Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1698
Views
10
Helpful
9
Replies

Same IP in Primary and Secondary site - What to do?

ปลาวาฬทราย RMUTT CPE IX
Level 4
Level 4

‎06-26-2019 04:08 AM

Dear Seniors,

 

Diagram.jpg

 

We will migrate from static to OSPF and add secondary site with same IP. How could I configure when the server in primary site down it swap to secondary site? Or still use static is easier?

 

Thank you very much.

0 Helpful
9 Replies 9

Karsten Iwen
VIP
VIP

‎06-26-2019 04:19 AM

Using static routing is much easier and probably much safer as you control by configuration when to start your disaster scenario.

If you want to automate that, you could announce the network from the secondary site with high cost and do a conditional announcement on the primary site while the server is reachable. And also ask your application team if that is really a good idea to automate that.

0 Helpful

ปลาวาฬทราย RMUTT CPE IX
Level 4
Level 4
In response to Karsten Iwen

‎06-26-2019 04:34 AM - edited ‎06-26-2019 04:35 AM

@Karsten Iwen wrote:

do a conditional announcement on the primary site while the server is reachable.

Could you please share how to do?

 

Thank you very much.

0 Helpful

Karsten Iwen
VIP
VIP
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-26-2019 05:10 AM

I have no working example and it would also be highly dependent on the rest of your network.

Two ways to achieve that come to my mind:

  1. monitor the reachability with "ip sla", act on the result with an EEM-script that changes your  ospf-configuration
  2. (not sure if that also works with OSPF) monitor the reachability with "ip sla", use that in a route-map to redistribute or not redistribute the connected or static route.

If that all sounds too weird, stick with static routing as it's much less complex.

0 Helpful

paul driver
VIP
VIP

‎06-26-2019 04:21 AM

Hello

So to confirm you are introducing a 2nd site with a server that will have the same ip address as a server that resides in site 1?

How do users connect to this server, what does this server provide?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎06-26-2019 09:29 AM

If I am understanding the drawing correctly site CE3 has 172.16.0.0/16. site CE1 has 172.16.22.200 mask not specified. And site CE2 also has 172.16.22.200 mask not specified. Can we get clarification about how the devices at CE1 and CE2 are connected and what mask they use? Also can we get verification that the address block used at CE1 and CE2 is not in use at CE3? And while we are at it can we get clarification about what other address blocks are used at CE1 and CE2?

 

It seems to me that one potential solution might be implemented like this:

1) on CE3 configure OSPF to advertise 172.16.0.0/16 as an internal route.

2) on CE1 make sure that there is not a network statement for the subnet containing 172.16.22.200.

3) on CE1 configure a static route perhaps for the host specific 172.16.22.200 or perhaps for the local subnet containing that address. 

4) on CE1 configure IP SLA to monitor reachability of 172.16.22.200 and to withdraw the static route if the server is not reachable.

5) on CE1 configure OSPF to redistribute static, specifying that the redistributed route will be E2 and specifying a metric to be used in the redistribution. If there is more than one static route configured on CE1 then the redistribution logic will need to be adjusted to treat the server address differently than the other static routes. (or perhaps it is fine to have all these static routes as E2 with that metric)

6) Now we have a situation where CE3 is advertising the complete subnet of 172.16.0.0/16 and CE1 is advertising a more specific route for 172.16.22.200. Since more specific routes are preferred any traffic for 172.16.22.200 will be forwarded to CE1 while other traffic for 172.16.0.0 is sent to CE3. And if the server becomes not available the route is withdrawn.

7) on CE2 make sure that there is not a network statement for the subnet containing 172.16.22.200.

8) on CE2 configure a static route perhaps for the host specific 172.16.22.200 or perhaps for the local subnet containing that address. 

9) on CE2 configure IP SLA to monitor reachability of 172.16.22.200 and to withdraw the static route if the server is not reachable.

10) on CE2 configure OSPF to redistribute static, specifying that the redistributed route will be E2 and specifying a metric to be used in the redistribution which is noticeably higher than the metric specified on CE1.  If there is more than one static route configured on CE2 then the redistribution logic will need to be adjusted to treat the server address differently than the other static routes. (or perhaps it is fine to have all these static routes as E2 with that metric)

11) Now we have a situation where CE3 is advertising the complete subnet of 172.16.0.0/16, CE1 is advertising a more specific route for 172.16.22.200, and CE2 is advertising a similar E2 route with a higher metric. Since more specific routes are preferred and E2 with lower metric is preferred over E2 with higher metric,  any traffic for 172.16.22.200 will be forwarded to CE1 if it is available and otherwise will be forwarded to CE2 while other traffic for 172.16.0.0 is sent to CE3. And if the server becomes not available the route is withdrawn.

 

HTH

 

Rick

HTH

Rick

ปลาวาฬทราย RMUTT CPE IX
Level 4
Level 4
In response to Richard Burts

‎06-27-2019 04:38 AM

This is current configuration:

Spoiler

CE1#
track 1 ip sla 11 reachability
 delay down 10 up 1
!
ip route 172.16.22.128 255.255.255.128 FastEthernet0/1.22 track 1
!
ip sla 11
 icmp-echo 172.16.22.200 source-ip 172.16.22.254
 frequency 10
ip sla schedule 11 life forever start-time now


CE2#
interface GigabitEthernet0/1
ip address 10.10.10.3 255.255.255.248
ip access-group Block_echo_22.254 in
!
ip access-list extended Block_echo_22.254
deny icmp host 172.16.22.254 host 172.16.22.200 echo
permit ip any any

I found the 2 issues:

  1. Should we block the ICMP Echo like the CE2 configuration above to prevent IP SLA reachability from CE1 when server under CE1 down?

  2. When the server under CE1 come back, the CE1 still see the route from CE2 because it is the longest match (/25) than the connected (/24), how should I do?

Thank you very much.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-27-2019 09:08 AM

The most recent post says here is the configuration, but there is no configuration information.

 

For the 2 issues:

1) I think that you should block the ICMP like CE2.

2) I do not understand the question. My suggestions included a static route on CE1 more specific than the connected /24. Have you done that? Are you saying that does not work?

 

It really would help if we had some specifics of the configurations.

 

HTH

 

Rick

HTH

Rick

ปลาวาฬทราย RMUTT CPE IX
Level 4
Level 4
In response to Richard Burts

‎06-27-2019 07:13 PM - edited ‎06-27-2019 07:14 PM

@Richard Burts wrote:

2) I do not understand the question. My suggestions included a static route on CE1 more specific than the connected /24. Have you done that? Are you saying that does not work?

When the 22.200 under the CE1 come back, it can't ping to the gateway.

sapcb.jpg

This is the routing table on CE1:

cvvcb.jpg

I tried to 'clear ip ospf process' on CE2, the 22.200 under the CE1 can ping to the gateway. How should I do?

 

Thank you very much.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ปลาวาฬทราย RMUTT CPE IX

‎06-28-2019 07:25 AM

Am I correct in understanding that the ping that you posted was generated on 172.16.22.200? In that case the error message from 172.16.22.200 destination host unreachable is especially interesting.

 

It looks like CE2 has a static route for 172.16.22.128/25 that is being redistributed into OSPF. Is that correct? Is there a similar static route on CE1?

 

My suggestion was to have equivalent static routes on CE1 and CE2 and to redistribute these routes into OSPF as E2 routes and specifying a metric on CE2 that is higher than the metric used on CE1. If that is done correctly then when CE1 is up it should be used, if CE1 is not up then CE2 should be used, and when CE1 becomes available again then it should be used.

 

My suggestion mentions perhaps using a host specific static route or perhaps a static route for the local subnet. You have implemented the static route for /25 which is not quite either and that seems perhaps to have created a problem. Perhaps you might change the static route and try the host specific static route and see if it works better.

 

Am I correct in understanding that CE1, and CE2, and CE3 all have 172.16.22.0 as a local network? That creates a bit of a challenge. If that is the case then it is a good reason to use the host specific static route.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card