06-06-2016 05:25 PM - edited 03-05-2019 04:10 AM
Hi There,
I am having an issue with setting up PBR to make use of secondary ISP which is sitting idle. Here is our network topology!
Gi0/2 - 10.10.10.1/24 LAN Subnet
Gi0/0/0 - 200.200.200.1/30 ISP1
Gi0/0 - 100.100.100.1/30 ISP2
Default routes:
ip route 0.0.0.0 0.0.0.0 200.200.200.1
ip route 0.0.0.0 0.0.0.0 100.100.100.1 10
Since ISP2 will only be used when there is an issue with ISP1, we are trying to make use of PBR to route few traffic via ISP2.
Here is the configuration we have done:
Created an access list with the hosts that are to be routed via ISP2:
ip access-list extended trafficlist
permit ip any host 50.50.50.50
permit ip any host 60.60.60.60
permit ip any host 70.70.70.70
Created a Route-map as below:
route-map trafficmap permit 10
match ip address trafficlist
set ip next-hop recursive 10.104.1.1
And added the below route so that 10.104.1.1 can be reachable which is behind ISP2.
ip route 10.104.1.1 255.255.255.255 100.100.100.1
Binded this Route-Map to LAN interface Gi0/2.
So this works fine without when both ISP1 and ISP2 are up, all traffic except that are matching the access list trafficlist will be forwarded to ISP1. Matched traffic will be forwarded to ISP2.
Issue happens when link between ISP2 and CPE is broken, route map will still forward the traffic to 100.100.100.1 since the route for 10.104.1.1 is in the routing table. We would not be able to use 100.100.100.1 as the next-hop since the router and CPE are mounted in the same rack and link between them is never going to break!(unless the cables/device goes faulty - I tested the recursive routemap by disconnecting the link between Router and CPE which seems to failover the traffic via ISP1.)
So could anyone please suggest me if there is any other way to do what I am trying to achieve?
Thanks,
Rijath Mohammed
Solved! Go to Solution.
06-08-2016 02:59 AM
Hello
My understanding if the recursive next hop isn't available, Then the packet is routed using a the default route table.( ie you primary default route)
However looking again at your topology why don't you use the next hop of 100.100.100.1 in the PBR
Then you can you set the Route-map to use set ip next-hop verify-availability 100.100.100.1 track 10 then it should work.
ip sla 10
icmp-echo 10.104.1.1 source-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now
res
Paul
06-06-2016 05:45 PM
.
06-07-2016 12:14 AM
Hello
Given its not a direct neighbour, you could try to verifying the availability of the next hop recursive via object tracking, this then would route normally if the policy route isn't available.
ip sla 10
icmp-echo 8.8.8.8 soruce-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now
track 10 sla 10 reachability
ip next-hop verify-availability 10.104.1.1 1 track 10
res
Paul
06-07-2016 04:11 PM
Hi Paul,
I tried your suggestion but it did not work! I think the reason would be that we cannot use 'ip next-hop' just because the next hop is not the adjacent device.
Let me know if you think otherwise!
Thanks,
Rijath Mohammed
06-08-2016 02:59 AM
Hello
My understanding if the recursive next hop isn't available, Then the packet is routed using a the default route table.( ie you primary default route)
However looking again at your topology why don't you use the next hop of 100.100.100.1 in the PBR
Then you can you set the Route-map to use set ip next-hop verify-availability 100.100.100.1 track 10 then it should work.
ip sla 10
icmp-echo 10.104.1.1 source-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now
res
Paul
06-08-2016 05:21 PM
Hi Paul,
That worked! Fail over is working when ISP2(10.104.1.1) is not reachable and it fails back when the connection resumes! :)
Thank you very much for the solution, you rock!
Thanks,
Rijath Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide