cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1474
Views
1
Helpful
19
Replies

ip sla / event manager

asmlicense
Level 1
Level 1

dears,

we have dmvpn connection between HQ and bracnhes through ISP's mpls.

the topology: cisco 4321(branch)--ISP mpls-->dmvpn hub (HQ)-->internet router-->ISP internet

Now we configure backup line.

main line is in gi0/0/0 port

backup line is in gi0/0/1

we need to write sla which will ping default gateway of ISP internet side (f.e.8.8.8.8) and if connection will go down switch default route from dmvpn Tunnel1 to gi0/0/1.

between HQ and bracnhes we use OSPF (170 ad) and I configure backup route with ad 200.

i configure sla with event manager but it is not worked:

ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel
timeout 1000
frequency 5

 

ip sla schedule 1 life forever start-time now


track 1 ip sla 1 reachability
delay down 15 up 30

 

event manager applet ChangeRoute
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 gi0/0/1 10"
action 4.0 cli command "end"

 

event manager applet RevertRoute
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 gi0/0/1 10"
action 4.0 cli command "end"

 

 

also configure sla and attach track to route config:

ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel1
timeout 1000
frequency 5


ip sla schedule 1 life forever start-time now

 

track 1 ip sla 1 reachability
delay down 15 up 30

 

ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track 1
ip route 0.0.0.0 0.0.0.0 gi0/0/1 200

 

both options didn't work.

19 Replies 19

Hello
so you have a ospf learned default of 170

so why in your OP do you have a primary static default with an ad of 1 being tracked - 
It seems i have missed something in your OP or misinterpreted your o jextive?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sorry, maybe i didn't catch what you mean,

but if you talking about

ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track1 - this 1 then it is sla number. i configure ip sla 1 and tag this to the default route (via OSPF). and logically when ping to 8.8.8.8 will lost and conditions of sla will be matched and the backup line become main (with ad 200). but it is not working.

 

ip sla 1
icmp-echo 8.8.8.8 source-interface Tunnel1
timeout 1000
frequency 5

 

track 1 ip sla 1 reachability
delay down 15 up 30

 

ip route vrf IWAN-TRANSPORT-2 0.0.0.0 0.0.0.0 172.31.255.1 track 1
ip route 0.0.0.0 0.0.0.0 gi0/0/1 200

Friend now let clear issue here 

Spoke - hub 

1- Hub inject defualt route toward spoke via ospf AD=170

2- spoke 

A- spoke have two routing table one global and other front VRF

A-1 spoke use front VRF

tunnel vrf IWAN-TRANSPORT-2

This front vrf only use for tunnel to reach Hub.

A-2 the global is use for LAN behind spoke to reach hub LAN and to reach internet via defualt route inject by Hub.

B- we need to make LAN use DIA (direct internet access) when the defualt route learn via hub is not more available in global routing table

This as @paul driver mention before no need IP SLA since we can play with AD' we will make defualt route toward DIA interface have AD more than 170

C- now we need NAT overload' but this NAT must config with route-map' route-map' 

#Route-map MHM permit 10

  #Match internal DIA interface 

 #Match ip address 100 (acl 100 from LAN to any)

!

Ip nat inside source route-map MHM DIA interface overload 

Note:- dont forget to add 

Ip nat inside to LAN interface 

Ip nat outside to DIA interface 

Hope this what you looking for 

MHM

 

 

I attached topology scheme with comment

That what difference from my previous answer? 

I imagine the topolgy and it exactly what you have.

DIA interface is interface g0/0/1 

You need static route toward it with AD more than 170 

No need IP SLA the table will select lower AD since ospf is lower then select

BUT BUT

The hub inject defualt route will not inject it if it loss ISP internet  <- here if hub always inject defualt route even if it ISP internet link is down (that not good) then you can use ip sla but this time we use EEM track status if down then we add static route toward DIA with AD lower than OSPF (ad 170) ' if UP we remove this static route.

Finally 

You need NAT overload to DIA interface with route-map as I mention above.

Waiting your answer 

MHM

Review Cisco Networking for a $25 gift card