cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1117
Views
0
Helpful
10
Replies

IP SLA Bug

hakim99
Level 1
Level 1

I would appreciate your support on the following LAB

I have one Router VXR1 connected to 2 routers: ISP1/ISP2.

R1 is always using ISP2, even though ISP1 is reachable. ping from R1 to 8.8.8.8 using source interface F0/0 isn't reachable when the track is added to the IP route static.

Configuration of VXR1 Router : 

VXR1(config)#do show run
Building configuration...

Current configuration : 1099 bytes
!
hostname VXR1
!
track 1 IP SLA 1 reachability
!
interface FastEthernet0/0
description "Connected to ISP1"
IP address 10.1.11.1 255.255.255.252
duplex half
!
interface FastEthernet1/0
description "Connected to ISP2"
IP address 10.1.12.1 255.255.255.252
duplex half
!
IP route 0.0.0.0 0.0.0.0 FastEthernet0/0 track 1
IP route 0.0.0.0 0.0.0.0 FastEthernet1/0 10
!
IP SLA 1
ICMP-echo 8.8.8.8 source-IP 10.1.11.1
frequency 15
IP SLA schedule 1 life forever start-time now
!

end

ISP1 one is reachable only if I use " IP route 0.0.0.0 0.0.0.0 FastEthernet0/0", the moment I remove this line and add track 1, traffic will chose F1/0 connected to ISP2.

VXR1(config)# do show IP route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, FastEthernet1/0

 

ISP1 configuration : 

!
interface Loopback0
IP address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
description "Connected to VXR1"
IP address 10.1.11.2 255.255.255.252
duplex half
!

ISP2 Configuration : 

!
interface Loopback0
IP address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
description "Connected to VXR1
IP address 10.1.12.2 255.255.255.252
duplex half

Thanks in advance.

10 Replies 10

ulineosan
Level 1
Level 1

Did you manually check that the ping works and did you verify the status of the SLA?

VXR1# ping 8.8.8.8 source Fa0/0

VXR1# show ip sla statistics 1 detail

Hi dear,

VXR1#ping 8.8.8.8 Source f0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.1.11.1
.....
Success rate is 0 percent (0/5)


VXR1#show ip sla statistics 1 details
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
Type of operation: icmp-echo
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *15:11:49.723 UTC Thu Apr 3 2025
Latest operation return code: Timeout
Over thresholds occurred: FALSE
Number of successes: 42
Number of failures: 74
Operation time to live: Forever
Operational state of entry: Active
Last time this entry was reset: Never

FYI: 

the Ping to 8.8.8.8 using f0/0 is reachable when the ip route static are : 

VXR1(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

VXR1(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 10

 

the moment i add track 1 to the first route, it's not reachable anymore.

Thank you in advance.

 

 

Jens Albrecht
Spotlight
Spotlight

The root cause of your problem is a logic error.

The ping to 8.8.8.8 can only be successful if the default route to ISP1 is installed in the routing table.
However, the default route to ISP1 is only installed if the ping to 8.8.8.8 is successful.
Hence the ping to 8.8.8.8 will never be successful and the default route to ISP1 will never appear in the routing table.

Solution:
The IP SLA needs to have a separate static route entry like "ip route 8.8.8.8 255.255.255.255 10.1.11.2".
Then the ping to 8.8.8.8 will be successful as long as your router can reach ISP1 and then the default route will be installed.
If you disable the link to ISP1, the ping will fail and the alternate route to ISP2 will appear in the routing table.

Dear;

When I do this : 

VXR1(config)#no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 track 1
VXR1(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
VXR1(config)#do show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, FastEthernet0/0
*Apr 3 14:44:24.735: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up

VXR1#ping 8.8.8.8 source f0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.1.11.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/19/24 ms

the moment i'll add the track 1 to the IP Route, F0/0 wont be reachable to 8.8.8.8 , this is the part that i didnt understand.

Thanks in advance.

Well, that is the logic error I mentioned.

If you create the default route to ISP1 without track, then the ping to 8.8.8.8 is successful, of course, as the default route is immediately installed in the routing table.

However, if you create the default route to ISP1 with track, then the route will only be installed if the ping 8.8.8.8 is successful BEFORE installing the default route. The track acts like a condition that has to be met BEFORE the route can go into the routing table.

Therefore, it is best practice to add a dedicated route to your ping destination as mentioned in my previous post.
Did you check this?

I did sir but it didn't solve my issue.

inserting a root towards the 8.8.8.8 will make my configuration like this : 

 !
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 track 1
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 10
ip route 8.8.8.8 255.255.255.255 FastEthernet0/0
!

when ISP1 is down, the root 8.8.8.8 will remain in the routing table.

my lab purpose is to forward all traffic towards ISP1 (primary), if it is down then ISP2 (secondary), once ISP1 is back, we forward traffic back to the primary ISP.

Thank you for your feedback sir

The route to 8.8.8.8 will remain in the routing table because you did NOT configure the route as proposed.

Your static route points to interface Fa0/0 of your VXR1 router. Hence the route will remain in the routing table as long as this interface is up and running. So it does not matter whether ISP1 is reachable or not, especially if you use IOL node types where interfaces remain UP even if you disable the link.

Therefore, it is best practice to use the next hop IP address for static routes and not the outgoing interface.
Give it a try and check the difference.

Hi dear,

i did configure the ip route using the next hop IP Addr but it dosen't make any diffrence since the interface that gets down is the L0 of ISP1 and no the next hop interface.

thank you for your feedback.

hakim99
Level 1
Level 1

Another Update : 

when the Loo0 of ISP1 is Down, the traffic is sent to ISP2 and the ping is reachable. 

but once the ISP1 is UP again, the traffic isn't going back to ISP1.

Same here.

The default route to ISP2 has no track, hence it is installed in the routing table you can reach the loopback of ISP2.

The track uses the source IP 10.1.11.1 so this track can only be UP, if the loopback of ISP1 is reachable.
Can you reach the loopback of ISP1 if the default route points to ISP2? No!
Can you reach the loopback of ISP1 BEFORE the other default route to ISP1 is installed in the routing table? No!

Everything you described in your posts is the result of the very same logic error.
So follow the best practices and add the dedicated route to the loopback of ISP1 as mentioned in my first post and see how it makes a difference.