Re: Route map with route tracking

Sridhar Chintalapudi · ‎03-05-2020

Hi,

can someone tell me how to create a route-map so that it should send the traffic to next hop if the route is in the local routing table. else it should use the default route.

if the route is visible in core swicth, the next hop should be riverbed else it should take default route in core switch.

core switch --> Riverbed --> MPLS router

|

Firewall setup VPN tunnel

|

ISP Router

Georg Pauwen · ‎03-05-2020

Hello,

here is a generic sample. As long as 192.168.10.2 (Riverbed) is reachable, traffic will use that as the next hop. If not, 192.168.20.2 (Core Switch) will be used.

ip access-list extended DEFAULT_ACL
permit ip any any
!
track 1 rtr 1 reachability
!
ip sla 1
icmp-echo 192.168.10.2 source-ip 192.168.10.1
timeout 1000
threshold 2
frequency 3
!
ip sla schedule 1 life forever start-time now
!
route-map PBR_REDIRECT permit 10
match ip address DEFAULT_ACL
set ip next-hop verify-availability 192.168.10.2 20 track 1
set ip next-hop 192.168.20.2

Sridhar Chintalapudi · ‎03-05-2020

hi Georg,

thx for the response. Unfortunately core swicth, riverbed and mpls router are on the LAN side, so chances of going down is very unlikely. what i am looking is, if 172.16.1.0/24 which is learned from mpls and is in routing table, then traffic will be forwarded via riverbed. if the route gets disappears from routing due to circuit outage at remote end, then i want that traffic to take firewall on which VPN tunnel is setup.

Georg Pauwen · ‎03-05-2020

Hello,

there are probably better ways to check for remote route table changes, but you could use the EEM scripts below. The scripts check the routing table (each 5 seconds in the example) for the existence of the 172.16.1.0/24 route, if it is not there, the alternative default route will be installed, and removed in the second script when it is back:

event manager applet ROUTE_CHANGE_DOWN
event timer watchdog time 5
action 1.0 cli command "enable"
action 2.0 cli command "show ip route | inc 172.16.1.0/24"
action 3.0 regexp "172.16.1.0/24" $_cli_result
action 4.0 if $_regexp_result eq 0
action 5.0 cli command "conf t"
action 6.0 cli command "ip route 0.0.0.0 0.0.0.0 192.168.20.1"
action 7.0 cli command "exit"
action 8.0 cli command "end"
!
event manager applet ROUTE_CHANGE_UP
event timer watchdog time 5
action 1.0 cli command "enable"
action 2.0 cli command "show ip route | inc 172.16.1.0/24"
action 3.0 regexp "172.16.1.0/24" $_cli_result
action 4.0 if $_regexp_result eq 1
action 5.0 cli command "conf t"
action 6.0 cli command "no ip route 0.0.0.0 0.0.0.0 192.168.20.1"
action 7.0 cli command "exit"
action 8.0 cli command "end"

As an alternative, you could use the EEM scripts and have them act upon syslog entries that occur when the primary default route goes down. You have to check for what exactly your syslog shows, and use that as pattern. In the examples below, I manually removed and added a default route, which generated the syslog patterns used:

event manager applet ROUTE_CHANGE_DOWN
event syslog pattern "default path has been cleared"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "ip route 0.0.0.0 0.0.0.0 192.168.20.1"
action 4.0 cli command "exit"
action 5.0 cli command "end"

!

event manager applet ROUTE_CHANGE_UP
event syslog pattern "default path is now"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 192.168.20.1"
action 4.0 cli command "exit"
action 5.0 cli command "end"