Re: Track and IP SLA with PBR Issue.

eng.khaled.omar · ‎06-23-2021

Hi All,

I have one internet router with two ISPs, (Serial 0/0/0 connected to ISP-1 and Serial 0/0/1 connected to ISP-2).

I configured IP SLA 10 and 20 as follows:

ip sla 10

icmp-echo 8.8.8.8 source-interface serial0/0/0

frequency 6

timeout 6000

ip sla schedule 10 lifetime forever start-time now

track 10 ip sla 10 reachability

delay up 30 down 20

ip sla 20

icmp-echo 8.8.8.8 source-interface serial0/0/1

frequency 6

timeout 6000

ip sla schedule 20 lifetime forever start-time now

track 20 ip sla 20 reachability

delay up 30 down 20

I configured PBR-10 to let traffic from VLAN-10 to use ISP-1 as next hop when track 10 is up as follows:

access-list 10 permit ip 192.168.10.0 0.0.0.255

route-map PBR-10 permit 10

match ip address 10

set ip next-hop verify-availability "ISP-1 IP" 10 track 10

I configured PBR-20 to let traffic from VLAN-20 to use ISP-2 as next hop when track 20 is up as follows:

access-list 20 permit ip 192.168.20.0 0.0.0.255

route-map PBR-20 permit 10

match ip address 20

set ip next-hop verify-availability "ISP-2 IP" 10 track 20

The issue that i'm facing is that when a failure happens inside ISP-1, the tracking goes down and after some time it goes back Up, and traffic goes to ISP-1 then back to internet router then goes to ISP-2, how to prevent that from happening, i mean i need traffic goes completely to ISP-2 when a failure happens inside ISP-1, FYI, i use BGP with ISPs.

Can anyone help?

balaji.bandi · ‎06-23-2021

Are you peering with BGP ? then why not control the traffic using BGP based on Traffic Engineering, which side is prefered for which network.

can you post complete config to understand.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

eng.khaled.omar · ‎06-23-2021

Ok but what about routing based on source IP/subnet?

i need to let half of the traffic to go through ISP-1 and half of the traffic to go through ISP-2, and in case of failure of one ISP, traffic is re-routed to the other one.

NormanSmith70793 · ‎06-23-2021

Just to re-iterate Balaji suggestion, it's best to use BGP TE to manipulate the traffic.

PBR with IP SLA ideal when using FHRP.

But given you are doing BGP peering with both ISP, it is best to use TE with some mix of AS pre-pending and LOCAL- PREF via route-maps and prefix-list.

Are you getting full routes from each ISPS or just default route?

eng.khaled.omar · ‎06-27-2021

>> Are you getting full routes from each ISPS or just default route?

Default Route only.

The issue is that i need to track the ISP network and in case any kind of failure INSIDE the ISP, traffic is re-routed to the other ISP, that's why i use PBR with IP SLA and tracking.

eng.khaled.omar · ‎06-27-2021

Hi All,

The issue has been resolved.

a) First i changed the IP SLA to use source ip address instead of source interface.

b) Second, we make agreement with each ISP to make a BGP filter to DENY the source ip used by the other ISP, so this will achieve that the track will be down in case of any ISP failure and will not be up from the other ISP side.

Thanks,