12-15-2023 02:15 AM
dears,
we have dmvpn connection between HQ and bracnhes through ISP's mpls.
the topology: cisco 4321(branch)--ISP mpls-->dmvpn hub (HQ)-->internet router-->ISP internet
Now we configure backup line.
main line is in gi0/0/0 port
backup line is in gi0/0/1
we need to write sla which will ping default gateway of ISP internet side (f.e.8.8.8.8) and if connection will go down switch default route from dmvpn Tunnel1 to gi0/0/1.
between HQ and bracnhes we use OSPF (170 ad) and I configure backup route with ad 200.
i configure sla with event manager but it is not worked:
ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
delay down 15 up 30
event manager applet ChangeRoute
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 gi0/0/1 10"
action 4.0 cli command "end"
event manager applet RevertRoute
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 gi0/0/1 10"
action 4.0 cli command "end"
also configure sla and attach track to route config:
ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel1
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
delay down 15 up 30
ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track 1
ip route 0.0.0.0 0.0.0.0 gi0/0/1 200
both options didn't work.
12-15-2023 04:00 AM
Hello
so you have a ospf learned default of 170
so why in your OP do you have a primary static default with an ad of 1 being tracked -
It seems i have missed something in your OP or misinterpreted your o jextive?
12-16-2023 12:32 AM
Sorry, maybe i didn't catch what you mean,
but if you talking about
ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track1 - this 1 then it is sla number. i configure ip sla 1 and tag this to the default route (via OSPF). and logically when ping to 8.8.8.8 will lost and conditions of sla will be matched and the backup line become main (with ad 200). but it is not working.
ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel1
timeout 1000
frequency 5
track 1 ip sla 1 reachability
delay down 15 up 30
ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track 1
ip route 0.0.0.0 0.0.0.0 gi0/0/1 200
12-16-2023 01:52 AM
Friend now let clear issue here
Spoke - hub
1- Hub inject defualt route toward spoke via ospf AD=170
2- spoke
A- spoke have two routing table one global and other front VRF
A-1 spoke use front VRF
tunnel vrf IWAN-TRANSPORT-2
This front vrf only use for tunnel to reach Hub.
A-2 the global is use for LAN behind spoke to reach hub LAN and to reach internet via defualt route inject by Hub.
B- we need to make LAN use DIA (direct internet access) when the defualt route learn via hub is not more available in global routing table
This as @paul driver mention before no need IP SLA since we can play with AD' we will make defualt route toward DIA interface have AD more than 170
C- now we need NAT overload' but this NAT must config with route-map' route-map'
#Route-map MHM permit 10
#Match internal DIA interface
#Match ip address 100 (acl 100 from LAN to any)
!
Ip nat inside source route-map MHM DIA interface overload
Note:- dont forget to add
Ip nat inside to LAN interface
Ip nat outside to DIA interface
Hope this what you looking for
MHM
12-16-2023 04:01 AM
12-16-2023 04:13 AM
That what difference from my previous answer?
I imagine the topolgy and it exactly what you have.
DIA interface is interface g0/0/1
You need static route toward it with AD more than 170
No need IP SLA the table will select lower AD since ospf is lower then select
BUT BUT
The hub inject defualt route will not inject it if it loss ISP internet <- here if hub always inject defualt route even if it ISP internet link is down (that not good) then you can use ip sla but this time we use EEM track status if down then we add static route toward DIA with AD lower than OSPF (ad 170) ' if UP we remove this static route.
Finally
You need NAT overload to DIA interface with route-map as I mention above.
Waiting your answer
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide