Solved: Re: IP SLA Tracking Issue

libra_ali786 · ‎11-24-2021

I configured IP SLA on my test environment. I configured IP SLA on my "EdgeRouter" toward the ISP-1 Router and if ISP-1 router goes down then it shift to other ISP-2 Router. The IP SLA triggerd and all the Users request routed to ISP-2. But the problem is my Edge-Router every 15 to 20 sec change the default router towards my ISP-1 router even thoug my ISP-1 still down and then again change toward ISP-2.

The default route flapping continuously.

My question is it default behavior of IP SLA or any configuration error. Please look my attached topology and Tracking error on Edge Router (Message continuously showing after 15 to 20 sec)

My Edge Router Configuration.

!
track 1 ip sla 1 reachability
delay down 10 up 10
!

interface FastEthernet0/0
ip address 192.168.20.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 192.168.30.2 255.255.255.0
duplex full
!
interface FastEthernet2/0
ip address 192.168.10.2 255.255.255.0
duplex full
!

no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.20.1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.30.1 5
!
ip sla 1
icmp-echo 8.8.8.8
threshold 100
frequency 5
ip sla schedule 1 life forever start-time now
!

paul driver · ‎11-24-2021

Hello
Looks like your sla timers are to aggressive.

Try the following and add a local policy route to negate secondary default route from icmp 8.8.8.8:

no ip sla 1
ip sla 1
icmp-echo 8.8.8.8 source-interface fa0/0
timeout 1000
threshold 2000
frequency 15

ip sla schedule 1 start now life forever
track 1 rtr1 reachability

access-list 100  permit icmp host <source ip> host 8.8.8.8 echo
route-map ipsla
match ip address 100
set ip next-hop 192.168.20.1
set interface Null0
ip local policy route-map ipsla

review here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎11-24-2021

Hello,

add either the source-ip or the source-interface to your SLA:

icmp-echo 8.8.8.8 source-ip 192.168.20.2

or

icmp-echo 8.8.8.8 source-interface FastEthernet0/0

libra_ali786 · ‎11-24-2021

Thanks for the reply.

After editing the "icmp-echo 8.8.8.8 source-interface FastEthernet0/0" route flapping continuously and getting the same error on Edge-Router.

Georg Pauwen · ‎11-24-2021

Heljlo,

try the entire IP SLA with just the defaults:




track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 8.8.8.8 source-ip 192.168.20.2
!
ip sla schedule 1 life forever start-time now

libra_ali786 · ‎11-24-2021

same result after IP SLA defaults setting.

paul driver · ‎11-24-2021

Hello
Looks like your sla timers are to aggressive.

Try the following and add a local policy route to negate secondary default route from icmp 8.8.8.8:

no ip sla 1
ip sla 1
icmp-echo 8.8.8.8 source-interface fa0/0
timeout 1000
threshold 2000
frequency 15

ip sla schedule 1 start now life forever
track 1 rtr1 reachability

access-list 100  permit icmp host <source ip> host 8.8.8.8 echo
route-map ipsla
match ip address 100
set ip next-hop 192.168.20.1
set interface Null0
ip local policy route-map ipsla

review here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

libra_ali786 · ‎11-24-2021

It is working fine. Could you please explain the purpose and function of below highlighted line please.

!
!
track 1 ip sla 1 reachability
!
interface FastEthernet0/0
ip address 192.168.20.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 192.168.30.2 255.255.255.0
duplex full
!
interface FastEthernet2/0
ip address 192.168.10.2 255.255.255.0
duplex full
!

ip local policy route-map ipsla
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.20.1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.30.1 5
!
ip sla 1 
icmp-echo 8.8.8.8 source-interface FastEthernet0/0
threshold 2000
frequency 15
ip sla schedule 1 life forever start-time now
access-list 100 permit icmp host 192.168.20.2 host 8.8.8.8 echo
!
route-map ipsla permit 10
match ip address 100
set ip next-hop 192.168.20.1
set interface Null0
!

paul driver · ‎11-24-2021

Hello
Basically what you are doing is negating the primary wan facing ip from pinging the tracked ip ( 8.8.8.8) via the second backup default route and if it does then drop it which will then allow failover to return to the primary path as/when it again becomes available otherwise failover may not return back to the primary as 8.8.8.8 in this case would be still reachable via the back route.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

emurray · ‎11-24-2021

I don't see any NAT and route-maps

!
track 1 ip sla 1 reachability
 delay down 5 up 10
!

ip nat inside source route-map NAT-ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map NAT-ISP2 interface FastEthernet1/0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.2 name ISP1 track 1
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 192.168.30.2 250 name ISP2
ip route 8.8.4.4 255.255.255.255 FastEthernet0/0 192.168.20.2 name force-ISP1
ip route 8.8.4.4 255.255.255.255 Null0 250 name deny-via-ISP2
!
!
ip access-list extended NAT_LAN
 10 permit ip 192.168.0.0 0.0.0.255 any
 30 deny   ip any any log
!
ip sla 1
 icmp-echo 8.8.4.4
  request-data-size 200
  owner SYSADMIN
  threshold 1000
  timeout 3000
  frequency 5
  history hours-of-statistics-kept 25
  history distributions-of-statistics-kept 20
  history lives-kept 2
  history buckets-kept 60
  history filter all
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
!
route-map NAT-ISP1 permit 10 
 match ip address NAT_LAN
 match interface FastEthernet0/0
!
route-map NAT-ISP2 permit 10 
 match ip address NAT_LAN
 match interface FastEthernet1/0

paul driver · ‎11-24-2021

Hello @emurray

This post as far as I am aware doesn’t relate to NAT it just pertains to ipsla tracking.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎11-25-2021

following