Re: SLA and directing icmp-ping

dschlic1 · ‎02-28-2020

I have a Cisco 3750 switch with IP services and running IOS 12.2. I am using SLA and tracking objects to handle redundant communications paths. The problem I am having is controlling where the ping issued by the SLA is going. It needs to go out the primary path, but when the primary path is down, it goes out the secondary. Some code snippets:

Port configuration:

!
interface GigabitEthernet1/0/7
description ** Link to Wastewater Radio on Top of Backwash Tower **
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/10
description ** Direct connection to AT&T router for Cellular Telemetry **
no switchport
ip address 10.18.252.1 255.255.255.0
!

port 7 is the secondary and port 10 is the primary.

SLA configuration:

ip sla 152

icmp-echo 10.16.2.52 source-ip 10.18.252.1

ip sla schedule 152 life forever start-time now

track 152 ip sla 152 reachability

ip route 10.16.2.52 255.255.255.255 10.18.252.2 track 152

ip route 10.16.2.52 255.255.255.255 10.15.1.52 201

VLAN configurations:

vlan 15

name WW_RADIO

interface Vlan15

ip address 10.15.1.200 255.255.255.0

The remote has two IP addresses, one for the cellular: 10.16.2.52 (Primary) and a second radio: 10.15.1.52 (secondary).

Any ideas why the ping is being directed to the secondary when the primary goes down? I was told that when a port is configures as a router port, and it issues a ping, that ping always goes out the physical port.

Cristian Matei · ‎03-01-2020

Hi,

SLA allows you to configure the source and destination, but not the egress interface, or restricting the egress interface. You can still achieve what you want, but not with that config:

- route the destination of your SLA (10.16.2.252) only towards the primary link, and make it permanent so it stays in the RIB even if the link fails: ip route 10.16.2.252 255.255.255.255 10.18.252.2 permanent; so remove the existing routes for 10.16.2.252

- leave your SLA and tracking as configured

- configure another static route to be tracked by your SLA, with failover; assuming the remote side also has IP of 20.20.20.20, and you would need to have reliable floating route, you would configure: ip route 20.20.20.20 255.255.255.255 10.18.252.2 track 152 and ip route 20.20.20.20 255.255.255.255 10.15.1.52 201

With that config, your SLA packets are only gonna be forwarded out the primary link.

Regards,

Cristian Matei.

dschlic1 · ‎03-04-2020

This issue is that there is no way to add an additional IP address/subnet to the cellular side. The cellular modems are on a private cloud so don't have access to the internet or any other networks/subnets.

paul driver · ‎03-01-2020

Hello

Try the the below, So when you lose the tracking reachability to that ip will get blackholed

no ip route 10.16.2.52 255.255.255.255 10.15.1.52 201

ip route 10.16.2.52 255.255.255.255 null 0 2

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

dschlic1 · ‎03-04-2020

Thanks for the various replies. Did some more testing and I think the issue is that the SLA is pinging an address which is being controlled by the SLA. So when the SLA sees that the primary path is down, it disables the cellular ip route which leaves the radio route. This is necessary for the date flow to switch from the cellular side to the radio side. However it also causes the SLA pings to swap also. Because the SLA pings and the data packets end up using the same ip routes, the system in this case fails. What is needed is a way to separate the SLA pings from the data packets. Does anyone have any ideas as how to do that?