Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

2 ISP switching

sanjar200994
Level 1
Level 1

‎02-19-2024 01:55 AM

Hello, I'm not so experienced network admin. So I have a question

at the moment switching ISPs on the router is done using tracks.

Part of config

track 10 ip sla 10 reachability
track 11 ip sla 11 reachability
track 15 list boolean and
object 10 not
object 11 not
delay down 60 up 60
track 20 ip sla 20 reachability
track 21 ip sla 21 reachability
track 25 list boolean or
object 20
object 21
delay down 60 up 60
track 30 list boolean and
object 15
object 25

ip route vrf ISP 0.0.0.0 0.0.0.0 Dialer1 4 track 30
ip route vrf ISP 0.0.0.0 0.0.0.0 Dialer0 10

event manager applet backup
event track 30 state up
action 1.0 cli command "configure terminal"
action 1.1 cli command "interface range tunnel0-1"
action 1.2 cli command "shutdown"
action 1.3 cli command "no tunnel protection ipsec profile"
action 1.4 cli command "tunnel source Vlan5"
action 1.5 cli command "tunnel protection ipsec profile profile-a shared"
action 1.6 cli command "no shutdown"
action 1.7 cli command "end"
action 1.8 cli command "exit"
event manager applet main
event track 30 state down
action 1.0 cli command "configure terminal"
action 1.1 cli command "interface range tunnel0-1"
action 1.2 cli command "shutdown"
action 1.3 cli command "no tunnel protection ipsec profile"
action 1.4 cli command "tunnel source Dialer0"
action 1.5 cli command "tunnel protection ipsec profile profile-a shared"
action 1.6 cli command "no shutdown"
action 1.7 cli command "end"
action 1.8 cli command "exit"

 

on my previous job we used 2 different vrf, example config below

ip vrf INET1
 rd 10:10
!
ip vrf INET2
 rd 100:100

 crypto ipsec profile DMVPN
 set transform-set AES256-SHA 
 set pfs group2
!         
crypto ipsec profile DMVPN2
 set transform-set AES256-SHA 
 set pfs group2

interface Tunnel0
 ip address XXX.XXX.11.XXX 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip hello-interval eigrp 77 4
 ip flow ingress
 ip flow egress
 ip nhrp network-id 11111
 ip nhrp holdtime 300
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 <b>delay 10 </b>
 if-state nhrp
 tunnel source <Internet Interface1>
 tunnel mode gre multipoint
 tunnel key 999999
 tunnel vrf INET1
 tunnel protection ipsec profile DMVPN
!         
interface Tunnel1
 ip address XXX.XXX.12.XXX 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip hello-interval eigrp 77 4
 ip nhrp authentication XYZXYZ
 ip nhrp network-id 22222
 ip nhrp holdtime 300
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1320
 load-interval 30
<b> delay 5000</b>
 if-state nhrp
 tunnel source <Internet Interface2>
 tunnel mode gre multipoint
 tunnel key 888888
 tunnel vrf INET2
 tunnel protection ipsec profile DMVPN2

router eigrp 77
 network XXX.XXX.11.XXX
 network XXX.XXX.12.XXX
exit
 
ip route vrf INET1 0.0.0.0 0.0.0.0 <Internet Interface1> <GW Address1> name INET1
ip route vrf INET2 0.0.0.0 0.0.0.0 <Internet Interface2> <GW Address2> name INET2

 

SO QUESTION IS - which kind of switching is better? 

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎02-19-2024 03:11 AM

Hello,

I am not sure what the boolean tracking is for exactly, but the second (EIGRP-based) option looks better, since the failover is much faster.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card