Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
2
Replies

Dual floating static route and failover / IPSla issues

jpergolizzi
Level 1
Level 1

‎07-09-2024 12:46 PM

Folks, hoping someone can help me here. I have 2 sites that are connected with a fiber point-to-point WAN circuit. Each site has its own ISP/Internet connection. SiteA is the one I need assistance with. Each site has a single dual-SUP Cisco L3 core and a firewall. The core connects both to the WAN and the firewall, and the firewall connects to the ISP (see diagram below). 

Basically, we had an ISP outage at SiteA where the ISP equipment that connects to the firewall lost power. I have set up dual-static floating routes on both the Cisco and the firewall to prefer the local ISPA first, and if that is not available, fail over to the WAN path to site B for backup internet.

When the power was lost to the ISP equipment, the firewall appeared to correct fail to the backup default route which points back at the Cisco L3 core to get to the WAN. However, the core failover route did not seem to want to fail to the WAN path and kept routing default traffic to the local firewall. When we powered off the firewall completely to test, only then did the Cisco core default route fail to the WAN to Site B.

Here's the diagram (I apologize for the crudeness of it) and the configs are included. Any help or guidance here would be appreciated.

Labels:
Preview file
214 KB
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎07-09-2024 09:51 PM - edited ‎07-09-2024 10:03 PM

Hello @jpergolizzi 

Does the track is UP on the Site A Layer 3 switch ?

On that Switch ip sla config, are you sure about source-ip 172.16.185.23 ? 

#show track 1

If 'down' please try with source-interface instead of source-ip , and use interface facing the Site A Fw.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

paul driver
VIP
VIP

‎07-10-2024 12:27 AM

Hello
Sounds like the root issue is the ipsla on stie A l3 sw, when ISP A was lost, the destination being monitored by that l3 sw is still reachable via site B as such the primary default route is still valid thus blackholing traffic for that site, only when site A fw was powered off did the directly connect interface of the l3 sw go down as such the primary default was removed and routing towards site b resolved

review the attach file.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
1 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card