Re: ip route Failover Priority with Two Backup WANs

emuman100 · ‎03-05-2024

I have three WANs; one is the primary and the other two are backups.

Primary = dhcp; Secondary = Cellular0/2/0; Tertiary = Dialer1

The routes are as follows:

ip route 0.0.0.0 0.0.0.0 dhcp

ip route 0.0.0.0 0.0.0.0 Cellular 0/2/0 251

ip route 0.0.0.0 0.0.0.0 Dialer1 254

Cellular 0/2/0 interfaces to the cellular provider's CG NAT. When the primary goes down and traffic cannot traverse through Cellular 0/2/0 while the interface is still up, I wanted it to go through Dialer1, but it goes through the cellular interface instead.

All of these use route_map for NAT and NAT works as it should for these interfaces. The issue is route priority. Cellular0/2/0 is the secondary WAN. When it's called up due to traffic, it gets an IP address via CG NAT, but won't always pass traffic when the cellular account does not have prepaid funds, but, the router sees it as an interface that is up and has an automatically assigned a CG NAT ip address, so my route priority defined by administrative distance goes to Cellular 0/2/0.

When traffic does not pass due to no funds in the cellular account, I had expected the Dialer1 254 route to be used, but that isn't the case.

When the primary WAN goes down, the interface actually goes down, so IOS-XE removes that route from the routing table, so the next closest route is Cellular 251. When traffic cannot traverse Cellular 0/2/0 due to lack of funds, the interface still stays up and still has an ip address, so the route remains in the routing table. If it were to go down, the route would be removed and traffic would traverse through Dialer1, but in this case, Cellular 0/2/0 still stays up and gets a CG NAT ip address.

What options do I have? Can I use an ip sla and a track somehow or is there something else I can do which would work more reliably?

Thanks.

MHM Cisco World · ‎03-05-2024

if the Cellular can not pass traffic when the funds is end, then you can use IP SLA track to add/remove the route toward cellular and keep the metric as it, make IP SLA use 8.8.2.2 as destination.

MHM

emuman100 · ‎03-06-2024

Is there another way to remove the route than an ip sla? The reason I ask is if I set up a track to track the ip sla, when the Cellular interface is down, the the ip sla will fail and the track will go down and the route will be removed.

The issue is that when the primary WAN goes down, the existing route (Cellular 0/2/0 251) brings up the interface. With a track in place and since the interface is already down and the route removed, it won't bring up the interface because the track removed the route. Do you see the complication?

MHM Cisco World · ‎03-06-2024

ip route 8.8.4.4 255.255.255.255 cellular x permanent <<- this make IP SLA use cellular always when the interface is UP

MHM

emuman100 · ‎03-06-2024

Adding the permanent argument to the route statement will prevent the route from being removed. What I require is a way to remove the route when traffic cannot traverse or use Dialer1 instead when traffic cannot traverse through the cellular interface. Do you know of a way to do this?

MHM Cisco World · ‎03-06-2024

Friends there are two route

One default route with ip sla

Other static route for only ip sla here we use permanent, this route appears in RIB when cellular interface is UP so that IP sla use it, the status of IP sla use for default route.

Hope this clear for you

MHM

emuman100 · ‎03-06-2024

Ok, I understand that this static route will be permanent now, but how does that help the ip sla? Won't the ip sla invoke traffic to bring the interface up anyway?

MHM Cisco World · ‎03-06-2024

You mentioned that if there is no funds the traffic not pass, so ip sla to 8.8.4.4 will not succues and status will down of IP sla track

This prevent default route to add to RIB.

MHM

emuman100 · ‎03-07-2024

Correct, but the ip sla will invoke traffic which will bring the interface up when it is normally down due to DDR.

So what you are saying is to track the cellular interface with an ip sla, and the track will remove the default route when the ip sla goes down, then traffic will be routed to the dialer interface (which is not controlled by DDR)?

balaji.bandi · ‎03-06-2024

Its all depends how you like to failover.

When traffic does not pass due to no funds in the cellular account, I had expected the Dialer1 254 route to be used, but that isn't the case.

this is depends how you checking to fail over to next level.

the router does not have that intelligent to check the balance, if you get any error events based on that you can do the failovers.

can you post full config ? what error you get when there is no balance on cellular account ?

if you onlly looking state of up then traffic will be blackhole there. instead if you using ping to external address using source interface that will fails so it uses next available link in theory

this works based on the config you applied and if and but conditions.,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

emuman100 · ‎03-07-2024

I'm trying to determine what options I have for failover. Because the cellular interface will come up and obtain a CG NAT IP address whether or not it has funding to pass traffic, you are saying that I should use an ip sla and track the sla and use it to remove the route to the cellular interface?

My config is quite large. Is there a way to post without taking up too much space?

The cellular interface is invoked by DDR and will come up, obtain a CG NAT IP address, and if there is funding in the account, will pass traffic. If not, no traffic will pass, but the interface will still come up and obtain a CG NAT IP address.

I want failover to go from dhcp->Cellular 0/2/0->Dialer1, but as stated above, Cellular 0/2/0 has such a condition that it will come up and obtain an ip address whether or not it can pass traffic due to funds in the account. dhcp is the primary WAN and when it goes down, it loses its dhcp ip address and its default route is removed.

balaji.bandi · ‎03-07-2024

you are saying that I should use an ip sla and track the sla and use it to remove the route to the cellular interface?

some method to prove that cellular working to fail over if primary down, as you mentioned due to low balance, the connetion up but if you do not have balance to pass traffic, all traffic black hole there.

My config is quite large. Is there a way to post without taking up too much space?

Remove password information and attach as text to view and suggest.

 want failover to go from dhcp->Cellular 0/2/0->Dialer1

we hear you - but we want to see what configured. and post output cellular interface output.

i have couple of examples scenarios in blog have a look :

https://www.balajibandi.com/?p=1643

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

emuman100 · ‎03-08-2024

Hi BB,

I'll post my config once I get access to the router today.

What cellular interface output are you specifically looking for? There are no errors or messages reported by IOS. It simply gets brought up via DDR, but if there are no funds, traffic won't pass. If there are funds, traffic passes. In each case, the interface behaves the same and its default route takes over. What I'm looking to do is to somehow detect when traffic won't pass and remove its default route, so the default route for Dialer1 will take over.

Your blog post is interesting. I don't apply the route_map policy directly to the interface like you do. I also do not implement OSPF either, but doesn't that have to be supported by the ISP?

Thanks.

Georg Pauwen · ‎03-06-2024

Hello,

post the current full configuration (sh run) of your router...

emuman100 · ‎03-07-2024

The config is quite large. Is there a way to post a condensed version?