Solved: Set outbound routing based on an IP SLA fail event??

jbankstonps · ‎12-26-2019

Greetings community,

I've been a big fan of IP SLA since its inception, I think in 2006, and use it in my own data center operations as well as my clients. I use it for PBR but it's a static fixed config.

The question is: can I have a PBR route-map on an interface that reroutes traffic based _ONLY_ on the IP SLA failing? Not when track is successful, but when track fails?

The reason is that I have a small customer whom has (don't laugh too hard) a cable modem provider that's flakier that corn flakes, and uses three AT&T xDSL 8 meg lines as backup. The need is that, in the event of the primary cable modem provider failing, the outbound traffic needs to be split up between the DSL lines to avoid a degree of overloading of traffic suddenly having to switch from high speed cable to slow speed DSL.

The route-map is below, nothing private to have to worry about:

! Match to send out Corp01
!
route-map reroute-internet-traffic permit 10
match ip address 131
set ip next-hop verify-availability 192.168.255.16 1 track 1
!
! Match to send out Corp02
!
route-map reroute-internet-traffic permit 15
match ip address 132
set ip next-hop verify-availability 192.168.255.17 2 track 1
!
! Match to send out Corp03
!
route-map reroute-internet-traffic permit 20
match ip address 133
set ip next-hop verify-availability 192.168.255.18 3 track 1
!
!-------------------------------------------------------------------------------
!
int gi0/0
ip policy route-map reroute-internet-traffic
exit
!
end

-------------------------

each access list 131 thru 133 states what traffic should route thru which DSL. In a normal PBR operation, this works perfectly fine, but we want this to kick in _ONLY_ if the track fails.

Ideas and comments are appreciated.

-Jeff

Jaderson Pessoa · ‎12-26-2019

@jbankstonps Hello

Did heard about event manager?

route-map reroute-internet-traffic permit 10
match ip address 131
set ip next-hop verify-availability 192.168.255.16
!
! Match to send out Corp02
!
route-map reroute-internet-traffic permit 15
match ip address 132
set ip next-hop verify-availability 192.168.255.17
!
! Match to send out Corp03
!
route-map reroute-internet-traffic permit 20
match ip address 133
set ip next-hop verify-availability 192.168.255.18

event manager applet REROUTE-POLICY-ON
event track 1 state down
action 0.5 syslog msg "Applying route-map on interface gigabitEthernet0/0"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gigabitEthernet 0/0"
action 4.0 cli command "ip policy route-map reroute-internet-traffic"
action 5.0 cli command "end"
action 6.0 syslog msg "Policy was applied successfully on gigabitethernet0/0"

event manager applet REROUTE-POLICY-OFF
event track 1 state up
action 0.5 syslog msg "Removing route-map on interface gigabitEthernet0/0"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gigabitEthernet 0/0"
action 4.0 cli command "no ip policy route-map reroute-internet-traffic"
action 5.0 cli command "end"
action 6.0 syslog msg "Policy was removed successfully on gigabitethernet0/0"

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

Jaderson Pessoa · ‎12-26-2019

@jbankstonps Hello

Did heard about event manager?

route-map reroute-internet-traffic permit 10
match ip address 131
set ip next-hop verify-availability 192.168.255.16
!
! Match to send out Corp02
!
route-map reroute-internet-traffic permit 15
match ip address 132
set ip next-hop verify-availability 192.168.255.17
!
! Match to send out Corp03
!
route-map reroute-internet-traffic permit 20
match ip address 133
set ip next-hop verify-availability 192.168.255.18

event manager applet REROUTE-POLICY-ON
event track 1 state down
action 0.5 syslog msg "Applying route-map on interface gigabitEthernet0/0"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gigabitEthernet 0/0"
action 4.0 cli command "ip policy route-map reroute-internet-traffic"
action 5.0 cli command "end"
action 6.0 syslog msg "Policy was applied successfully on gigabitethernet0/0"

event manager applet REROUTE-POLICY-OFF
event track 1 state up
action 0.5 syslog msg "Removing route-map on interface gigabitEthernet0/0"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gigabitEthernet 0/0"
action 4.0 cli command "no ip policy route-map reroute-internet-traffic"
action 5.0 cli command "end"
action 6.0 syslog msg "Policy was removed successfully on gigabitethernet0/0"

Jaderson Pessoa
*** Rate All Helpful Responses ***

jbankstonps · ‎12-27-2019

not only did I just learn about a very cool tool, but blast it all I can't make effective use of it......

The issue is that with _four_ egress points to track and control of which all could default information-originate, each possible egress point injects its DIO into the routing table with different metrics based on outbound preferences. So, even with the PBR and event mgr working, I did about 2 hours of troubleshooting to realize this is a bigger issue to tackle to bias outbound traffic to override a DIO metric'd route.

I removed the DIO metrics from each ISP border router to cause four equal cost DIO - it caused the ISP border router with the highest IP address in the OSPF table to become the preferred outbound path effectively ignoring the PBR config.

Drats....

So, I've got alot of testing to do to come up with that solution, but I'll find something. I'm thinking about going to static routing at the border routers and back up to the PBR router, initial testing looks promising!

Most appreciated, this ole dawg learned something new.

-Jeff

Joseph W. Doherty · ‎12-27-2019

You might look into whether PfR might be useful too.