Solved: IP SLA Config please check

Patrick Werner · ‎03-08-2013

Hi Communitiy.

I did an SLA config and i'm not sure if it is okay. Can you please check.

Clients from the Vlan 120 and 121 should have a reduntant connection to the two providers.

Thanks for your help.

track 1 ip sla 1 reachability

!

track 2 ip sla 2 reachability

interface GigabitEthernet0/0
description Trunk
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.20.9 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 120
ip address 172.16.20.1 255.255.255.0
ip access-group Lakeside in
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 121
ip address 172.17.20.1 255.255.255.0
ip access-group Lakeside in
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

interface ATM0/0/0
no ip address
no atm ilmi-keepalive

pvc 8/35
pppoe-client dial-pool-number 1
!
interface Ethernet0/0/0
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname

ppp chap password

ip local policy route-map PBR

ip nat translation tcp-timeout 30
ip nat translation udp-timeout 30
ip nat translation icmp-timeout 30
ip nat inside source route-map ISP1 interface GigabitEthernet0/1 overload
ip nat inside source route-map ISP2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2

ip access-list extended ACL_NAT
permit ip 172.16.0.0 0.15.255.255 any
ip access-list extended Lakeside
permit udp any any eq bootps
permit udp any any eq bootpc
deny   ip any 172.16.0.0 0.15.255.255
deny   ip any 192.168.0.0 0.0.255.255
deny   ip any 10.0.0.0 0.255.255.255
permit ip 172.16.20.0 0.0.0.255 any

permit ip 172.16.21.0 0.0.0.255 any
permit ip 172.17.20.0 0.0.0.255 any

permit ip 172.17.21.0 0.0.0.255 any

ip sla auto discovery
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface Dialer1
ip sla schedule 2 life forever start-time now
!
route-map PBR permit 10
match ip address ACL_NAT
set ip next-hop verify-availability 192.168.0.1 1 track 1
!
route-map PBR permit 30
match ip address ACL_NAT
set ip next-hop verify-availability x.x.x.x.x 2 track 2
!
route-map ISP2 permit 30
match ip address ACL_NAT
match interface Dialer1
!
route-map ISP1 permit 10
match ip address ACL_NAT
match interface GigabitEthernet0/1

cadet alain · ‎03-08-2013

Hi,

you should configure a local PBR that uses the correct interface for the pings of ip sla instead of the one you configured which is the same as the non local PBR.

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

vikram singh · ‎03-08-2013

hi Patrick Werner

The above redundant route that u've created must be like

ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 ----------AD=1

ip route 0.0.0.0 0.0.0.0 Dialer1 254 ----------AD=254

here 254 is AD so that it will prefer "track 1" as primary.

Regards

Vikram Singh

View solution in original post

cadet alain · ‎03-08-2013

Hi,

you should configure a local PBR that uses the correct interface for the pings of ip sla instead of the one you configured which is the same as the non local PBR.

Regards

Alain

Don't forget to rate helpful posts.

Patrick Werner · ‎03-15-2013

Can you expain me that a bit more? Can you please show some config examples ?

Thanks in advance

cadet alain · ‎03-15-2013

Hi,

using the source-interface in the IP sla ping probe test is not guaranteeing that the probes will always use the same interface so one way to achieve this is to do a local PBR for your probes that sets the outgoing interface but here it is gonna be a little bit convoluted as you've got dynamic IP on both WAN interfaces and you're probing the same IP.

if you were probing 2 different IPs( 8.8.8.8 for the g0/1 and 8.8.4.4 for the dialer) then you would have something like this:

ip local policy route-map SLA_PROBES

ip access-list extended PROBE1

permit icmp any host 8.8.8.8

ip access-list extended PROBE2

permit icmp any host 8.8.4.4

route-map SLA_PROBES permit 10

match ip address PROBE1

set ip next-hop 192.168.0.1

route-map SLA_PROBES permit 20

match ip address PROBE2

set interface dialer1

Regards

Alain

Don't forget to rate helpful posts.

vikram singh · ‎03-08-2013

hi Patrick Werner

The above redundant route that u've created must be like

ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 ----------AD=1

ip route 0.0.0.0 0.0.0.0 Dialer1 254 ----------AD=254

here 254 is AD so that it will prefer "track 1" as primary.

Regards

Vikram Singh

Patrick Werner · ‎03-15-2013

You're talkig about the metric ? I should set on "ip route 0.0.0.0 0.0.0.0 192.168.0.1" TRACK1 and on that route "ip route 0.0.0.0 0.0.0.0 Dialer1" a METRIC of 254 ?

Right ?