Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
6
Replies

Redundancy to Single ISP

NetInvKln
Level 1
Level 1

‎12-13-2011 04:56 AM - edited ‎03-04-2019 02:36 PM

Hi Experts,

First and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.

                                        7609

                                        I     I

                                        I     I

                               7204-A    7204-B

                                    |             |

                                    |    vrrp   |

                                    |             |

                                    -4507R-E-

                                          |

                                          |

                               internal network

Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block.

I used VRRP for my internal nework and failover have been tested working.

Even tried to remove link of 7204-A and 7609, the failover works perfect.

But somehow we're facing a problem:

- If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works but internal network's internet connection goes down.

I asked our ISP and the route commands they put in their 7609 are as of follows:

ip route 3.8.8.0 255.255.255.0 3.4.4.4 name TO CUSTOMER LINK 1

ip route 3.8.8.0 255.255.255.0 3.3.3.3 2 name TO CUSTOMER LINK 2

And if they're trying to use Reliable Static Routing Backup Using Object Tracking, the internal network's internet connections is intermittent....alternate 4 ping reply and 4 timeout.

Note: IP used are sample only

Please advise why we're having such problem.

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎12-13-2011 05:13 AM

Hi,

I had overlooked the higher AD on second static route

So with their config they only had 1 path the echo-replies would follow which goes to 4.4.4.4 ( is 7204-A ?)

What type of L2 is there between ISP and your routers?

which router is 4.4.4.4 and which is 3.3.3.3 ?

which type of tracking did they do ?

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

NetInvKln
Level 1
Level 1
In response to cadet alain

‎12-13-2011 05:23 AM

So with their config they only had 1 path the echo-replies would follow which goes to 4.4.4.4 ( is 7204-A ?) YES

What type of L2 is there between ISP and your routers? NONE

which router is 4.4.4.4 and which is 3.3.3.3 ?

     - 4.4.4.4 is 7204-A outside interface going to ISP 7609

     - 3.3.3.3 is 7204-B outside interface going to ISP 7609

which type of tracking did they do ?

Below is what they've done (3.8.8.4 is 4507R-E IP):

ip sla monitor 1

type echo protocol ipIcmpEcho 3.8.8.4

timeout 1000

frequency 3

threshold 2

ip sla monitor schedule 1 life forever start-time now

track 123 rtr 1 reachability

access list 101 permit icmp any host 3.8.8.4 echo

route map NI-LOCAL-POLICY permit 10

match ip address 101

set interface gig 8/4 null 0

!

ip local policy route-map NI-LOCAL-POLICY

ip route 3.8.8.0 255.255.255.0 4.4.4.4 track 123

ip route 3.8.8.0 255.255.255.0 3.3.3.3

0 Helpful

NetInvKln
Level 1
Level 1
In response to NetInvKln

‎12-13-2011 05:26 AM

They also done below config, this but didn't work as well, 50% success internet connectivity:

ip sla 1

icmp-echo 3.8.8.4 source-interface Gig2/4

timeout 1000

threshold 2

frequency 3

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 3.8.8.0 255.255.255.0 4.4.4.4 track 1

ip route 3.8.8.0 255.255.255.0 3.3.3.3

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to NetInvKln

‎12-13-2011 05:37 AM

Hi,

they should second config but like this:

p sla 1

icmp-echo 3.8.8.4 source-interface Gig2/4

timeout 2000   

threshold 2

frequency 3

ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 3.8.8.0 255.255.255.0 4.4.4.4 track 1

ip route 3.8.8.0 255.255.255.0 3.3.3.3 2

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

NetInvKln
Level 1
Level 1
In response to cadet alain

‎12-13-2011 07:36 AM

Didn't worked as well Alain.

I'm thinking of having the ISP make a new VLAN going to my network and have both links in one ip block, where they should make their ports Layer 2.

Then create another VRRP in my gateway's outside interface.

Then they should create a route to my internal network (which is also public ip block) pointing to the virtual ip of the new vrrp.

Would this cause any problem?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to NetInvKln

‎12-13-2011 07:52 AM

Hi,

it should work. Can you ask them to do debug  track and debug ip routing on their side and you do debug ip packet  199 where 199 is ACL permitting ICMP only and also debug vrrp.

They should track the  the IP address of the interface of  7204-A connected to  4507-RE and source it from the interface connected to 7204-A.

Right now I don't think your second solution could cause any problem.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents