cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1491
Views
6
Helpful
35
Replies

IP SLA

Salman-Abbasi
Level 1
Level 1

Hi Team , 

I have one requirement that whenever PC1 and 8.8.8.8 reachability goes down due to any reason and consider 8.8.8.8 is CLOUD IP then R2 interface f2/0 should also be down like state or protocol of interface can we achieve this through IPSLA or any other way.

Regards

Salman

35 Replies 35

@MHM Cisco World 


@MHM Cisco World wrote:

If he use different ip sla source interface then what logic of eem and IP sla???



icmp-echo 8.8.8.8 source-ip x.x.x.x  <   sourced from the egress interface (NOT FA0/2)

track 1 rtr 10 reachability <-- tracking based on the iplsa

event manager applet FA02-DOWN
event track 1 state down  <----EEM based on the track

event manager applet FA0/2-UP
event track 1 state up <----EEM based on the track


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

icmp-echo 8.8.8.8 source-ip x.x.x.x  <   sourced from the egress interface (NOT FA0/2) 
this my point you use ip sla to detect traffic pass through other interface to down interface f0/2
this no meaning of EEM 

I think he need to detect ISP interface via IP SLA and down when ip sla is unreachable 

that what I understand from him and I ask him if he can manually UP port later 

MHM

Hello


@MHM Cisco World wrote:

icmp-echo 8.8.8.8 source-ip x.x.x.x  <   sourced from the egress interface (NOT FA0/2) 
this my point you use ip sla to detect traffic pass through other interface to down interface f0/2
this no meaning of EEM


Why would you say that, why not have an EEM script to down an interface if a certain polled address fails
A boolean OR with IPSLA uses the same logic?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@Salman-Abbasi which case is correct here?

You down ISP interface or other interface?

MHM

In first scenerio i shutted down this F0/0 interface then f2/0 was auto shut down. Then i manually up the f0/0 then f2/0 also auto UP.

In second scenerio i shutted down the Loopback interface at R1 which is 8.8.8.8 then R2 f2/0 also auto shutted down.

 

It lab not real?

MHM

As of now it is LAB but we are going to apply it in production.

In production, we have Firewall in HA (Active- passive) mode and in access side we have Nexus swithes  which is connected to servers and between Firewall and Nexus we have Etherchannel. So, when we tested HA and down the firewall interface towards ISP upstream interface then HA is shifted but Etherchannel interfaces are still UP because HA never consider downstream as down that why we we need to apply SLA in nexus side.

This is my real requirement and now with these SLA and EEM i can achieve proper HA.

I see' then I am correct' you do detect interface via ip sla and mark it as down.

That not work in real (remember my words)

Anyway regarding to real issue ip SLA not help you here if you config PO not correctly.

I assume you use mode ON PO that why HW abd NSK not detect wrong PO config between FW HA and NSK.

Check ip sla eem and later if failed mention my name I will reply to ypu.

MHM

 

PO is configured correctly because without failover testing PO is working fine. We are using LACP not ON mode.

Then issue is not NSK nor PO the FW (which platform ypu use I hope it asa) even when ISP is down it not failover status.

MHM

We are using FTD 3100 and Failover is working when we shut down the entire firewall but issue is occuring when we shutted down the upstream interface because firewall dont know when it should shutdown the downstream interface (PO) due to this NSK consider it as UP and not shift the traffic towards secondary firewall.

 

 

Friend' how NSK shit traffic' the host use IP of active as GW  the NSK only forward traffic.

Let me make topolgy explain some point here 

MHM

Servers GW are in NSK means we are using NSK as L3 device. 

That excellent are you use igp or static route between NSK and FW?

MHM

Hello @Salman-Abbasi 

@on a side note - there is another feature you may be interested in- it’s quite old so maybe not so available as EEM is prevalent-it is ios-platform dependent also anyway it may be useful in other situation's if available 

its a feature called backup interface 
You apply it to an active interface and then specify another interface to become active when the primary goes down - it line protocol dependent only 
Example:
int x/x
Description Upstream int
backup interface y/y 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card