cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2302
Views
4
Helpful
23
Replies

IP SLA ROUTE PROBLEM VRF

dmbnex
Level 1
Level 1

Hi All,

Im trying to get a very basic operation of ip sla with reachibility tracking to trigger route decision between two links.

Link 1 - Primary ISP vlan201- is a dhcp link - I need to be able to track an address on internet

Link 2 - Backup LTE link - vlan31 - static ip addressing

both links are terminated in a vrf "inet", there is aslo basic bgp in use locally on the router

what happens is that ip sla comes up with default gw over Link1 but when it goes down the default route is not removed

when I manually remove the default route ip route vrf inet 0.0.0.0 0.0.0.0 Vlan201 dhcp 251 the link 2 route takes over, enabling the link 1 does nothing and when manually pinging the 1.1.1.1 it does not answer when it should.

I have tried removing interface from primary route without it helping.

it may seem that bgp has something to do with this but I'm no sure

 

ip sla configuration:

track 1 ip sla 1 reachability
ip sla 1
icmp-echo 1.1.1.1 source-interface Vlan201
vrf inet
frequency 15

ip route vrf inet 0.0.0.0 0.0.0.0 10.11.12.2 253

ip route vrf inet 0.0.0.0 0.0.0.0 Vlan201 dhcp 251

interface Vlan201
vrf forwarding inet
ip dhcp client route track 1
ip address dhcp
end

bgp config:

address-family ipv4 vrf inet
redistribute connected
redistribute static
default-information originate
exit-address-family

vrf:

vrf definition inet
rd 65000:1
route-target export 65000:1
route-target import 65000:1
route-target import 65000:2
!
address-family ipv4
route-target export 65000:1
route-target import 65000:1
route-target import 65000:2
exit-address-family
!

Have you guys seen same behavior, or am I just blind and cant see the obvious in front of me?

Thanks

Equipment in use is Cisco ISR C1100 router with IOS-XE 17.6.5

1 Accepted Solution

Accepted Solutions

dmbnex
Level 1
Level 1

Hi again,
After moving ip sla to global, importing routes to/from vrf/global this worked with both ip sla tracking and route failover from another vrf.

I will probably use some kind of firewall with policy based routing/probe to achieve this as Cisco is way to unpredictable for me as ip sla sometimes works and sometime does not(even i global)

View solution in original post

23 Replies 23

icmp-echo 1.1.1.1 source-interface Vlan201

ip route vrf inet 1.1.1.1 255.255.255.255 Vlan201 dhcp permanent 


@MHM Cisco World wrote:

icmp-echo 1.1.1.1 source-interface Vlan201

 


I already have this under the ip sla statement, what are you trying to explain her?

 


@MHM Cisco World wrote:

ip route vrf inet 1.1.1.1 255.255.255.255 Vlan201 dhcp permanent 


How will this help to force the tracking to remove/add the routes?

making it stick if interface goes down?
in my testing I just disabled the remote side of 1.1.1.1 so interface vl201 stayed UP regardless

 

 

OK, remove the 

ip route vrf inet 0.0.0.0 0.0.0.0 Vlan201 dhcp 251

ping 1.1.1.1 are the ping success or not ?( use ping with VRF aware )


@MHM Cisco World wrote:

OK, remove the 

ip route vrf inet 0.0.0.0 0.0.0.0 Vlan201 dhcp 251

ping 1.1.1.1 are the ping success or not ?( use ping with VRF aware )


ok, I have tried this. When the sla is UP(to begin with) it works fine, when I bring down 1.1.1.1 manually and track 1 goes down the secondary route is not taking over, I remove it and reenable vl201 and 1.1.1.1, it will not respond to icmp as somehow interface prevents it from passing traffic even when it should.

when tracking is removed from interface and route, all works as it should

 

I dont have access to the lab today so Im unable to provide testing results

I have time to run lab and you can see immediate after I add static route with permanent the track change from Down to UP.
do this and your floating static route will run fine.

Screenshot (397).png


@MHM Cisco World wrote:

I have time to run lab and you can see immediate after I add static route with permanent the track change from Down to UP.
do this and your floating static route will run fine.

Screenshot (397).png


Hi and thank you taking time and testing this but,

it seems that permanent route is only available for static routes and not for dhcp:

router(config)#ip route vrf inet 1.1.1.1 255.255.255.255 vl201 ?
<1-255> Distance metric for this route
A.B.C.D Forwarding router's address
dhcp Default Gateway obtained from DHCP
multicast multicast route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
track Install route depending on tracked item
<cr> <cr>

router(config)#ip route vrf inet 1.1.1.1 255.255.255.255 vl201 dhcp ?
<1-255> Distance metric for this route

 

ip route vrf inet 1.1.1.1 255.255.255.255 vl201 permanent
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface

it accepts, more longer route but it's not permanent and will not work:

ip route vrf inet 1.1.1.1 255.255.255.255 Vlan201 dhcp

 

*Mar 17 23:32:52.772: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
router#sh ip route vrf inet

Routing Table: inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected

Gateway of last resort is 10.10.201.1 to network 0.0.0.0

S* 0.0.0.0/0 [251/0] via 10.10.201.1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.201.0/24 is directly connected, Vlan201
S 10.10.201.1/32 [251/0] via 10.10.201.1, Vlan201
L 10.10.201.36/32 is directly connected, Vlan201
172.24.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.24.16.8/29 is directly connected, Vlan31
L 172.24.16.9/32 is directly connected, Vlan31

router#
router#sh ip route vrf inet track-table
ip route vrf inet 0.0.0.0 0.0.0.0 10.10.201.1 251 track 1 state is [down]
ip route vrf inet 1.1.1.1 255.255.255.255 Vlan201 10.10.201.1 250 track 1 state is [down]

We need permanent with static here

Other solution will make route to 1.1.1.1 always up

I will check how we can solve this issue of permanent and dhcp in static route.

Hello
Your iplsa /route track configuration is okay, but the conditional routing will ONLY work IF the tracked ip address is not reachable via the default route, as when tracked ip fails the ISP1 static default will be removed and the ISP2 default takes over, however when the tracked ip is again reachable the ISP1 primary default won’t be re-entered into the route table as it doesn’t have a specific route to the tracked ip.

Additionally another problem may arise with flapping of the two defaults if your tracked ip becomes reachable via ISP 2 as such ip sla will come up and then the primary default will be installed then fail, with this continuously repeating

So as @MHM Cisco World  shows if you have a specific route to that tracked ip then the conditional failover should work, 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul


@paul driver wrote:

Hello
Your iplsa /route track configuration is okay, but the conditional routing will ONLY work IF the tracked ip address is not reachable via the default route, as when tracked ip fails the ISP1 static default will be removed and the ISP2 default takes over, however when the tracked ip is again reachable the ISP1 primary default won’t be re-entered into the route table as it doesn’t have a specific route to the tracked ip.


Hi Paul and thanks for time to explain. I understand what you mean by the tracking not being able to reach the destination when there is not default route.

 


@paul driver wrote:

Additionally another problem may arise with flapping of the two defaults if your tracked ip becomes reachable via ISP 2 as such ip sla will come up and then the primary default will be installed then fail, with this continuously repeating

So as @MHM Cisco World  shows if you have a specific route to that tracked ip then the conditional failover should work, 


Im not sure this is completely correct as sla is explicitly set up to probe an address with the source interface facing ISP1

anyway, as I replied above, it does not allow me to set a dhcp permanent route

hello


@dmbnex wrote:
Hi Paul and thanks for time to explain. I understand what you mean by the tracking not being able to reach the destination when there is not default route.
anyway, as I replied above, it does not allow me to set a dhcp permanent route


Its not required tbh , try the following:

ip route  vrf inet 1.1.1.1 255.255.255.255 vlan 201 
or
ip route  vrf inet 1.1.1.1 255.255.255.255 vlan 201  x.x.x.x < next hop ip> - Preferred as the router wont arp for the route

 


@dmbnex wrote:

not sure this is completely correct as sla is explicitly set up to probe an address with the source interface facing ISP1


The sla probe is only polling sourced from vlan 201, as long as the tracked ip can be reached (via isp1 or isp2) it does not care


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul


@paul driver wrote:

hello


@dmbnex wrote:
Hi Paul and thanks for time to explain. I understand what you mean by the tracking not being able to reach the destination when there is not default route.
anyway, as I replied above, it does not allow me to set a dhcp permanent route


Its not required tbh , try the following:

ip route  vrf inet 1.1.1.1 255.255.255.255 vlan 201 
or
ip route  vrf inet 1.1.1.1 255.255.255.255 vlan 201  x.x.x.x < next hop ip> - Preferred as the router wont arp for the route

 


I already have, 

ip route vrf inet 1.1.1.1 255.255.255.255 Vlan201
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface

 



The sla probe is only polling sourced from vlan 201, as long as the tracked ip can be reached (via isp1 or isp2) it does not care


ok, that makes sense

 

I have now tried the lab outside of the vrf configuration and with static 1.1.1.1 route it works as intended, thanks

this raises the question if this will work inside a vrf, I recond I would need to use dhcp route for 1.1.1.1

I will be giving this a try this weekend and report back

Hello

It should make difference in/out of a vrf , you could try using a basic ipv4 ip vrf instead of the definition vrf you currently have running?

 

Regards the static route pertaining to the tracked route, Your next-hop ip address shouldn't really change, so you could specify it in the static as in my previous post.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

the gateway/ip has change on me before and I really cannot rely on it staying same. It also happens that gateway is up but the something does not route correctly

I could try tracking with state instead of reachibility with both 1.1.1.1 and my def.gateway if one of two fails then the condition is true but that would be next if I get vrf-aware ip sla working.

I run lab and spent 1 hours, there is no solution for track under interface and DHCP with VRF aware. 
but I solve the issue without any track 
under the dhcp interface use the below config 
ip dhcp client request route
ip dhcp client default-route distance <x> 
ip add dhcp 

when the router get IP from the DHCP server it will add automatic default route toward the default gw receive from dhcp server and with distance we can specify with commands above 

Screenshot (408).png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: