01-30-2014 02:47 PM - edited 03-04-2019 10:13 PM
Hello Experts,
I have a qustion for all of you one IP SLA Tracking. I have been trying to figure this one out for a couple of days and it's bugging me. I am trying to do a simple failover between ISP 1 and ISP 2. Issue is they are not on the same router but separated between a Point-to-Point connection.
The drawing is what is in production, what I have in my configs is a dumbed down version in my lab using 5 different 1800s.
Here's my configs:
LOC_A
!
!
track 1 ip sla 1 reachability
delay down 5 up 1
!
track 2 ip sla 2 reachability
delay down 5 up 1
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0:1
ip address 10.250.240.5 255.255.255.252
encapsulation ppp
!
router eigrp 1
redistribute static route-map ROUTE
network 10.250.240.4 0.0.0.3
network 10.250.240.8 0.0.0.3
network 10.250.240.12 0.0.0.3
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.162.1.254 2 track 1
ip route 0.0.0.0 0.0.0.0 192.168.3.254 3 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.254 5
ip http server
no ip http secure-server
!
!
!
ip sla 1
icmp-echo 12.249.198.237 source-ip 192.168.1.1
timeout 1000
threshold 2
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8
frequency 10
ip sla schedule 2 life forever start-time now
access-list 101 permit icmp host 192.168.1.1 host 12.249.198.237
disable-eadi
!
!
!
!
route-map IP_SLA_PINEBLUFF permit 10
match ip address 101
set ip next-hop 192.168.1.254
!
route-map ROUTE permit 10
match ip address 101
set ip next-hop 192.168.1.254
!
!
LOC B
!
!
track 1 ip sla 1 reachability
!
!
!
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:1
no ip address
encapsulation ppp
!
interface Serial0/0/1:1
ip address 10.250.240.6 255.255.255.252
encapsulation ppp
!
router eigrp 1
redistribute static
network 10.250.240.4 0.0.0.3
network 10.250.240.8 0.0.0.3
network 10.250.240.12 0.0.0.3
network 192.168.3.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.3.254 250 track 1
ip http server
no ip http secure-server
!
!
!
ip sla 1
icmp-echo 12.249.198.237 source-ip 192.168.3.1
timeout 1000
threshold 2
frequency 5
ip sla schedule 1 life forever start-time now
access-list 101 permit icmp host 192.168.3.1 host 12.249.198.237
disable-eadi
!
!
!
!
route-map IP_SLA permit 10
match ip address 101
set ip next-hop 192.168.3.254
!
route-map ROUTE permit 10
match ip address 101
set ip next-hop 192.168.3.254
!
!
I have tried this several differnet ways. I've tried it without IP SLA commands on LOC B router as well as several different scenarios of the config.
The main issue is I can get the tracks on LOC A to work, but the defaultt route never gets distributed to LOC B router. The route bounces back and forth in a loop between the two P2P interfaces.
Any ideas on I can do to fix it?
I've read a hundred different postings, web blogs as well as Cisco Press books but can't find the one correct config that makes it all work.
Thanks. Brandon
01-30-2014 02:57 PM
Brandon,
Can you tell us exactly how you want the traffic to flow? I see your diagram, but what's supposed to happen should Location A lose the Internet circuit? Is the "Outside" interface on the left side of the topology a firewall that shouldn't be taken into consideration for this issue? I can lab this up if needed, but I need to figure out what you're wanting to happen
What is the default gateway for users on the right side? Are they using 192.168.3.1 or .254, or is there pbr on the switch?
HTH,
John
*** Please rate all useful posts ***
01-30-2014 03:07 PM
John,
Traffic is to flow out the Primary Internet at Location A. In the event that circuit goes down, I would like to roll traffic to Location B internet. So on my Production router I have both Internet and Private P2P connections. To segment them, I did VRF-Lite so that I could have Public Internet and Private on the same router, that's why you see the FW in the diagram. It has a Default route to the FW Inside address.
Ip route 0.0.0.0 0.0.0.0 192.168.1.254 <-- Private traffic to FW
ip route vrf INT_VRF 0.0.0.0 0.0.0.0 Multilink1 <-- Internet Pipe
Now that's production configs.
My lab configs are almost the same just dumbed it down a little. I shut down the Interface Internet interface (within my lab) to simulate an outage. I can watch the track statements kick in and change the default route to 192.168.3.254. The problem is Location B never gets updated and still has its default route pointing to 10.250.240.5 (Location A). So the traffic just bounces back and forth in a loop.
Hope I cleared up what you was asking. Let me know if I answered your question. Thanks, Brandon
01-30-2014 05:56 PM
Brandon,
How does your Location B get its default route now? From what I'm seeing, I see a static route to the 192.168.3.254 as a next hop, so I would assume that's in your routing table unless you're learning the default from somewhere else. I don't see where you're advertising a default at A.
Thanks,
John
01-30-2014 06:33 PM
John,
To be honest I've changed it so many times I don't really think I am in this config. That's one of my issues. I've tried it with floating static routes along with the default route with the track statement.
IE.
Ip route 0.0.0.0 0.0.0.0 192.168.1.254 10
Ip route 0.0.0.0 0.0.0.0 192.168.3.254 200
If I do this it still gets stuck on Location B on the P2P connection.
Thoughts?
01-30-2014 06:48 PM
So, you want Location B to go over the P2P link towards location A unless location A loses it's link? If it loses the link, you want it to go out of it's own local internet and have location A use location B's internet as well? I'm labbing this as we speak...
HTH,
John
*** Please rate all useful posts ***
01-30-2014 07:04 PM
Correct. Location A is the primary Internet connection with the bigger pipe. If it drops all traffic is then sent to Location B Internet pipe.
FYI I don't have to use EIGRP if that helps.
Thanks. Brandon
01-30-2014 07:52 PM
Brandon,
I was able to get this to work, but I'm not sure if it's the same type of setup you have. I have three routers laid out in a triangle. The top router is serving as the ISP and has a loopback address of 1.1.1.1/24. I have the 2nd router at the bottom left and it has a default route pointing to R1 and a floating route pointing to R3 (bottom right) pointing to the p2p subnet of 192.168.23.0/24. I'm sharing the 192.168.23.0/24 between R2 and R3:
R1
/ \
/ \
/ \
R2 ---- R3
SLA is configured on R2 and R3:
R2:
ip sla 1
icmp-echo 172.12.0.1 source-interface FastEthernet0/0
ip sla schedule 1 life forever start-time now
track 1 rtr 1 reachability
ip route 0.0.0.0 0.0.0.0 172.12.0.1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.23.3 254
R3:
track 1 rtr 1 reachability
ip route 0.0.0.0 0.0.0.0 192.168.23.2 track 1
ip route 0.0.0.0 0.0.0.0 172.13.0.1 254
ip sla 1
icmp-echo 1.1.1.1 source-interface FastEthernet0/1
frequency 5
ip sla schedule 1 life forever start-time no
1.1.1.1 resides on R1 to simulate a host on the internet. When I shut the interface that leads toward R1, R2 tracking fails and points the default route to 192.168.23.3 on R3. R3 cannot ping 1.1.1.1 any longer because the wan circuit on R2 is shut, so it drops the 192.168.23.2 route and adds the default route that points out of the wan interface that leads to R1.
I am running eigrp between these routers btw...
HTH,
John
01-30-2014 08:24 PM
Okay I'll try this. Shoot me exactly how you have EIGRP on both routers so I'll have the whole config.
01-31-2014 03:27 AM
It was a basic eigrp config:
R2:
router eigrp 100
no auto
network 192.168.23.0
network 172.12.0.0 0.0.0.255
R3:
router eigrp 100
network 172.13.0.0 0.0.0.255
network 192.168.23.0
no auto-summary
The 172.12.0.0/24 and 172.13.0.0/24 are the wan interfaces that lead to R1.
HTH,
John
*** Please rate all useful posts ***
01-31-2014 02:21 PM
John
Wanted to let you know I solved it. Remember I said I kept getting stuck in a routing loop on my P2P connection. So it finally came to me while I was debugging earlier this morning. If I make both routers ping the same IP on the outside and both remove the default route and point to where it needs to go on Location B network, then they both get updated and traffic flows as it should. Once the link comes up, the routes fail back to where they were....
Here's my final config:
LOCATION A
!
track 1 ip sla 1 reachability
delay down 10 up 1
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/0:1
ip address 10.250.240.5 255.255.255.252
encapsulation ppp
!
router eigrp 1
network 10.250.240.4 0.0.0.3
network 10.250.240.8 0.0.0.3
network 10.250.240.12 0.0.0.3
network 192.168.1.0
no auto-summary
!
THESE TWO LINES ARE WHAT MAKES IT WORK OR NOT
ip route 0.0.0.0 0.0.0.0 192.168.1.254 100 track 1
ip route 0.0.0.0 0.0.0.0 192.168.3.254 254
!
ip sla 1
icmp-echo 12.249.198.237 source-interface FastEthernet0/0
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
****************************************************************************************************************
LOCATION B
!
track 1 ip sla 1 reachability
delay down 10 up 1
!
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0/1:1
ip address 10.250.240.6 255.255.255.252
encapsulation ppp
!
router eigrp 1
network 10.250.240.4 0.0.0.3
network 10.250.240.8 0.0.0.3
network 10.250.240.12 0.0.0.3
network 192.168.3.0
no auto-summary
!
THESE TWO LINES ARE WHAT MAKES IT WORK
ip route 0.0.0.0 0.0.0.0 192.168.1.254 100 track 1
ip route 0.0.0.0 0.0.0.0 192.168.3.254 254
ip sla 1
icmp-echo 12.249.198.237 source-interface FastEthernet0/0
threshold 2
ip sla schedule 1 life forever start-time now
Thanks for your help....
01-31-2014 05:14 PM
Glad to hear you got it working!
HTH,
John
*** Please rate all useful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide