Solved: IP SLA - TRACKING - ISPs

BobGreer65666 · ‎09-09-2021

Hi there,

Thanks for reading.

My small network has a new egress. We have a legacy 0.0.0.0/0 route pointing to original egress. I'm looking to automate failover in the event of ISP issues. I'm thinking to apply a static floating weighted default route on both core switches (one core switch per egress).

I'm watching videos about applying IP SLAs (echoes to remote public IPs with delays - both up & down), tying it to a TRACK and tying the static floating default to the TRACK.

Are there pitfalls to watch out for?

I attached a high level view.

Thanks!

Bob

Georg Pauwen · ‎09-10-2021

Hello,

almost right, but an administrative distance of 255 won't work:

--> If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.

So use the configs below:

Exec side

ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core

NWI side

ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.0.0.1 250 name Exec Core

View solution in original post

balaji.bandi · ‎09-09-2021

As per the Digram - are you terminating the Links directly to FW ? what model FW is this ?

If the Link Not directly connecting to FW, what device you using to connect to your ISP, they are 2 Router or 1 Router ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BobGreer65666 · ‎09-09-2021

Hi Balaji,

Thanks for writing!

The Exec side has a Sophos XG310. The NWI side has a Cisco FTD 1150. The Exec side has a Catalyst switch between Sophos and our demarc. The NWI FTD is directly connected to our ISP.

Thanks again!

Georg Pauwen · ‎09-09-2021

Hello,

looking at your diagram, a simple IP SLA on both core switches is probably enough, with one default route pointing towards the respective firewall, and the default route with the higher administrative distance pointing towards the other switch.

How far are you with configuring this ?

BobGreer65666 · ‎09-10-2021

Hi Georg,

I'm only putting commands into Notepad so far. I'll select a different public IP for NWI for the SLA reachability testing.

ip sla 1
imcp-echo 8.8.8.8
freq 5

ip sla sched 1 life forever start-time now

track 1 ip sla 1 reachability
delay down 60 up 15

Exec side

ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress

ip route 0.0.0.0/0 10.1.0.1 255 name NWI Core

NWI side

ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress

ip route 0.0.0.0/0 10.0.0.1 255 name Exec Core

balaji.bandi · ‎09-10-2021

yes that should work - But i would suggesting using source IP towards ISP for better outcome

example :

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎09-10-2021

Hello,

almost right, but an administrative distance of 255 won't work:

--> If the administrative distance is 255, the router does not believe the source of that route and does not install the route in the routing table.

So use the configs below:

Exec side

ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core

NWI side

ip route 0.0.0.0/0 10.1.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.0.0.1 250 name Exec Core

BobGreer65666 · ‎09-10-2021

Thank you all for your input!

ode199435 · ‎07-15-2024

hello,

ip sla 1
imcp-echo 8.8.8.8 source-ip x.x.x.x
freq 5
!
ip sla sched 1 life forever start-time now
!
track 1 ip sla 1 reachability
delay down 60 up 15
!
ip route 0.0.0.0/0 10.0.0.250 track 1 name Local egress
ip route 0.0.0.0/0 10.1.0.1 250 name NWI Core

Is this route still effective after Track failure, and what are the actions after Track failure?