09-03-2012 07:34 AM - edited 03-04-2019 05:27 PM
Hello,
I've been trying to work this out for a while so any guidance would be much appreciated.
Basically I want to provide my ISP with a list of commands which they would run on their CE router to enable the IP SLA tracking of a few IPs and perform an action (advertise the 0.0.0.0/0 default route to my peer) based upon the result of the IP SLA check.
I'm a bit rusty on the route-maps as I've never done them in production on Cisco IOS devices and also dont have any device to test this on.
router bgp 1111
bgp log-neighbor-changes
timers bgp 7 21
redistribute connected
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 description BGP Internet Peer for Default Route
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 route-map ALLOW_OUT out
neighbor 1.1.1.1 route-map DENY_IN in
!
route-map ALLOW_OUT permit 10
match ip address prefix-list DEFAULT_ONLY
set ip next-hop verify-availablility 8.8.8.8 1 track 10
set ip next-hop verify-availablility 8.8.4.4 2 track 11
set ip next-hop verify-availablility 8.8.8.8 5 track 14
set ip next-hop verify-availablility 8.8.4.4 6 track 15
route-map DENY_IN permit 20
match ip address prefix-list DENY_IN
!
ip prefix-list DEFAULT_ONLY seq 5 permit 0.0.0.0/0
ip prefix-list DEFAULT_ONLY seq 10 deny 0.0.0.0/0 ge 1
ip prefix-list DENY_IN seq 5 permit 0.0.0.0/0
!
ip sla 10
icmp-echo 8.8.8.8 source-interface Fa0/0
frequency 10
ip sla 11
icmp-echo 8.8.4.4 source-interface Fa0/0
frequency 10
ip sla 14
tcp-connect 8.8.8.8 port 53 source-interface Fa0/0
frequency 10
ip sla 15
tcp-connect 8.8.4.4 port 53 source-interface Fa0/0
frequency 10
!
ip sla monitor group schedule 10-15 start-time now life forever
!
track 10 ip sla 10
track 11 ip sla 11
track 14 ip sla 14
track 15 ip sla 15
Anyone got any feedback (good or bad) please?
Thanks,
Peter
Solved! Go to Solution.
09-03-2012 10:17 AM
Hi,
So, you want to advertise a default route only if the 4 IP sla tests are failing or if the 4 IP sla tests are successful ?
in the latter case here's a code snippet that you'll have to adapt to your infrastructure:
inj the former case just put at the end of every object in track 10
ip local policy route-map SLA
ip route 0.0.0.0 0.0.0.0 10.1.13.3 track 10
track 1 rtr 1
track 2 rtr 2
track 3 rtr 3
track 4 rtr 4
track 10 list boolean or
object 1
object 2
object 3
object 4
ip sla 1
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 2
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 3
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 4
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
ip sla schedule 3 life forever start-time now
ip sla schedule 4 life forever start-time now
access-list 100 permit icmp any host 1.1.1.1
access-list 100 permit icmp any host 11.11.11.1
access-list 100 permit icmp any host 111.111.111.1
route-map SLA permit 10
match ip address 100
set ip next-hop 10.1.13.3
router bgp xxx
redistribute static
neighbor x.x.x.x remote-as xxx
default-information originate
The local policy routing may not be necessary in your case if you only got one path to the destinations you're doing SLA upon otherwise it is there to get sure the IP SLA tests always use the same interface.
Regards.
Alain
Don't forget to rate helpful posts.
09-03-2012 10:17 AM
Hi,
So, you want to advertise a default route only if the 4 IP sla tests are failing or if the 4 IP sla tests are successful ?
in the latter case here's a code snippet that you'll have to adapt to your infrastructure:
inj the former case just put at the end of every object in track 10
ip local policy route-map SLA
ip route 0.0.0.0 0.0.0.0 10.1.13.3 track 10
track 1 rtr 1
track 2 rtr 2
track 3 rtr 3
track 4 rtr 4
track 10 list boolean or
object 1
object 2
object 3
object 4
ip sla 1
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 2
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 3
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla 4
icmp-echo x.x.x.x
timeout 2000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
ip sla schedule 3 life forever start-time now
ip sla schedule 4 life forever start-time now
access-list 100 permit icmp any host 1.1.1.1
access-list 100 permit icmp any host 11.11.11.1
access-list 100 permit icmp any host 111.111.111.1
route-map SLA permit 10
match ip address 100
set ip next-hop 10.1.13.3
router bgp xxx
redistribute static
neighbor x.x.x.x remote-as xxx
default-information originate
The local policy routing may not be necessary in your case if you only got one path to the destinations you're doing SLA upon otherwise it is there to get sure the IP SLA tests always use the same interface.
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 01:54 AM
Hi Alain,
I want to advertise the route if any of the SLA tests are successful (therefore removing it if they fail)
or
I want to remove the route if any of the SLA tests fail
I'm not sure which would be the best way to look at it?
09-04-2012 02:06 AM
Update: I also wanted to ensure that the 1.1.1.1 BGP peer was only being sent 1 route and not allowed to receive any routes from 1.1.1.1 (to avoid private addresses leaking). That was why I added the bit in bold at the bottom
ip local policy route-map SLA
ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 10
!
track 1 ip sla 1
track 2 ip sla 2
track 3 ip sla 3
track 4 ip sla 4
track 10 list boolean or
object 1
object 2
object 3
object 4
ip sla 1
icmp-echo 8.8.8.8 source-interface Fa0/0
timeout 2000
frequency 10
ip sla 2
icmp-echo 8.8.4.4 source-interface Fa0/0
timeout 2000
frequency 10
ip sla 3
tcp-connect 8.8.8.8 port 53 source-interface Fa0/0
timeout 2000
frequency 10
ip sla 4
tcp-connect 8.8.4.4 port 53 source-interface Fa0/0
timeout 2000
frequency 10
!
ip sla schedule 1 life forever start-time now
ip sla schedule 2 life forever start-time now
ip sla schedule 3 life forever start-time now
ip sla schedule 4 life forever start-time now
!
access-list 100 permit icmp any host 8.8.8.8
access-list 100 permit icmp any host 8.8.4.4
access-list 100 permit tcp 8.8.8.8 destination-port eq 53
access-list 100 permit tcp 8.8.4.4 destination-port eq 53
!
route-map SLA permit 10
match ip address 100
set ip next-hop 10.1.13.3
route-map ALLOW_OUT permit 10
match ip address prefix-list DEFAULT_ONLY
route-map DENY_IN permit 20
match ip address prefix-list DENY_IN
!
router bgp XXXX
redistribute static
neighbor 1.1.1.1 remote-as 65000
default-information originate
bgp log-neighbor-changes
timers bgp 7 21
neighbor 1.1.1.1 description BGP Internet Peer for Default Route
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 route-map ALLOW_OUT out
neighbor 1.1.1.1 route-map DENY_IN in
!
ip prefix-list DEFAULT_ONLY seq 5 permit 0.0.0.0/0
ip prefix-list DEFAULT_ONLY seq 10 deny 0.0.0.0/0 ge 1
ip prefix-list DENY_IN seq 5 permit 0.0.0.0/0
09-04-2012 02:52 AM
Hi,
I want to advertise the route if any of the SLA tests are successful (therefore removing it if they fail)
so if one SLA fails you don't advertise the route or because the snippet I gave you only advertises the default route if all SLA tests are failing. if you want only one failing test to stop advertising the route then use a boolean list and instead of boolean list or
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 03:07 AM
Hello Alain,
Thanks for your help. Sorry I missworded that, If 1 fails I still want to advertise the route (to protect against an outage outside of ourselves, i.e. 8.8.8.8 or 8.8.4.4 being down) only if they ALL fail should the route be removed from being advertised.
I hope this makes it a little clearer?
09-04-2012 05:19 AM
Hi Peter,
in this case the boolean list or like i mentioned in the snippet is what you need.
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 08:03 AM
Top man thanks Alain!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide