Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
7
Replies

Problem with SLA Failover for 2 ISPs

Go to solution
gkonheiser
Level 1
Level 1

‎05-16-2011 07:35 AM - edited ‎03-04-2019 12:24 PM

  Hi there

I recently implemented SLA monitoring for failover of 2 ISPs. On Friday we had a major problem as some packets were getting thou and some weren't, due to problems at the ISP, so  the router was constantly switching from the main route to the backup effectively taking us offline. 

How can I prevent this by making sure the main line is completely stable before switching back?    Thanks for any help.

Here is tmy curent config:-


!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address

!

ip dhcp pool Icon

   network 192.168.1.0 255.255.255.0

   domain-name iconx

   default-router 192.168.1.x

   dns-server 192.168.1.x 192.168.1.x 192.168.1.x

   lease 1 2 1

!

ip dhcp pool 360

   host 192.168.1.x 255.255.255.0

   client-identifier 01xx.125a.4xc2.xx

   client-name G360

!

!

ip domain name iconxxx.ccc

ip name-server 192.168.1.x

ip name-server 192.168.1.x

ip ssh port 2001 rotary 1 10

ip ssh version 2

ip sla monitor 10

type echo protocol ipIcmpEcho 4.2.2.2

timeout 100

frequency 1

ip sla monitor schedule 10 life forever start-time now

!

!

crypto pki trustpoint TP-self-signed-341xxxxxxx

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-341xxxxxx

revocation-check none

rsakeypair TP-self-signed-34xxxxxx

!

!

crypto pki certificate chain TP-self-signed-34xxxxxx

certificate self-signed 01

  3082024B 308201B4 Axxxxx 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33343134 36313633 3334301E 170D3130 30353034 30383335

  35375A17 0D323030 31303130 30xxxxx0 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34313436

  31363333 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100DAE8 218F8AD9 524DDB66 D0163CB4 0143F447 E6ABE46E EA7CEA98 FE130D67

  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  77A3A0AD 9BAA3253 4E308B57 98E2415D 4E69872E 9DCA14C7 4DF9F9A1 45FB4E91

  7CE0D01A 119422D9 CC665B14 05892A

  quit

username gkonheiser privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx

!

!

track 10 rtr 10 reachability

!

!

!

!

interface FastEthernet0/0

description swisscom WAN

ip address xxx.xxx.xxx.26 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Cablecom WAN

ip address yyy.yyy.yyy.38 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/0/0

duplex full

speed 100

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

description LAN

ip address 192.168.1.xxx 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.25 track 10

ip route 0.0.0.0 0.0.0.0 yyy.yyy.yyy.37 20

ip route 4.2.2.2 255.255.255.255 xxx.xxx.xxx.25

!

!

ip http server

ip http authentication local

ip http secure-server

ip http secure-port 4443

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map nat1 interface FastEthernet0/0 overload

ip nat inside source route-map nat2 interface FastEthernet0/1 overload

i

!

access-list 150 permit ip 192.168.1.0 0.0.0.255 any

snmp-server enable traps tty

!

route-map nat2 permit 10

match ip address 150

match interface FastEthernet0/1

!

route-map nat1 permit 10

match ip address 150

match interface FastEthernet0/0

!

route-map isp2 permit 10

match interface FastEthernet0/1

!

route-map isp1 permit 10

match interface FastEthernet0/0

!

!

!

!

control-plane

!

!

!

line con 0

password 7 0xxxxxxxxxxxxxxxxxxxx

line aux 0

line vty 0 4

session-timeout 180

exec-timeout 180 0

password 7 06xxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input telnet

line vty 5

session-timeout 180

exec-timeout 180 0

password 7 0xxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

line vty 6 15

session-timeout 180

exec-timeout 180 0

password 7 0xxxxxxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

line vty 16 807

session-timeout 180

exec-timeout 180 0

password 7 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

login local

rotary 1

transport preferred ssh

transport input ssh

!

scheduler allocate 20000 1000

ntp clock-period 17178748

ntp update-calendar

ntp server 195.216.64.208 prefer

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to gkonheiser

‎05-17-2011 06:41 AM

No Problems,

Sure , your understanding is correct.

HTH

Mohamed

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-16-2011 07:50 AM

Hi,

use the below command:

track 10 rtr 10 reachability

delay down 2 up 15

with the above, if the route is stable for 15 seconds, then the tracking kicks in and the path is taken.\

HTH

Mohamed


0 Helpful

Go to solution
gkonheiser
Level 1
Level 1

‎05-16-2011 09:40 PM

Thanks very much for your help. When does it consider the line stable, if it lost one packet in the 15 seconds would it say on the alternate line?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to gkonheiser

‎05-17-2011 02:29 AM

If it lost 1 packet during the 15 seconds , the operation wil re-start again based on your "timeout" settings.

The timeout settings illustrate that if the Operation timeouts or recieved packet lost on specified period, the Route is not considered.

HTH

Mohamed

0 Helpful

Go to solution
gkonheiser
Level 1
Level 1
In response to Mohamed Sobair

‎05-17-2011 06:18 AM

So with my config of:-

timeout 100

frequency 1

it will switch to the backup when I have a ping greater then 100ms but when the first ping comes back under 100ms it will switch back  ?

Where if I add:-

delay 2 up 15

it will wait 2 seconds and look for 15 seconds of pings under 100ms ?

Am i understanding it correctly?

Sorry for all the questions and thx again for your help.

Gordon

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to gkonheiser

‎05-17-2011 06:41 AM

No Problems,

Sure , your understanding is correct.

HTH

Mohamed

0 Helpful

Go to solution
gkonheiser
Level 1
Level 1
In response to Mohamed Sobair

‎05-17-2011 06:47 AM

Thank you.

0 Helpful

Go to solution
gkonheiser
Level 1
Level 1
In response to Mohamed Sobair

‎05-17-2011 09:57 AM

Hi There

I just tested that config   useing both delay down 2 up 15 and delay down 60 up 60 and both didnt react as I expected. Even when using delay down 60 up 60   it is switching to the alternative route and back again without any delay?? Any ideas?#

Regards

Gordon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card