Keep interface up if not in route table

Jason Guto · ‎09-09-2016

Folks,

I have 3 ISP WAN links, which service is provided by three different ISPs. I currently have my static routes as the following:

0.0.0.0 0.0.0.0 10.1.0.1 10 #wan1

0.0.0.0 0.0.0.0 10.2.0.1 20 #wan2

0.0.0.0 0.0.0.0 10.3.0.1 30 #wan3

How can I keep wan2 and wan3 interfaces to respond to ICMP/PING when they are not in the active route table?

Thank you

Richard Burts · ‎09-10-2016

It would be easier to answer your question if we knew more about your environment. What kind of interfaces are these? What are the specifics of the interface configuration? What is the state of the interface when you encounter this issue?

Typically when a static default route is configured this way the route will remain in the routing table as long as the exit interface is in the up state and the route will be removed from the routing table if the exit interface is in the down state. So When you have the situation where the routes are no longer in the route table would you post the output of show ip interface brief? This would allow us to see the interface state at the time of the problem.

HTH

Rick

HTH

Rick

Jason Guto · ‎09-13-2016

Hi Richard

I am still in the design phase; however, I will detail as much as I can on what I want to accomplish.

Currently, I am trying to make an IPsec vpn tunnel between Fortigate firewall and Cisco router that have multiple ISP connections for backup links. This point is not very important; however, what is important – the Fortigate has a feature that is processed after the Route Engine, which allows you to assign a “priority” to static routes. By doing the latter, you can have multiple static routes with the same AD weight, but with different priority values. This allows all static routes are active in the route table, but the best priority route is used. In addition, this allows all Ethernet interfaces to remain up, and answer to ICMP requests.

I want to be able to achieve this on a cisco router and have the backup interfaces answered to PING. In the past I have seen backup links go down and no one knew about it, until it was too late. This is due to route never being in route table, so ping would never be successful on WAN2 link, so need a way to actively check if ISP2 is up and running and ready to be used in a failover.

I believe the only other way around this – would be to use a dynamic routing protocol and assign IP addresses to my vpn tunnels. Dynamic routing protocols due have a metric, and I believe you can redistribute static routes into a dynamic routing protocol with a metric; however, I am not sure what the best method would be, nor the easiest path – I just need to be able to tell if my backup ISP links are UP and ready to take traffic if the primary ISP fails.

Richard Burts · ‎09-13-2016

In your diagram it appears that the routes and the ping are from FG. Is that the case? Is your question about what to do on FG or on Cisco?

HTH

Rick

HTH

Rick

Jason Guto · ‎09-13-2016

That was just showing an example, on what I want to accomplish with my Cisco Router. I need the same capability on my Cisco router on the other side. It should be noted - the Cisco router has 3x Ethernet interfaces as well, which are connected to 3 different ISP.

Richard Burts · ‎09-13-2016

In that case I will repeat my questions about what kind of interfaces these are. And repeat my request for the output of show ip interface brief.

HTH

Rick

and add a request for the output of show ip route

HTH

Rick

Jason Guto · ‎09-13-2016

Hi Richard,

Questions have been answered.

"It should be noted - the Cisco router has 3x Ethernet interfaces as well, which are connected to 3 different ISP."

"I am still in the design phase; " so no physical equipment yet.

The answers I receive will determine how I proceed with deployment and architecture.

Thank you