Hi All,
I have a customer router(1801) on which i am running a 2meg Ethernet LL to the web connected to fa0 and also an ADSL for backup on ATM0 Dialer1. I am planning to use IP SLA in conjunction with floating static routes to provide ADSL failover. This all works perfectly in my lab. However I have found that when the Fa0 leased line becomes congested the IP SLA ICMP's are being dropped (My customer uses FTP a lot). This causes the router to think the leased line is down and fails over to ADSL. I have tried raising the tracker delay which helps a bit. What I really need to do is use policing and LLQ to prioritise the ICMP and some SIP trunks the customer is also using.
The following addresses are the customers SIP provider.
88.215.61.0
88.215.61.1
88.215.61.2
88.215.61.3
88.215.61.4
The customers PABX is on 172.16.16.200 connected to a L3 switch.
Below is an overview of what i am doing FYI. I have deleted a few parts of the config for security/clarity purposes. For some reason the IP SLA ICMP traffic is not being marked as DSCP EF? When i issue a "show policy-map interface fastEthernet0" I dont see any marked traffic? Also, Will the policers work correctly as I still seem to get poor quality voice even though i am allowing space for SIP over the 2meg LL?
Thanks very much for any help!
Matt
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
track 123 list threshold percentage
object 1
object 2
threshold percentage up 50
delay down 122
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface FastEthernet0
tos 184
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 81.17.72.70 source-interface FastEthernet0
tos 184
!
!
class-map match-any datadevices
match access-group 198
class-map match-any voice
match access-group 110
match protocol sip
match protocol icmp
match dscp ef
!
!
policy-map limit-WWW-not-icmp-or-SIP
class datadevices
police cir 1500000
conform-action transmit
exceed-action drop
policy-map priority-voip-and-icmp
class voice
priority 256
class datadevices
police cir 1500000
conform-action transmit
exceed-action drop
class class-default
fair-queue
!
!
!
interface Vlan1
ip address 192.168.1.253 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip inspect firewall out
ip virtual-reassembly
!
!
!
interface FastEthernet0
bandwidth 2000
ip address X.X.X.X 255.255.255.252
ip nbar protocol-discovery
ip nat outside
ip inspect sip in
ip inspect firewall out
ip virtual-reassembly
duplex auto
speed auto
service-policy input limit-WWW-not-icmp-or-SIP
service-policy output priority-voip-and-icmp
!
!
!
!
ip nat inside source route-map ISP1-map interface FastEthernet0 overload
ip nat inside source static 172.16.16.200 X.X.X.X route-map NAT1 reversible
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0 track 123
ip route 0.0.0.0 0.0.0.0 dialer1 200
ip route 8.8.8.8 255.255.255.255 X.X.X.Y
ip route 81.17.72.70 255.255.255.255 X.X.X.Y
ip route 172.16.16.0 255.255.255.0 192.168.1.254
!
ip access-list extended ACL-A
permit udp any host X.X.X.X eq 5060
!
access-list 110 permit ip any any dscp ef
access-list 110 permit ip any any precedence critical
access-list 110 permit ip host 172.16.16.200 any
! !
access-list 198 deny icmp any any
access-list 198 deny ip 88.215.61.0 0.0.0.255 any
access-list 198 deny ip 88.215.62.0 0.0.0.255 any
access-list 198 deny ip 88.215.63.0 0.0.0.255 any
access-list 198 deny ip 88.215.64.0 0.0.0.255 any
access-list 198 deny ip 88.215.60.0 0.0.0.255 any
access-list 198 deny ip any 88.215.60.0 0.0.0.255
access-list 198 deny ip any 88.215.64.0 0.0.0.255
access-list 198 deny ip any 88.215.63.0 0.0.0.255
access-list 198 deny ip any 88.215.62.0 0.0.0.255
access-list 198 deny ip any 88.215.61.0 0.0.0.255
access-list 198 permit ip any any
access-list 198 permit esp any any
access-list 198 permit gre any any
