09-09-2021 11:23 AM
Hi there,
Thanks for reading.
My small network has a new egress. We have a legacy 0.0.0.0/0 route pointing to original egress. I'm looking to automate failover in the event of ISP issues. I'm thinking to apply a static floating weighted default route on both core switches (one core switch per egress).
I'm watching videos about applying IP SLAs (echoes to remote public IPs with delays - both up & down), tying it to a TRACK and tying the static floating default to the TRACK.
Are there pitfalls to watch out for?
I attached a high level view.
Thanks!
Bob
Solved! Go to Solution.
09-10-2021 09:57 AM
Hello,
almost right, but an administrative distance of 255 won't work:
--> If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.
So use the configs below:
Exec side
ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core
NWI side
ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.0.0.1 250 name Exec Core
09-09-2021 11:40 AM
As per the Digram - are you terminating the Links directly to FW ? what model FW is this ?
If the Link Not directly connecting to FW, what device you using to connect to your ISP, they are 2 Router or 1 Router ?
09-09-2021 11:46 AM
Hi Balaji,
Thanks for writing!
The Exec side has a Sophos XG310. The NWI side has a Cisco FTD 1150. The Exec side has a Catalyst switch between Sophos and our demarc. The NWI FTD is directly connected to our ISP.
Thanks again!
09-09-2021 12:04 PM
Hello,
looking at your diagram, a simple IP SLA on both core switches is probably enough, with one default route pointing towards the respective firewall, and the default route with the higher administrative distance pointing towards the other switch.
How far are you with configuring this ?
09-10-2021 09:06 AM - edited 09-10-2021 09:08 AM
Hi Georg,
I'm only putting commands into Notepad so far. I'll select a different public IP for NWI for the SLA reachability testing.
ip sla 1
imcp-echo 8.8.8.8
freq 5
ip sla sched 1 life forever start-time now
track 1 ip sla 1 reachability
delay down 60 up 15
Exec side
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 255 name NWI Core
NWI side
ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.0.0.1 255 name Exec Core
09-10-2021 09:25 AM
yes that should work - But i would suggesting using source IP towards ISP for better outcome
example :
09-10-2021 09:57 AM
Hello,
almost right, but an administrative distance of 255 won't work:
--> If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.
So use the configs below:
Exec side
ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core
NWI side
ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.0.0.1 250 name Exec Core
09-10-2021 10:27 AM
Thank you all for your input!
07-15-2024 12:38 AM
hello,
ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core
Is this route still effective after Track failure, and what are the actions after Track failure?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide