Solved: ip sla checks ISP conection to the internet

NetworkStar · ‎12-08-2023

Hello,

I have a router with two connections to ISP. lately the ISP connections to the internet goes up and down.

my router has 2 static default routes with next hop configured as the ISP interface ip.

I decided to configure 2 IP sla using dns test to public dns server, each one with different source ip as the ip configured on the interface connecting to the ISP.

unfortunately ones the ISP could'nt reach the public dns server both or one of them (sometimes the wrong one ) ip sla test were DOWN, I assumed that the router is checking his route table to determent which interface to route the ip sla and then sees 2 paths to the destination and it does'nt matter from with source ip he was using.

then I configured the ip sla test to be conducted from 2 different source ip's as 2 loopbak addresses. for routing the traffic properly I configured 2 PBRs as follow:

match statement pointing to ACL to match the loopbak ip addresses as source and set statement to the interface connecting to the ISP, as well as proper NAT configurations. the issue again were that sometimes when one of the ISP's could not reach the public dns server, both or the wrong ip sla were DOWN.

how should I configure the IP sla to test the ISP reachabillity to pulic dns server from each interface of the router ?

( just to make it clear I can't use VRF or use any routing protocol with the ISP and would like to use ip sla feature with dns connection to do this test)

Thanks!

MHM Cisco World · ‎12-08-2023

No need pbr' pbr use only for load sharing.

Here the key point is using static route for 8.8.8.8 permanent using next-hop same as IP we need to track.

MHM

View solution in original post

M02@rt37 · ‎12-08-2023

@NetworkStar

you can enhance the solution by combining IP SLA tracking with the interface status. You can track both the IP SLA reachability and the interface status using Object Tracking. If the interface goes down, the corresponding IP SLA should be marked as unreachable.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

NetworkStar · ‎12-10-2023

thank you, the permanent function will do the work with the use of PBR( I can't use all the solution because the other ISP is used and should be active).

View solution in original post

MHM Cisco World · ‎12-08-2023

I dont see config but

You have 8.8.8.8 and 8.8.4.4

And have two ISP

So you need only one IP SLA'

The config will be

Ip route 8.8.8.8 255.255.255.255 isp1 permanent 

Ip route 0.0.0.0 0.0.0.0 isp1 track1 

!

Ip sla 1

Icmp-echo 8.8.8.8 source-interface isp1

!

Ip route 0.0.0.0 0.0.0.0 isp2 100

This way we track one low AD defualt route with ip sla if it down then the router will use second high AD' if it ip sla up then router return use it.

For IP SLA you need static route with permanent to make sure router use this path.

MHM

M02@rt37 · ‎12-08-2023

Hello @NetworkStar

To configure IP SLA to test ISP reachability from each interface of the router without relying on the router's routing table for source determination, you can use this following approach:

--Create two loopback interfaces, one for each ISP connection. Assign unique IP addresses to these loopback interfaces.

interface Loopback0
ip address 1.1.1.1 255.255.255.255

interface Loopback1
ip address 2.2.2.2 255.255.255.255

--Set up two IP SLA operations, each using a different loopback interface as the source IP.

ip sla 1
icmp-echo 8.8.8.8 source-interface Loopback0
frequency 60
!
ip sla schedule 1 life forever start-time now

ip sla 2
icmp-echo 8.8.8.8 source-interface Loopback1
frequency 60
ip sla schedule 2 life forever start-time now

-- two tracking objects to track the IP SLA operations.

track 1 ip sla 1 reachability
track 2 ip sla 2 reachability


--Create two route maps and apply them to the outgoing interfaces based on the tracking results.

access-list 1 permit host 1.1.1.1
access-list 2 permit host 2.2.2.2

route-map PBR1 permit 10
match ip address 1
set interface <ISP1 Interface>

route-map PBR2 permit 10
match ip address 2
set interface <ISP2 Interface>


--Apply the route maps to the outgoing interfaces.

interface <ISP1 Interface>
ip policy route-map PBR1

interface <ISP2 Interface>
ip policy route-map PBR2

Now, the router will use different loopback interfaces as the source IP for the IP SLA operations, and based on the tracking results, it will route the DNS test traffic through the respective ISP interfaces. Adjust the IP addresses, interface names, and other parameters according to your network configuration.

More configuration steps, but this solution provides granular control by using different loopback interfaces as the source for each IP SLA operation. It explicitly defines the source IP for each IP SLA operation, which can be useful for troubleshooting and clarity.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

NetworkStar · ‎12-08-2023

hi,

thank you for the detailed answer.

I think this will work but what if the interface to the ISP will go DOWN, then the PBR will be irrelevent and according to the route table it will use the second default route through the other ISp connection and the IP sla will remain UP.

MHM Cisco World · ‎12-08-2023

No need pbr' pbr use only for load sharing.

Here the key point is using static route for 8.8.8.8 permanent using next-hop same as IP we need to track.

MHM

NetworkStar · ‎12-10-2023

thank you, the permanent function will do the work with the use of PBR( I can't use all the solution because the other ISP is used and should be active).

MHM Cisco World · ‎12-10-2023

You are so so welcome

MHM

M02@rt37 · ‎12-08-2023

@NetworkStar

you can enhance the solution by combining IP SLA tracking with the interface status. You can track both the IP SLA reachability and the interface status using Object Tracking. If the interface goes down, the corresponding IP SLA should be marked as unreachable.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.