Problem with IP SLA configuration

marianares0001 · ‎02-13-2013

Hello,

I have a router Cisco 2911 with two possible Wan interfaces out and a backup configuration using IP SLA. When the Primary Interface goes down the traffic is automatically rerouted through the Backup Interface, but the problem I have is that when the traffic is going through the Backup Interface (because the Primary is down) if the Backup Interface also goes down, if the Primary goes up, the traffic is not automatically rerouted to the Primary Interface. And it looks to me like it keeps trying to goes out the Backup Interface and cannot see that the Primary is down. I guess that the pings are going out the backup Interface and as it is down the router doen't receive any anwer to the ping and doesn't change to the Primary.

The main configuration related to the IP SLA is this:

!

track 1 ip sla 1 reachability

!

interface GigabitEthernet0/0

description backup Interface

ip address 175.xx.xx.10 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Primary Interface

ip address 192.168.2.2 255.255.255.252

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

!

...

ip nat inside source route-map backup interface GigabitEthernet0/0 overload

ip nat inside source route-map primary interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 1

ip route 0.0.0.0 0.0.0.0 175.xx.xx.9 254

!

ip sla 1

icmp-echo 62.xx.xx.5 -- default gateway in the Primary Interface

threshold 2

timeout 4000

frequency 10

ip sla schedule 1 life forever start-time now

!

Could you please help me to solve the problem?

Thanks

Abzal · ‎02-13-2013

Hi,

You icmp-echo's might be going through backup interface.

ip sla 1

icmp-echo 62.xx.xx.5 source-interface g0/1

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

XIE YAO · ‎02-13-2013

Hello Abzal,

ip sla 1

icmp-echo 62.xx.xx.5 source-interface g0/1

This can indeed specify the source ip(the interface ip on G0/1), but it can't control probe traffic will go via which interface.

If you want to control the path, route-map is required, such as:

access-l 100 per icmp host 192.168.2.2 host 62.xx.xx.5

route-map INT per 10

match ip add 100

set interface G0/1 null0

ip local policy route-map INT

Regards

XIE

marianares0001 · ‎02-13-2013

Thanks to both of us,

I will try that configuration.

Xie, regarding the route-map, when you say that "it can't control probe traffic will go via which interface" what you mean? That it won't work, or that I cannot see if it works.

Thanks

XIE YAO · ‎02-13-2013

Hello,

What I meant is, you can't control how(via primary interface or backup interface) each IP SLA probe reach your tragert if only specifying the "source-interface" in IP SLA.

While route-map will simply force the ICMP traffic to the target to go via primary interface, or drop(via Null 0), this will also help to prevent default route flapping scenario.

(maybe not in your case, but help for your better understanding, flapping scenario is: primary connection down---track goes down---primary route deleted----backup route inject to FIB----IF the target in your SLA setting is reachable via backup connection----track up again----primary route inject but will keep flapping).

Hope this helps

Regards

XIE

marianares0001 · ‎02-13-2013

Ok, I think now I understand.

So, only one more question. You both say that the source interface of the Ping must be the Backup Interface, but in the command you write g0/1 that is the Primary Interface. So, only to confirm, which Interface should be the source, the Backup one - GigabitEthernet0/0?

Thanks

cadet alain · ‎02-13-2013

Hi,

the ip sla probe should use the primary interface.

Regards

Alain

Don't forget to rate helpful posts.

XIE YAO · ‎02-13-2013

yes, primary

marianares0001 · ‎02-14-2013

Ok,

I will try with that configuration.

Thanks a lot