cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4103
Views
0
Helpful
8
Replies

Dual ISP Failover - IP SLA - Route-maps and Static Routes - Problems and Suggestions Please

jelloir
Level 1
Level 1

I've setup dual ISP failover to extend support into the following situation - as opposed to the interface simply going "DOWN".

  • If ISP-PRIMARY is having issues but the primary interface Ethernet0/3/0 is still "UP" use IP SLA and tracking to perform failover and failback once ISP-PRIMARY resolves their issue.

I'd appreciate feedback about the configuration below and have the following statements and question(s):

  1. When PRIMARY is active I cannot ping from BACKUP as a source interface and visa versa due to static routing (I think).
  2. Because of point 1, when the PRIMARY is down and comes back online, ip sla ping from the source interface Ethernet0/3/0 doesn't work and therefore failback never happens... That was until I added ip local policy route-map POLICY-IPSLA-IFACE to force icmp echo to the monitored IP's via Ethernet0/3/0.
  3. Is there a better way to allow the router to source pings from both WAN interfaces all the time or is using the local policy map the only option here? Ideally since the PRIMARY link is DHCP I'd prefer not to have ACL4-IPSLA-IFACE which references hard coded source IP addresses (123.213.132.112) - obviously if the WAN IP ever changed it would break failover.
  4. I have dialer watch-list which suffers the same issue - presumably I'd have to set-up another local policy map to help the celluar0/2/0 maintain its online state since it loses connectivity (presumably on purpose by the ISP when it's idle) - this is not a huge problem since the interface activates quickly when interesting traffic traverses it, but it would be good to reduce the configuration.

BTW, I'm sure there will be opinions on using Cloudflare and Google DNS for ip sla and I'm happy to update that. I've read that it's suggested to use the gateway's of the ISP's but since they are both dynamically assigned I'm not sure I can reliably set them?

 

object-group network OBJ-NETW-VLAN-DATA
10.39.99.0 255.255.255.0
!
interface Ethernet0/3/0
description ISP-PRIMARY
ip dhcp client route track 3 ! MUST BE ADDED BEFORE "ip address dhcp"!!!
ip address dhcp client-id Ethernet0/3/0
ip nat outside
!
interface Cellular0/2/0
description ISP-BACKUP
ip address negotiated
ip nat outside
!
interface Vlan1
ip address 10.39.99.254 255.255.255.0
ip nat inside
!
ip local policy route-map POLICY-IPSLA-IFACE
!
ip nat inside source route-map ISP-PRIMARY interface Ethernet0/3/0 overload
ip nat inside source route-map ISP-BACKUP interface Cellular0/2/0 overload!
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 128
ip route 0.0.0.0 0.0.0.0 Ethernet0/3/0 dhcp
!
ip access-list extended ACL4-IPSLA-IFACE
 permit icmp host 123.213.132.112 host 1.1.1.1 echo
 permit icmp host 123.213.132.112 host 8.8.8.8 echo
ip access-list extended NAT-CONTROL
 permit ip object-group OBJ-NETW-VLAN-DATA any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Ethernet0/3/0
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 1.1.1.1 source-interface Ethernet0/3/0
frequency 5
ip sla schedule 2 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 10 up 30
!
track 2 ip sla 2 reachability
delay down 10 up 30
!
track 3 list boolean or
object 1
object 2
!
dialer watch-list 1 ip 1.1.1.1 255.255.255.255
!
route-map POLICY-IPSLA-IFACE permit 10
 match ip address ACL4-IPSLA-IFACE
 set ip next-hop dynamic dhcp
 set interface Ethernet0/3/0
!
route-map ISP-PRIMARY permit 10
 match ip address NAT-CONTROL
 match interface Ethernet0/3/0
!
route-map ISP-BACKUP permit 10
 match ip address NAT-CONTROL
 match interface Cellular0/2/0

 

 

2 Accepted Solutions

Accepted Solutions