02-29-2016 10:32 AM - edited 03-05-2019 03:27 AM
Hello,
I have implemented simple PfR on one Cisco Router 800 series. Basically I have set it as the master and border (with two ISP connections). I have two static default pointing to each ISP's gateway.
Everything seems to work fine when the two ISPs are working properly, however as soon as one of the ISPs fails to provide internet connectivity then I am experiencing issues with certain websites not opening plus the internet access becomes a bit slow. Everything gets sorted as soon as I remove the link from the failing ISP from the router.
What is happening is that one ISP works just fine and provides internet connectivity but the other one is still connected with no internet, thus the master and border relationship remains UP/Active. It is still seeing as if it has two external links.
What I would like to achieve if possible is when one of the ISP links does not provide internet, then it detects that and "kills" the failing link.
What can be done to overcome this issue?
Thanks!
Solved! Go to Solution.
02-29-2016 10:54 AM
Use IP SLA, and use it to remove the default route on the dead circuit.
Something like (you need this per circuit) the below. Here a test DNS query is done. If the DNS query fails the default route is withdrawn, Note that I have hard coded 8.8.8.8 to always go out the circuit being tested no matter what (using the "permanent" keyword). If you added a second IP SLA for the second circuit you would need to use a different DNS server like 8.8.4.4.
ip sla 10
dns www.google.com name-server 8.8.8.8
ip sla schedule 10 life forever start-time now
track 10 ip sla 10
ip route 8.8.8.8 255.255.255.248 x.x.x.x permanent
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 10
02-29-2016 10:54 AM
Use IP SLA, and use it to remove the default route on the dead circuit.
Something like (you need this per circuit) the below. Here a test DNS query is done. If the DNS query fails the default route is withdrawn, Note that I have hard coded 8.8.8.8 to always go out the circuit being tested no matter what (using the "permanent" keyword). If you added a second IP SLA for the second circuit you would need to use a different DNS server like 8.8.4.4.
ip sla 10
dns www.google.com name-server 8.8.8.8
ip sla schedule 10 life forever start-time now
track 10 ip sla 10
ip route 8.8.8.8 255.255.255.248 x.x.x.x permanent
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 10
02-29-2016 11:09 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I believe Phillip is on the right track, in that if PfR doesn't realize a path is lost, it will cause problems until it does.
What I'm unsure of is, whether what he's suggesting, defining a separate SLA test, is the optimal approach for use with PfR.
It's been years since I've used the technology (back when it was OER), but PfR might have its own options to detect a lost path faster.
02-29-2016 11:13 AM
The problem with using only Pfr is that it will add routes, and it will withdrawal routes it has added - but it wont remove a static default route you have added.
02-29-2016 11:25 AM
Exactly, it adds and withdraws routes automatically but no the static ones you add.
02-29-2016 05:55 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
PfR doesn't remove the original static route, true, but is can inject/add a more specific route to push traffic toward the good path.
What I don't recall is how it would handle a new flow, i.e. one that it doesn't realize cannot be sent via the failed path. I.e. it might need to see a new flow fail along the one path before it overrides the default for that flow.
02-29-2016 11:22 AM
I have actually tried with IP SLA but it did not work. I tried to use IP SLA with icmp (not DNS), pinging the gateway for each ISP but no luck, as well as pinging 8.8.8.8.
However I did not try the way you have just described above using the hard coded feature. Probably that was the reason why it was not working since it would either prefer 8.8.8.8 via one link or the other, meaning one of the default routes would be withdrawn.
Will try your suggestion ASAP.
Thanks
02-29-2016 11:26 AM
If you don't hard code the destination it will simply fail over to the other working circuit, and IP SLA will continue working thinking nothing is wrong.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide