ISR1100 Problem with ICMP when sla are enabled

Sakura · ‎07-30-2024

Hi,

I have a ISR1100 (C1111) with two connections: fiber (GiE0/0/0) and LTE (Cellular0/2/0).

Config excerpt:

ip route 0.0.0.0 0.0.0.0 100.64.107.1 name primary track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 10 name backup
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now

With this configuration, I cannot do any ping from GiE0/0/0 interface:

router#ping 8.8.8.8 source GigabitEthernet 0/0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 100.72.88.141
.....
Success rate is 0 percent (0/5)
router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/56/64 ms

If I disable the secondary route (Cellular0/2/0) then the ping works correctly.

router(config)#no ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 10 name backup
router(config)#end
router#ping 8.8.8.8 source GigabitEthernet 0/0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 100.72.88.141
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

I think the question may be related with IP SLA の基本設定 (without reply) because the confiuration are too similar, but I cannot understand the question on this post.

balaji.bandi · ‎07-30-2024

how about try normal syntax with out name :

ip route 0.0.0.0 0.0.0.0 100.64.107.1 10
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 20

check is the default route take from GigabitEthernet 0/0/0

how is your GigabitEthernet 0/0/0 configuration looks like ? DHCP or static route

also post show ip route after changing still not working.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sakura · ‎07-31-2024

My interface configuration:

interface GigabitEthernet0/0/0
description ## FTTH DHCP ##
ip address dhcp
ip nat outside
media-type rj45
negotiation auto
no cdp enable
!
interface Cellular0/2/0
description Secondary_
ip address negotiated
ip nat outside
ip tcp adjust-mss 1460
dialer in-band
dialer idle-timeout 0
dialer-group 1
ipv6 enable
pulse-time 1
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 100.64.107.1 name primary track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 10 name backup

Yes, the routing is static even when the ip address come by dhcp.

About no using the names on the route, same problem. When I've enabled the two routes (copying the commands on the post) automatically default route was Cellular, and doing ping by source GiE0/0/0 does not work.

My routing table with the two routes configured:

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, Cellular0/2/0
10.0.0.0/32 is subnetted, 1 subnets
S 10.45.238.93 [254/0] via 100.72.88.1, GigabitEthernet0/0/0
37.0.0.0/32 is subnetted, 1 subnets
C 37.13.39.253 is directly connected, Cellular0/2/0
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.72.88.0/24 is directly connected, GigabitEthernet0/0/0
L 100.72.88.141/32 is directly connected, GigabitEthernet0/0/0
172.26.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.26.254.0/24 is directly connected, Vlan1
L 172.26.254.1/32 is directly connected, Vlan1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan200
L 192.168.10.1/32 is directly connected, Vlan200

If I delete the route by Cellular, then these are the changes:

Gateway of last resort is 100.72.88.1 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 100.72.88.1

Regards,

balaji.bandi · ‎07-31-2024

If you look at the output - taking precedence here.

S* 0.0.0.0/0 is directly connected, Cellular0/2/0 (* - candidate default route)

i would suggest here first try below static route :

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 10
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 20

then post show ip route again.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sakura · ‎07-31-2024

Same here after changing routes:

router(config)#no ip route 0.0.0.0 0.0.0.0 100.64.107.1 name primary track 1
router(config)#ip route 0.0.0.0 0.0.0.0 100.64.107.1 10
router(config)#ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 20
router#sh ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, Cellular0/2/0
10.0.0.0/32 is subnetted, 1 subnets
S 10.45.238.93 [254/0] via 100.72.88.1, GigabitEthernet0/0/0
37.0.0.0/32 is subnetted, 1 subnets
C 37.13.39.253 is directly connected, Cellular0/2/0
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.72.88.0/24 is directly connected, GigabitEthernet0/0/0
L 100.72.88.141/32 is directly connected, GigabitEthernet0/0/0
172.26.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.26.254.0/24 is directly connected, Vlan1
L 172.26.254.1/32 is directly connected, Vlan1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan200
L 192.168.10.1/32 is directly connected, Vlan200

balaji.bandi · ‎07-31-2024

i was expecting this as below :

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 10
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 20

Once that is not working

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 250

both the case can you send show ip route (if still not working.)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sakura · ‎07-31-2024

Hi,

If I configure the route without the IP address then it's not working:

router(config)#no ip route 0.0.0.0 0.0.0.0 100.64.107.1 name primary track 1
router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 10
%Default route without gateway, if not a point-to-point interface, may impact performance
router(config)#ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 20
router#sh ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
10.0.0.0/32 is subnetted, 1 subnets
S 10.45.238.93 [254/0] via 100.72.88.1, GigabitEthernet0/0/0
37.0.0.0/32 is subnetted, 1 subnets
C 37.13.39.253 is directly connected, Cellular0/2/0
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.72.88.0/24 is directly connected, GigabitEthernet0/0/0
L 100.72.88.141/32 is directly connected, GigabitEthernet0/0/0
172.26.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.26.254.0/24 is directly connected, Vlan1
L 172.26.254.1/32 is directly connected, Vlan1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan200
L 192.168.10.1/32 is directly connected, Vlan200

I mean by not working, I lost internet connection.

MHM Cisco World · ‎07-31-2024

Share config let me check it

MHM

Giuseppe Larosa · ‎08-19-2024

Hello @Sakura ,

>> router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 10

this would require ip proxy ARP to be enabled on the sevice provider network and it is likely not so this is the reason why you lost internet connection.

And yes it would be very inefficient as it would lead to a very larger ARP table on your router that can even lead to issues.

Relying on proxy ARP means making an ARP request for each public internet address with the neighbor answering with its own MAC address all the times.

Can you try putting both the IP next-hop and the outgoing interface in the default static route ?

Hope to help

Giuseppe

Sakura · ‎08-07-2024

version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname router
!
boot-start-marker
boot system flash bootflash:c1100-universalk9.17.09.04a.SPA.bin
boot-end-marker
!
!
logging monitor informational
no aaa new-model
!
ip nbar http-services
!
ip name-server 8.8.8.8 8.8.4.4
ip domain list example.net
ip domain name example.net
!
ip dhcp excluded-address 192.168.10.1 192.168.10.29
!
ip dhcp pool DHCPv4
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8 8.8.4.4
domain-name example.net
!
login on-success log
!
subscriber templating
vtp version 1
multilink bundle-name authenticated
!
memory free low-watermark processor 70173
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
!
controller Cellular 0/2/0
lte modem link-recovery disable
!
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
interface GigabitEthernet0/0/0
description ## FTTH DHCP ##
ip address dhcp
ip nat outside
media-type rj45
negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/1
no ip address
shutdown
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1.2
description ## IPTV ##
encapsulation dot1Q 2
ip address 10.134.101.141 255.128.0.0
ip pim sparse-dense-mode
ip nat outside
ip igmp query-interval 15
ip igmp unidirectional-link
shutdown
!
interface GigabitEthernet0/0/1.3
description ## VOIP ##
encapsulation dot1Q 3
ip address dhcp
ip nat outside
shutdown
!
interface GigabitEthernet0/0/1.6
description ## FTTH ##
encapsulation dot1Q 6
shutdown
no cdp enable
pppoe enable group global
pppoe-client dial-pool-number 6
!
interface GigabitEthernet0/1/0
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/1/1
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/1/2
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/3
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/4
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/5
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/6
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/7
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface Wlan-GigabitEthernet0/1/8
switchport trunk native vlan 200
switchport mode trunk
!
interface Cellular0/2/0
description Secondary_
ip address negotiated
ip nat outside
ip tcp adjust-mss 1460
dialer in-band
dialer idle-timeout 0
dialer-group 1
ipv6 enable
pulse-time 1
ip virtual-reassembly
!
interface Cellular0/2/1
no ip address
shutdown
dialer in-band
pulse-time 1
!
interface Vlan1
ip address 172.26.254.1 255.255.255.0
ip nat inside
!
interface Vlan200
ip address 192.168.10.1 255.255.255.0
ip pim sparse-dense-mode
ip nbar protocol-discovery
ip nat inside
ip tcp adjust-mss 1452
!
interface Dialer6
description ## FTTH DIALER ##
bandwidth inherit
bandwidth receive inherit
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
shutdown
dialer pool 6
no cdp enable
ipv6 address autoconfig
ipv6 enable
!
router rip
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.10.0
!
ip http server
ip http access-class ipv4 99
ip http authentication local
no ip http secure-server
ip http max-connections 16
ip forward-protocol nd
ip pim rp-address 10.128.0.1 2
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service dns tcp
no ip nat service dns udp
ip nat inside source route-map CEL_ROUTE interface Cellular0/2/0 overload
ip nat inside source route-map FIBER_ROUTE interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 100.64.107.1 name primary track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 10 name backup
!
!
ip access-list extended NAT_ACL
10 permit ip 172.26.254.0 0.0.0.255 any
20 permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended WEBUI-IPSLA-ACL
10 permit icmp any host 8.8.8.8
ip access-list extended WEBUI-NAT-ACL
10 permit ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now
ip access-list standard 99
10 permit 192.168.10.0 0.0.0.255
ip access-list extended 100
10 deny igmp any any
20 deny pim any any
30 permit ip 192.168.10.0 0.0.0.255 10.128.0.0 0.127.255.255
ip access-list extended 101
10 permit udp any any eq domain
20 permit udp any eq domain any
dialer watch-list 1 ip 8.8.8.8 255.255.255.255
dialer-list 1 protocol ip permit
!
route-map CEL_ROUTE permit 10
match ip address NAT_ACL
match interface Cellular0/2/0
!
route-map FIBER_ROUTE permit 10
match ip address NAT_ACL
match interface GigabitEthernet0/0/0
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
access-class 99 in
exec-timeout 0 0
login local
autocommand term mon
autocommand-options nohangup
transport input ssh
line vty 5 14
access-class 99 in
login local
transport input ssh
!
end

Sakura · ‎08-07-2024

Note: The interfaces who are in use are GigabitEthernet0/0/0 (fiber, dhcp) and Cellular0/2/0 (LTE, dhcp). The other ones (for example, GigabitEthernet0/0/1 is pre-configured for another fiber but not in use.

My goal is to have configured GiE0/0/0 as my main out route and Cel0/2/0 as a backup one.

As I've told on the first post, the problem are when the route to Cel0/2/0 are present, the ping using GiE0/0/0 interface fails. And, obviously, if the ping fails, the SLA gets down.

Sakura · ‎08-19-2024

Did anyone find any error on the config?

MHM Cisco World · ‎08-19-2024

dont worry Sakura I will check config today and update you

MHM

MHM Cisco World · ‎08-19-2024

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp name primary track 1 <<- you need to use dhcp since always ISP change it IP
ip roue 8.8.8.8 255.255.255.255 GigabitEthernet0/0/0 permanent <<- this make IP SLA always use g0/0/0 as egress interface

MHM