cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
964
Views
5
Helpful
4
Replies

IP SLA

Kurt Warner
Level 1
Level 1

We have had to add an additional firewall due to high usage. We set up IP SLA  and the load has been split across the two links and this has been working ( for the most part).  I need all traffic from  10.1.1.x  to go out track 1 . I tried adding a route  

 

ip route 10.1.1.0  0.0.0.255 192.168.1.2 track 1 ( said inconsitant mask) 

then 

ip route 10.1.1.0  255.255.255.0 192.168.1.2 track 1 ( stopped all data flowing) 

 

 

current working config 

!
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.3 track 2
ip route 8.8.4.4 255.255.255.255 192.168.1.3
ip route 8.8.8.8 255.255.255.255 192.168.1.2

 

!
ip sla 1
icmp-echo 8.8.8.8
threshold 100
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4
threshold 100
frequency 5
ip sla schedule 2 life forever start-time now

 

any ideas? 

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

I think you are getting the usage of the route statement confused. A route statement specifies the next-hop for a destination prefix, not the source.

If you want to control the traffic based on the source of the traffic then you need to look at Policy Based Routing. Something like this:

!
access-list 10 permit ip 10.1.1.0 255.255.255.0 any
!
int gi0/1
  ip policy route-map PRB01
!
route-map PBR01 permit 10
  match ip address 10
  set ip next-hop 192.168.1.2
!

...where gi0/1 is the ingress interface for the traffic flows from 10.1.1.0/24.

 

cheers,

Seb.

View solution in original post

4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

I think you are getting the usage of the route statement confused. A route statement specifies the next-hop for a destination prefix, not the source.

If you want to control the traffic based on the source of the traffic then you need to look at Policy Based Routing. Something like this:

!
access-list 10 permit ip 10.1.1.0 255.255.255.0 any
!
int gi0/1
  ip policy route-map PRB01
!
route-map PBR01 permit 10
  match ip address 10
  set ip next-hop 192.168.1.2
!

...where gi0/1 is the ingress interface for the traffic flows from 10.1.1.0/24.

 

cheers,

Seb.

This worked !!! 

 

access-list 101 permit ip 10.1.1.0 0.0.0.255 any  ( wild card mask) 

!

route-map PBR01 permit 10
match ip address 101
set ip next-hop 192.168.1.2
!

int g0/1
ip policy route-map PBR01

Kurt Warner
Level 1
Level 1

So if i added that to the interface g0/1 only traffic from 10.1.1.0/24 could use that interface? 

 

No, any traffic could use it but only traffic with a source IP in the 10.1.1.0/24 subnet would be policy routed, the rest would just use the normal routing table. 

 

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco