Static Route Tracking (Primary and Backup Static Routes) - Page 2

AMU · ‎12-03-2019

Dear All,

I am looking for a solution for the following scenario. Any help in this regard would be highly appreciated.

There is one service running on servers which has additional virtual IP (30.30.30.1/30) which could be active on Site A or Site B at any given time but not on both sides at the same time. I need to use static routing on my "Layer 3 Device" which is connected to both Site A and Site B. I need to enable static route tracking to find out whether this Virtual IP is active on Site A or Site B and then somehow automatically change the routing table entry in the "Layer 3 Device" i.e.

If Virtual IP is active on Site A,

route via Site A Switch HSRP Gateway

otherwise

route via Site B Switch HSRP Gateway

is installed in the routing table. I know about IP SLA feature but i think i can't use SLA feature in this scenario. What options can I use in this scenario.

Thanks in advance.

Regards,
AMU

AMU · ‎12-05-2019

Hi Paul/Gerog,
I have used static routes for Site A, Site B and the VIPs respectively, not default route. But this script introduces a loop and it keeps on looping between both Applets. The conditions are same for both sides as we are tracking the same IPs irrespective of whether it is available on Site A or Site B. I have used track option by static route command in script but some how not a fully functional solution. Now my plan is to track the state of VIPs and also compare the already present next hop IP if it is via LOC1 GW or LOC2 Gw then create a new root accordingly.
Will share my final script. Thanks to both of you for your support.

paul driver · ‎12-05-2019

Hello

It was understood you didnt need or use default routes, what wasn't understood is the application you use for failover, and how it interacts with the routing - Hence my last question to you regards this -

How do the clients connect to this server - IP or FQDN if the latter then may be possible you only require the servers related DNS A host record to be updated to relate to either its site A or B IP address on failover, Then you wouldn't need any tracking and be able to continue with your exiting static routes on the L3 device pointing to each server ip address at each site.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AMU · ‎12-05-2019

Application will use IP, not FQDN.

paul driver · ‎12-05-2019

Hello
So your clients access this server via Ip address or just this application does?
What’s the failover application in use how does this integrate with the L3 device and the clients.

You dont mention what the server is running but why are the clients not accessing it via DNS ?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎12-05-2019

Hello,

I think the logic of your failover is not really clear, and your network consists of more than that one router in the middle ? Either way, in theory, with just one default route pointing to the other side, loops shouldn't be possible. If the VIP is active at let's say Site A, do Site A users still need to be able to reach Site B users ? And vice versa ?

paul driver · ‎12-05-2019

@AMU wrote:
Hi Georg and Paul,
Site A/B switches have a default route to Layer 3 Device and Layer 3 Device have site specific static routes to Site A and Site B networks plus the VIP static routes.

@Georg Pauwen wrote:

action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 ip_address_Site_A
action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 ip_address_Site_B
action 5.0 cli command "end"

event manager applet TRACK_VIP_UP
event timer countdown time 360
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no ip route 0.0.0.0 0.0.0.0 ip_address_Site_B
action 4.0 cli command "ip route 0.0.0.0 0.0.0.0 ip_address_Site_A

Either way, in theory, with just one default route pointing to the other side, loops shouldn't be possible.

I dont wont to dwell on this futher but you are incorrect @Georg Pauwen - Yes it would be possible having two direct devices pointing to each other with default routes as you suggested above CAN cause a loop

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎12-05-2019

--> Yes it would be possible having two direct devices pointing to each other with default routes as you suggested above CAN cause a loop

No. I did not suggest that the devices point their default routes to each other, but exactly the opposite, to the other site, based on the tracking of the VIP. So there will never be a default route pointing back to the site from where the traffic came from.

Either way, OP looks for a solution, I am curious what he comes up with.

paul driver · ‎12-03-2019

Hello
Okay so far so good, One more thing to confirm please

Between Site A< l3 device>site B its all static routing, with L3 device having multiple static routes relating to the subnets at either site (including the this vip server) and Site A-B havinjg default routes or specifc static routes towards the L3 device?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AMU · ‎12-03-2019

Hi Paul,

Yes the Switches 1/2 on both Sites A/B have default route to the "Layer 3 Device" Gateway respectively. But "Layer 3 Device" have static routing for Site A, Site B, VIP (require automatic adoption) and a default route to Internet.
Thanks.

paul driver · ‎12-03-2019

Hello @AMU
Thank you for the clarification -
Now regards this server, Having a host with the same addressing on two different routing domains isnt as simple to just use IP sla tracking, because the active site users wouldn’t route towards the L3 device if it that site has a local advertised subnet which the server resides in , you would need to stop advertising the whole subnet for routing to initiate accordingly.

How do you provide the resilency at present for this server or is this something new to be added.
Is there any chance of relocating this server onto the L3 device upstream of both sites, then resilience would be alot easier- -Apologies for all these questions?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AMU · ‎12-03-2019

The Application is responsible for activating or Failover the VIP at any site (A or B) at any given time. The servers have one IP in Network A/B as well.

paul driver · ‎12-03-2019

Humm...

How do the clients connect to this server - IP or FQDN if the latter then may be possible you only require the servers related DNS A host record to be updated to relate to either its site A or B IP address on failover, Then you wouldn't need any tracking and be able to continue with your exiting static routes on the L3 device pointing to each server ip address at each site.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AMU · ‎01-21-2020

Dear Paul/Georg,
Thank you very much both of you for your assistance. Here is the final script that worked for me.

event manager applet LOC-SwtichOver
event syslog pattern "ip sla 1 reachability Up -> Down"
action 10 cli command "enable"
action 11 cli command "show ip route | i 10.10.10.0"
action 12 set str1 "$_cli_result"
action 13 string first "192.168.253.254" "$str1"
action 14 set i "$_string_result"

action 15 if $i gt 1
action 16 cli command "enable"
action 17 cli command "conf t"
action 18 cli command "no ip route 10.10.10.0 255.255.255.240 192.168.253.254"
action 19 cli command "no ip route 10.10.10.0 255.255.255.240 192.168.254.254"
action 20 cli command "ip route 10.10.10.0 255.255.255.240 192.168.254.254"

action 21 else

action 22 cli command "enable"
action 23 cli command "conf t"
action 24 cli command "no ip route 10.10.10.0 255.255.255.240 192.168.253.254"
action 25 cli command "no ip route 10.10.10.0 255.255.255.240 192.168.254.254"
action 26 cli command "ip route 10.10.10.0 255.255.255.240 192.168.253.254"
action 27 cli command "end"

action 28 end

Many many thanks once again.

Best Regards,