09-03-2007 07:48 AM - edited 03-03-2019 06:34 PM
hello,
I know i have done this before, but i am having challenges configuring multiple static routes on a router for failover purposes.
I have a a branch network that with some specific branches being able to connect directly to our HQ out of the country while the others connect through one of the branches with the direct link. I want to create failover links to those branches without the direct link to the HQ such that when their link to the HO is no longer available through the particular branch office, they get cut over to another branch office with the same access as the main.
We are on a wide area IP network from a service provider who have put us on a VLAN on their fibre network.
09-03-2007 07:54 AM
Hi,
Doing backup static routes (floating static routes) is achieved by having multiple static routes with different AD (Administrative Distance):
ip route
ip route
The smaller the AD the more preferred the route, the default is 1 and 254 is the largest valid AD.
HTH,
Mohammed Mahmoud.
09-03-2007 08:06 AM
Hello Mo'
Thanks for the quick response.
Just so that I am clear, do u think this setup will work without any further configurations on the router.
The network is an enterprise wide area network. It spans across countries. And with what I wanna achieve, I want to believe that by configuring another static route on the routers in question, they will be able to route traffic to the next available route automatically, if the default route fails?
there is also a default route of
ip route 0.0.0.0 0.0.0.0 1.1.1.1 on all the remote branch office routers. Would i need to change this?
Regards,
Femi
09-03-2007 08:10 AM
Or do i simply add a second default route with a higher AD being that the initial default route does not have any AD, hence its AD is probably 1???
Regards,
Femi
09-03-2007 08:13 AM
Hi Femi,
What kind of WAN technologies are we talking about, if its an overlay (Layer 2 VPN, FrameRelay for example) then all that you'll have to do is configure the backup route on both sides, while if it is a peer-to-peer VPN (Layer 3 MPLS-VPN for example) then you'll need to interact with your provider to adjust your routing across his backbone.
As for the default route, i don't know what it does for you, i mean do you want to backup specific routes or everything, if everything then you'll also have to add another backup default route (and yes its default AD is 1).
HTH,
Mohammed Mahmoud.
09-03-2007 10:02 AM
Hi Mo'
The WAN technology in scope here I think is Layer 2 VPN. The reason i think so is cos my service provider does not do any form of routing on my network. They have connected all our branches over their fibre network, and have created a VLAN for all these branches. Hence all routing is done from the remote offices alone. SO i believe we are using the Layer 2 technology, with a mesh kind of network. All i did was to add a secondary IP to the interface that connects to the service providers network and also added the default route with a higher AD.
Now I just did a test, by switching off the router to the main link on the network for the remote offices, but devices still cannot connect to the HO through the secondary default route which i configured on the routers with a higher AD of 20.
As for the default route, yes, I want all traffic to be routed to the next available router which is why i added the second static default route with a higher AD.
AM i doing something wrong or have I omitted something?
Femi
09-03-2007 10:22 AM
Hi Femi,
You are right about your WAN technology being layer2. For the floating static route to operate you must make sure that the main route has been removed from the routing table, please make sure that all the routes are pointing to both next-hop and interface simultaneously in order to make sure that the main route will be removed from the routing table (ip route
HTH,
Mohammed Mahmoud.
09-03-2007 08:15 AM
As Mohammed pointed out, the key is AD.
Term that is used to describe the routes you are talking about is called Floating Static Routes. Here are some examples:
09-03-2007 11:46 AM
Femi (and Pavlo and Mohammed)
I believe that there is another key point which has not been brought out yet. For the primary static route (default route in this case) to be removed from the routing table the interface through which the static route points must go protocol down. This works easily on point to point serial and similar technologies. It does not work well on Ethernet type interfaces. We do not know for sure which type of interface is used here, but from the description of the provider making a VLAN I am assuming it is Ethernet. Perhaps Fermi can clarify this.
Assuming that the interface is Ethernet then just pointing the static route to a next hop and an interface is not enough. You can lose connectivity to the next hop through that interface but the route will remain in the routing table as long as the interface remains protocol up. Cisco has introduced a feature called Reliable Static Routes with Object Tracking which addresses this issue. This link should give you information to get started with this:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
If you implement reliable static routes with object tracking I believe that you will get the failover that you want.
HTH
Rick
09-03-2007 12:08 PM
Hi Rick,
Totally agree with you, thats what i kind of meant with "you must make sure that the main route has been removed from the routing table", any way what do you think about using SLA:
ip sla monitor 113
type echo protocol ipIcmpEcho
ip sla monitor schedule 113 start-time now
!
track 13 rtr 113
!
track 3 list boolean and
object 13 not
!
ip route 0.0.0.0 0.0.0.0
BR,
Mohammed Mahmoud.
09-03-2007 12:17 PM
Mohammed
You did correctly identify the requirement for the main route to be removed. I felt that your response implied that specifying both next hop and interface was sufficient to assure that the main route would be removed and that is not the case.
I believe that SLA uses the same mechanism of Object Tracking. It probably would work the way that you have suggested here. My impression is that your solution is slightly more complex than the approach described in the link that I posted. But either approach should work.
HTH
Rick
09-03-2007 12:38 PM
Hi Rick,
I was still trying to analyze the issue, and you nailed it perfectly as always :)
SLA is used for Enhanced Object Tracking, and i believe that it would be the best option, as the other options is to track interface line protocol or route reachability which i think both are not suitable for the case of the original poster.
BR,
Mohammed Mahmoud.
09-03-2007 02:31 PM
Hi Rick/Mo',
My goodness, both of you are amazing! From the look of things, I am sure this aint your first or second time of crossing paths but i guess its a good thing. Brings out the best in all of us, i guess.
Rick, you are right, we are using fast ethernet interfaces in this case.
I have closed for the day and there is some form of maintenance that is being carried out at ma office all night long. But I will cetainly try out both your suggestions - SLA and Reliable Static Routing using Object Tracking. I will definitely get back to you both once I am done configuring and testing tomorrow.
Once again, thanks a lot u 2 for ur contributions. I really appreciate it and I hope I will be able to help with ma little experience in the near future.
Regards
Femi
09-03-2007 06:01 PM
Femi
Yes Mohammed and I cross paths with some frequency on the forums. And I do think that it is a good thing. The forum has many talented participants and each has a point of view that may be different from others. I believe that the collective effort which utilizes the multiple points of view will frequently arrive at the optimum solution.
I believe that either of the approaches (Reliable Static Routes with Object Tracking or SLA) could work for you. Give them a try and choose the one that seems best for your par5ticular circumstance. And please keep us updated with what happens.
HTH
Rick
09-03-2007 11:56 PM
Hi,
Actually, i've learned a lot from Rick, he is one of the pioneer experts on this forum, and i do value his opinion and guidance always, and i appreciate his professional feedback, and i really hope that the efforts of all the contributers in this forums would make it the best ever.
Now to the main issue, please take care to adjust the following when trying SLA, in order to reflect the outage in a nice time:
ip sla monitor 113
type echo protocol ipIcmpEcho
timeout 1000 > (default 5000) <<< msec - PLEASE TAKE CARE
frequency 3 > (default 60 - frequency can't be less than timeout)
HTH,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide