cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
620
Views
3
Helpful
7
Replies

Factibility to create IP SLA that reactivate the route manually? FMC

Vicente Miño
Level 1
Level 1

Hi to everyone,

I have a little doubt about something that my employee consulted to me a few days ago, about whether or not it is possible to configure an IP SLA that when the link/route being monitored goes down, to prevent the route from being reestablished once the link becomes available but intermittently, the reestablishment has to be manual. I understand that this is not possible, since the routes monitored by IP SLA both their drop and restoration can only be automatic.

An example case is that we are carrying out an IP SLA to be able to monitor our internet links and in case of failures, route them to our MPLS.

Any information about this will be very helpful to me, since regarding these specific queries I have no way to refute them.

Beforehands, thaknk you very much.

7 Replies 7

tvotna
Spotlight
Spotlight

This feature was requested million years ago, but nothing happens from Cisco side:

CSCti67445 ENH: Implement "delay up/down" command in Object Tracking
CSCtj73500 ENH: Add support for sla monitor up/down delay on ASA platform

 

Thank you for the fast responde @tvotna so only to clarify in this particular case there is no way to monitor link latency or packet losses before raising the default route to the Internet again?

On both ASA and FTD it is possible to monitor such metrics as rtt, jitter, packet loss and mos by ICMP probes and also HTTP response time in newer versions, and make routing decisions accordingly. There are few problems however:

- ICMP probes are sent every 30 seconds and the interval is unconfigurable
- the delayed failback, such as you described, is not supported
- the algorithm is not very well documented (also, there was a post on this forum that it doesn't work as designed, but I don't remember details)
- there is no integration with static routing; the feature is only integrated with policy-based routing which is quite stupid

The idea of this feature is to choose best egress interface for certain application (with less packet loss, smaller rtt, etc). If metrics change, new connections are sent to the interface with a better metric, old connections stick with the current interface.

https://secure.cisco.com/secure-firewall/docs/policy-based-routing-with-path-monitoring
https://secure.cisco.com/secure-firewall/docs/policy-based-routing-using-http-path-monitoring

HTH

 

""to prevent the route from being reestablished once the link becomes available but intermittently""

That I think is not correct 

For internet you can use defualt route with track (sla) and this route is use only if

1- the interface is UP

2- the sla is Reachable 

So there is no OR there AND' both condition must be match before route is used.

For mpls and internet' as I mention you config defualt route with track for internet and you receive defualt route via mpls' this make your ftd use internet if down it will use mpls.

MHM

Thank you for the fast responde @MHM Cisco World so only to clarify in this particular case there is no way to monitor link latency or packet losses before raising the default route to the Internet again?

The sla have timeout, if your link have high latency and you config timeout short then the sla is mark as unreachable even if ftd receive reply but this reply after timeout so it ignore

Notice:- dont make timeout so short, in optimal condition the traffic face some delay

MHM

Review Cisco Networking for a $25 gift card