGP here, except the remote router R1.

R 2 and R7 are running the static route for the subnet in the remote site. My issue is...when the primary VPN down, the failover VPN switches as an actived mode. On the router R5, supposed the route to the subnet in the remote site R1, should be R5->R6->R7->R1, but the route still goes R5->R3->R2->R1.The crypto Phase I is up, but it appears there is the routing issue. Please advice how to adjust the routing so we can reach the remote site when the primary is down through the backup VPN.

Regards,

Joe

Routing Config Issue

smehrnia — Thu, 21 Jun 2012 20:30:48 GMT

Hi Joe,

Since R2 and R7 are using static routes to the remote subnet, when the route (VPN) goes down, they dont withdraw it from the routing table, causing a black hole in your network towards R1.

what you have to do is simply set up an IP SLA Echo that pings your R1 ip address constantly, and then bind the IP SLA tracker to your static route.

this way when there is reachability issues, such as link failure or whatever, your static route is withdrawn from the routing table and the other VPN takes control.

plz Rate if it helped,

Soroush.

Routing Config Issue

Joe Lee — Thu, 21 Jun 2012 21:09:37 GMT

Thank you Soroush. Which router should I setup the IP SLA? Can you please provide me some detail on setting up the IP SLA Echo? Thanks again!

Routing Config Issue

smehrnia — Thu, 21 Jun 2012 21:27:03 GMT

R 2 and R7 are running the static route for the subnet in the remote site.

as you said, R2 and R7 are responsible for R1 (remote) connection. so you have to set the ip sla on R2 and R7. then on both of these routers attach the ip sla to the static routes.

Example (but with different IOS versions the commands might slightly be different, you could look them up in cisco.com):

!! we assume that; R1 = 10.1.1.1 - subnets behind R1 are: 172.16.0.0/16 !!

config t

ip sla 1 OR ip sla monitor 1

icmp-echo 10.1.1.1 source-interface [if you need to source icmp-echo from a specific ip]

timeout 2000

frequency 2

! the frequency at which ping is sent, the smaller value, the faster networks knows abt the failure

ip sla schedule 1 life forever start now

track 1 rtr 1

ip route 172.16.0.0 255.255.0.0 10.1.1.1 track 1

----------------------------------------------------------------------

plz Rate if it helped,

Soroush.

Routing Config Issue

Joe Lee — Tue, 26 Jun 2012 17:56:53 GMT

Thank you Soroush. couple questions/concerns. 1) R1 is the customer router, most of them, we can't ping their router ip address. 2) Can we setup ip sla on R2 to ping the R7 router, and on R 7 to ping the R2?

Routing Config Issue

smehrnia — Tue, 26 Jun 2012 18:47:35 GMT

anytime.

for ip sla (echo) to work you have to use the links that u r concerned about, because this ping simply checks connectivity and if it is lost, route is withdrawn. if you dont use R2 - R1 and R7 - R1 links in ur ping, ip sla is no use then. you can ping anything that makes it pass those links.

Hope it Helps,

Soroush.

Routing Config Issue

Joe Lee — Wed, 27 Jun 2012 15:45:19 GMT

Thanks Soroush again. Due to unable to ping the router in seattle site, any options to solve my issue?