Solved: IP SLA problems

rasoftware · ‎02-23-2006

have this config

ip sla 1

icmp-echo 62.6.200.5

timeout 1000

threshold 2

frequency 3

ip sla schedule 1 life forever start-time now

track 100 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 "our-next-hop" track 100

ip route 0.0.0.0 0.0.0.0 Dialer0 254

ip nat inside source route-map ispA interface FastEthernet0 overload

ip nat inside source route-map ispB interface Dialer0 overload

access-list 40 remark IPs for NAT policy

access-list 40 permit 192.0.0.0 0.255.255.255

access-list 101 permit icmp any host 62.6.200.5 echo

route-map LOCAL_POLICY permit 10

match ip address 101

set interface FastEthernet0

!

route-map ispB permit 10

match ip address 40

match interface Dialer0

!

route-map ispA permit 10

match ip address 40

match interface FastEthernet0

!

The track doesn seem to work, when I have default route to metric 1 and no track it works.

I have this config working where I have two DSL ports but this has 1 DSL and 1 FE.

Will this work?

pkhatri · ‎02-23-2006

Hi,

Can you change your route-map to look like below:

route-map LOCAL_POLICY permit 10

match ip address 101

set ip next-hop 195.x.x.x

Make 195.x.x.x the same as what you have in your static route and re-try your tests

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

pkhatri · ‎03-08-2006

Alright... can you change your icmp-echo statement so that it reads like the following:

icmp-echo 217.32.63.202 source-interface FastEthernet0

Then, repeat your tests :-)

Paresh

View solution in original post

pkhatri · ‎02-23-2006

Hi,

I presume you can do a ping to 62.6.200.5 without any problems.

Have you got the following configured:

ip local policy route-map LOCAL_POLICY

Paresh

rasoftware · ‎02-23-2006

Yes ip local policy route-map LOCAL_POLICY .

If I change the route to a normal static I can ping that address.

rasoftware · ‎02-23-2006

I have attached a more complete config

attrgautam · ‎02-23-2006

Have you started the IP sla using

ip sla schedule 1 life forever start-time now

If yes, can you show the output of

sh ip sla statistics and sh track

rasoftware · ‎02-23-2006

Looks like it not working, I have also tried another IP as the ping address:

Track 100

Response Time Reporter 1 reachability

Reachability is Down

3 changes, last change 01:38:32

Latest operation return code: Timeout

Tracked by:

STATIC-IP-ROUTING 0

Track 100

Response Time Reporter 1 reachability

Reachability is Down

3 changes, last change 01:38:32

Latest operation return code: Timeout

Tracked by:

STATIC-IP-ROUTING 0

rasoft-gw#sh ip sla stat

Round Trip Time (RTT) for Index 1

Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: *14:28:29.339 PCTime Thu Feb 23 2006

Latest operation return code: Timeout

Number of successes: 0

Number of failures: 54

Operation time to live: Forever

pkhatri · ‎02-23-2006

Hi,

Can you change your route-map to look like below:

route-map LOCAL_POLICY permit 10

match ip address 101

set ip next-hop 195.x.x.x

Make 195.x.x.x the same as what you have in your static route and re-try your tests

Hope that helps - pls rate the post if it does.

Paresh

rasoftware · ‎02-24-2006

Thanks Paresh - helped me out yet again! Much appreciated

rasoftware · ‎03-08-2006

Still having a little trouble with this. The FastEthernet primary WAN keeps declaring the route down.

Track 100

Response Time Reporter 1 reachability

Reachability is Down

1 change, last change 1w0d

Latest operation return code: Timeout

Tracked by:

STATIC-IP-ROUTING 0

and

Round Trip Time (RTT) for Index 1

Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: *09:35:09.847 PCTime Wed Mar 8 2006

Latest operation return code: Timeout

Number of successes: 0

Number of failures: 48

Operation time to live: Forever

When it first boots it works for a while, I dont know why it switchs to the fail over link. It also never switches back.

I have tried using a different destination ICMP address but its the same.

I post complete config for clarity.

pkhatri · ‎03-08-2006

Could you try the following and post the output:

debug ip policy

ping 217.32.63.202

Thanks,

Paresh

rasoftware · ‎03-08-2006

It does now fail over, when i disabled FE as test it switched to backup ADSL. However, it has not switched back.

I run you command (both links available - using dialer:

rasoft-gw#debug ip policy

Policy routing debugging is on

rasoft-gw#ping 217.32.63.202

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 217.32.63.202, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

When I re-run (after a reload I get)

rasoft-gw#sh track

Track 100

Response Time Reporter 1 reachability

Reachability is Up

2 changes, last change 00:00:24

Latest operation return code: Over threshold

Latest RTT (millisecs) 16

Tracked by:

STATIC-IP-ROUTING 0

rasoft-gw#debug ip policy

Policy routing debugging is on

rasoft-gw#ping 217.32.63.202

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 217.32.63.202, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/20 ms

Doing sh ip route indicates dialer is still primary despite FE being up:

S* 0.0.0.0/0 is directly connected, Dialer0

i also notice that non of the policy based routes are being used:

rasoft-gw#sh route

route-map LOCAL_POLICY, permit, sequence 10

Match clauses:

ip address (access-lists): 101

Set clauses:

ip next-hop 195.172.169.x

Policy routing matches: 1913 packets, 122612 bytes

route-map ispB, permit, sequence 10

Match clauses:

ip address (access-lists): 40

interface Dialer0

Set clauses:

Policy routing matches: 0 packets, 0 bytes

route-map ispA, permit, sequence 10

Match clauses:

ip address (access-lists): 40

interface FastEthernet0

Set clauses:

Policy routing matches: 0 packets, 0 bytes

rasoftware · ‎03-08-2006

Ok I think i have spotted my own problem:

Timeout set to 2 (chaned 1500)

no frequency set

I have changed these will post back if still unreliable

pkhatri · ‎03-08-2006

One other thing, mate...

Change your route-map so that it looks like this:

route-map LOCAL_POLICY permit 10

match ip address 101

set ip next-hop 195.172.169.99

set interface null0

Paresh

rasoftware · ‎03-08-2006

thanks Paresh, I have made the change and will monitor.

Whats the significance of the null0?

Also, I found this which was helped me for anyone looking a PBR.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html#wp1071380

pkhatri · ‎03-08-2006

The 'interface null0' statement means that the ping packet will only be sent out the specified IP next-hop. If that next-hop is down, it will be dropped. The point of this is to ensure that the ping only succeeds when sent out through the interface being monitored. There could be other ways of getting out but we are only interested in monitoring this interface.

Hope that helps - pls rate the post if it does.

Paresh