Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
2
Replies

ip sla for application failover

sasaunde1
Level 1
Level 1

‎04-16-2008 08:08 PM - edited ‎03-03-2019 09:35 PM

I am trying to implement ip sla to monitor a CSS VIP in Site A. If that VIP goes down I would like the traffic to go to another route. I also tag that traffic with precedence. During the failure the tagged traffic should have the destination IP NAT'd to a private IP for our Disaster Recovery CSS setup. The main issue I have is that the icmpEcho are getting NAT'd even though I built a route map and NAT command that should only NAT tagged traffic. I do not see hits on my route map, but when I debug nat I see the icmpEcho getting NAT'd. This issue causes a ping to come in correctly for IP SLA and then the traffic starts to flap. I tried to block icmpecho from the failover router, but then my weighed route never leaves the initial router and hence never returns the traffic back to the production site when it comes back up. Please let me know if you have seen the icmpecho get NAT'd and how you got around that issue.

Thank you,

Sam

Labels:
0 Helpful
2 Replies 2

mheusing
Cisco Employee
Cisco Employee

‎04-16-2008 10:31 PM

Hi,

May we have a look at your configuration of the IP SLA and especially the NAT features?

Please also provide info about your hardware and your IOS version.

Thank you in advance.

Regards, Martin

0 Helpful

sasaunde1
Level 1
Level 1
In response to mheusing

‎04-17-2008 08:20 AM

I have added 2 attachments, my customer facing vpn router (it has ip sla and tagging on it). The second one is internal vpn router and it does the natting. I added the debug nat on it to show the icmpEcho getting natted.

I am pinging 1.2.3.4 host at a local site via 1 route getting tracked by 198. When the sla fails the traffic goes to the internal router via the weighed 250 route. That router looks for tagged traffic and nat's it to the private IP address.

When we 1st turn up our lab the ip sla stays in timeout, but as soon as we perform the failure the icmpEchos continue to get natted and flap the sla routes. We have attempted to deny icmpEcho in a route map to deny that traffic from being natted, but it still does. We can see it from the debug nat.

Any info would be greatly appreciated.

Thanks,

Preview file
3 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card