05-16-2011 07:35 AM - edited 03-04-2019 12:24 PM
Hi there
I recently implemented SLA monitoring for failover of 2 ISPs. On Friday we had a major problem as some packets were getting thou and some weren't, due to problems at the ISP, so the router was constantly switching from the main route to the backup effectively taking us offline.
How can I prevent this by making sure the main line is completely stable before switching back? Thanks for any help.
Here is tmy curent config:-
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address
!
ip dhcp pool Icon
network 192.168.1.0 255.255.255.0
domain-name iconx
default-router 192.168.1.x
dns-server 192.168.1.x 192.168.1.x 192.168.1.x
lease 1 2 1
!
ip dhcp pool 360
host 192.168.1.x 255.255.255.0
client-identifier 01xx.125a.4xc2.xx
client-name G360
!
!
ip domain name iconxxx.ccc
ip name-server 192.168.1.x
ip name-server 192.168.1.x
ip ssh port 2001 rotary 1 10
ip ssh version 2
ip sla monitor 10
type echo protocol ipIcmpEcho 4.2.2.2
timeout 100
frequency 1
ip sla monitor schedule 10 life forever start-time now
!
!
crypto pki trustpoint TP-self-signed-341xxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-341xxxxxx
revocation-check none
rsakeypair TP-self-signed-34xxxxxx
!
!
crypto pki certificate chain TP-self-signed-34xxxxxx
certificate self-signed 01
3082024B 308201B4 Axxxxx 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343134 36313633 3334301E 170D3130 30353034 30383335
35375A17 0D323030 31303130 30xxxxx0 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34313436
31363333 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DAE8 218F8AD9 524DDB66 D0163CB4 0143F447 E6ABE46E EA7CEA98 FE130D67
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
77A3A0AD 9BAA3253 4E308B57 98E2415D 4E69872E 9DCA14C7 4DF9F9A1 45FB4E91
7CE0D01A 119422D9 CC665B14 05892A
quit
username gkonheiser privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
track 10 rtr 10 reachability
!
!
!
!
interface FastEthernet0/0
description swisscom WAN
ip address xxx.xxx.xxx.26 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Cablecom WAN
ip address yyy.yyy.yyy.38 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/0/0
duplex full
speed 100
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
description LAN
ip address 192.168.1.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.25 track 10
ip route 0.0.0.0 0.0.0.0 yyy.yyy.yyy.37 20
ip route 4.2.2.2 255.255.255.255 xxx.xxx.xxx.25
!
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 4443
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nat1 interface FastEthernet0/0 overload
ip nat inside source route-map nat2 interface FastEthernet0/1 overload
i
!
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
snmp-server enable traps tty
!
route-map nat2 permit 10
match ip address 150
match interface FastEthernet0/1
!
route-map nat1 permit 10
match ip address 150
match interface FastEthernet0/0
!
route-map isp2 permit 10
match interface FastEthernet0/1
!
route-map isp1 permit 10
match interface FastEthernet0/0
!
!
!
!
control-plane
!
!
!
line con 0
password 7 0xxxxxxxxxxxxxxxxxxxx
line aux 0
line vty 0 4
session-timeout 180
exec-timeout 180 0
password 7 06xxxxxxxxxxxxxxxxxxxx
login local
rotary 1
transport preferred ssh
transport input telnet
line vty 5
session-timeout 180
exec-timeout 180 0
password 7 0xxxxxxxxxxxxxxxxxxxxxx
login local
rotary 1
transport preferred ssh
transport input ssh
line vty 6 15
session-timeout 180
exec-timeout 180 0
password 7 0xxxxxxxxxxxxxxxxxxxxxxxxxx
login local
rotary 1
transport preferred ssh
transport input ssh
line vty 16 807
session-timeout 180
exec-timeout 180 0
password 7 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login local
rotary 1
transport preferred ssh
transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178748
ntp update-calendar
ntp server 195.216.64.208 prefer
end
Solved! Go to Solution.
05-17-2011 06:41 AM
05-16-2011 07:50 AM
Hi,
use the below command:
track 10 rtr 10 reachability
delay down 2 up 15
with the above, if the route is stable for 15 seconds, then the tracking kicks in and the path is taken.\
HTH
Mohamed
05-16-2011 09:40 PM
Thanks very much for your help. When does it consider the line stable, if it lost one packet in the 15 seconds would it say on the alternate line?
Sent from Cisco Technical Support iPhone App
05-17-2011 02:29 AM
If it lost 1 packet during the 15 seconds , the operation wil re-start again based on your "timeout" settings.
The timeout settings illustrate that if the Operation timeouts or recieved packet lost on specified period, the Route is not considered.
HTH
Mohamed
05-17-2011 06:18 AM
So with my config of:-
timeout 100
frequency 1
it will switch to the backup when I have a ping greater then 100ms but when the first ping comes back under 100ms it will switch back ?
Where if I add:-
delay 2 up 15
it will wait 2 seconds and look for 15 seconds of pings under 100ms ?
Am i understanding it correctly?
Sorry for all the questions and thx again for your help.
Gordon
05-17-2011 06:41 AM
No Problems,
Sure , your understanding is correct.
HTH
Mohamed
05-17-2011 06:47 AM
Thank you.
05-17-2011 09:57 AM
Hi There
I just tested that config useing both delay down 2 up 15 and delay down 60 up 60 and both didnt react as I expected. Even when using delay down 60 up 60 it is switching to the alternative route and back again without any delay?? Any ideas?#
Regards
Gordon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide