I have a question about whether I can force an interface into down state if another interface is down (or a tracking object is down).
Our topology is:
CORE --- CE ROUTER 1 --- SWITCH
------ CE ROUTER 2 ------
Primary IP addressing:
18.104.22.168---CE ROUTER 1---22.214.171.124
Secondary IP addressing:
126.96.36.199---CE ROUTER 2---188.8.131.52
On the core router, we have a static route to 184.108.40.206/30 and 220.127.116.11/29 with a next hop of 18.104.22.168. These two static routes are tracked by an IP SLA that pings 22.214.171.124.
On the core router, we have a static route to 126.96.36.199/29 with a next hop of 188.8.131.52 with an AD of 100.
On the CE Router 1 (primary) we had HSRP set up that was tracked by an IP SLA that pinged 184.108.40.206. If the tracker went down, HSRP failed over. During this scenario, the IP SLA on the core router also failed, bringing down the static route to 220.127.116.11/30 through the primary line, and installed the route to 18.104.22.168/30 through the backup line (22.214.171.124/30).
That all worked fine. I have now been asked to set up HSRP on the LAN side too. I created a new tracker that tracked the line protocol of the LAN interface. I added that to the HSRP config. Now, if either the line protocol of the LAN interface fails, or (as before), if there is a WAN link failure, HSRP fails over. That works on the customer's side.
However, during a simulated LAN cable failure, HSRP goes down on the customer primary router, and fails over to the secondary router. So now, all traffic destined for the internet exits through the secondary router. However the IP SLA on the core router is still working (no WAN line failure) and so the return traffic comes back through the primary router, cannot get anywhere and is black holed.
I have got around this by changing the core router IP SLA to ping 126.96.36.199 instead, and although not test yet, should work. However, I was wondering whether there was any way around this without touching the core router? Can I set up anything on the CPE that automatically brings down the WAN interface should the LAN interface fail also, thus making the core IP SLA fail?
I've searched around but cannot find anything - has anybody got any ideas?
Solved! Go to Solution.