Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
4
Replies

Reachability issue in redundancy links

terry.lowe
Level 1
Level 1

‎11-23-2016 05:12 PM - edited ‎03-05-2019 07:32 AM

Hey guys,

The following shows overview diagram of the current network setup. 

Two routes exist on the Layer 3 switch (towards Branch networks via RTR1 and RTR3) and RTR2 (towards HQ network via RTR1 and RTR5).

The priority route runs via RTR1 and RTR2 with a lower metric, whilst backup route runs via RTR3, RTR4, and RTR5 with a higher metric.

Redundancy is achieved via IP SLA and tracking on Layer 3 switch and RTR2. In the perspective of the Layer 3 switch, if RTR1 fails, the traffic will be re-routed to the backup route via RTR3. Similarly for RTR2, if RTR1 fails, traffic will be re-routed via RTR5.

Since routes to branch networks have been configured to run through the priority route via RTR1, at this point I believe there should not be any issues if we were to filter traffic on the backup route. However, this does not seem to be the case. It seems ACL configurations or simply administratively shutting down the port on RTR3 towards Layer 3 switch, seems to cause RTR1 in resulting to no reachability to Branch networks once such configurations have been applied, which is quite puzzling.

 

Appreciate feedback and suggestions on the list of possible causes of this issue and solutions that can resolve the issues.

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎11-25-2016 11:24 AM

Strange indeed. Since no traffic is going over the backup link, shutting it down or filtering traffic should have no effect. But it apparently does...

Can you post the configuration of the layer 3 switch ?

0 Helpful

terry.lowe
Level 1
Level 1
In response to Georg Pauwen

‎11-25-2016 06:26 PM

Hi gpauwen,

I unfortunately do not have access to the Layer 3 Switch configurations as it goes beyond our management demarcation point.

I understand it is a little difficult to troubleshoot without full transparency as we're in the same position as well, however suggestions on the possible causes and solutions to these causes would truly be helpful, so as to raise this up to our partner organisation for verification.

Thanks.

0 Helpful

Georg Pauwen
VIP
VIP
In response to terry.lowe

‎11-26-2016 12:14 AM

Hello,

this is obviously just guesswork, but since IP SLA is used, I can imagine that they might have a script (EEM) running that shuts down the active link when the backup link is, from their perspective, tampered with. I used to work for a few ISPs in the past, and we would allow only very limited access to configurations that were our responsibility.

0 Helpful

terry.lowe
Level 1
Level 1
In response to Georg Pauwen

‎11-26-2016 07:59 PM

That's interesting. Will include raise that when escalating further. Thank you.

If any more ideas come to mind, please feel free to share them again here. Much appreciated.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card