10-23-2009 02:30 AM - edited 03-04-2019 06:28 AM
Dear Experts
I have a scenario where by there are a couple of headOffice routers running mGRE to multiple spokes running GRE. Each of the HeadOffice router is connected to a firewall and then onto its internet links (at different HOffice locations)
Is there a way where we can turn the mGRE interface go up/down based on a ping response from a public IP address. The idea is to have the GRE spokes route the internet traffic out the other tunnel interface that terminates on the second HeadOffice router's mGRE tunnel.
So, just to rephrase it, the failover mechanism of internet (outbound) traffic will be based on the status of the GRE tunnel interface.
Any quick response would be greatly appreciated.
Many thanks
Kind Regards
Arav
10-23-2009 02:33 AM
Changing interface status is not an option but you can use object tracking to route traffic dependant on the ping response.
regards,
Leo
10-23-2009 02:59 AM
hi Leo
Thank you for your quick reply. This is what I'm doing now but since its mGRE and there are more than 250 spokes, I was thinking of doing something better than running ip sla on all of them & tracking them from the spokes which i'm doing currently. I was thinking of a way the gre tunnel would be brought up/down and use the gre tunnel keep mechanism to pull the spoke end's tunnel status down alng with it. Many thanks for your reply anyways.
Regards
Arav
10-23-2009 04:06 AM
Have you considered running a dynamic routing protocol across your mGRE topologies?
10-23-2009 04:21 AM
Hi Joseph,
A dynamic routing protocol won't be possible because this setup is for internet access and hence 0.0.0.0 will need to be advertised from the mgre headend. but, the 0.0.0.0 route is already being used for the mpls vpn through the dialer interface. so im having to policy route all the guest_vlan internet bound traffic onto a tunnel interface.
cheers
arav
10-23-2009 12:06 PM
EEM can do this for you. Create IP SLA, Track it, have EEM applet take action on the event.
ip sla 1
icmp-echo 192.168.7.2
frequency 15
ip sla schedule 1 life forever start-time now
track 1 rtr 1
event manager applet Tunnel_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface Tunnel 0"
action 1.3 cli command "shutdown"
action 1.4 cli command "end"
event manager applet Tunnel_UP
event track 1 state up
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface Tunnel 0"
action 1.3 cli command "no shutdown"
action 1.4 cli command "end"
10-26-2009 06:13 AM
Dan, That's great ! I will try that today and let you know how it works. Looks like this will just do the job.
Many thanks again
Arav
11-02-2009 03:27 AM
Hi Dan
I am back at work and tried this but the event track command doesn't appear to be in there.
I am using - flash:c3825-spservicesk9-mz.124-3g.bin.
RNLI-LBS-internet-EX(config-applet)#event ?
application Application specific event
cli CLI event
counter Counter event
interface Interface event
ioswdsysmon IOS WDSysMon event
none Manually run policy event
oir OIR event
snmp SNMP event
syslog Syslog event
timer Timer event
RNLI-LBS-internet-EX(config-applet)#event track 1 state down
^
% Invalid input detected at '^' marker.
RNLI-LBS-internet-EX(config-applet)#
It would be greatly helpful if you or someone could advise me on how to implement this using event manager.
Many thanks
Regards
Arav
11-02-2009 07:08 AM
Hi Arav,
Event track was added in 12.4T train. If you need to stay on the current code the event track can be changed to event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Down->Up" for Tunnel_Up and event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Up->Down" for Tunnel_Down.
11-02-2009 09:02 AM
Thank you Dan. I have actually enabled logging. Do I have to do anything in specific to get to generate the %TRACKING... syslog messages ?
-LBS-Internet-Aztw-CE2#sh logg
Syslog logging: enabled (11 messages dropped, 3 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 20 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level debugging, 398 message lines logged
Logging to 2.3.232.221 (udp port 514, audit disabled, link up), 8 message lines logged, xml disabled,
filtering disabled
LBS-Internet-Aztw-CE2# sh run | sec logg
logging userinfo
logging buffered 4096 debugging
no logging console
no logging monitor
logging cns-events debugging
ip sla monitor logging traps
logging trap debugging
logging facility syslog
logging 2.3.232.221 --> this very router (as i am not using any syslog servers..)
Its not working at the moment because I don't see any %TRACK.. messages in my logg buffer. Not sure how the matching of syslog patterns will work in your exmaple.
many thanks
Arav
11-03-2009 08:13 AM
Hi Arav,
Can you post your EEM applet, track statement, and IPSLA policy?
Thanks,
Dan
11-06-2009 03:15 AM
Hi Dan
Thank you for all your help. I have managed to implement this in a different way with the help of a senior personnel. The problem was that there being a default route pointing to the dialer interface at the spoke router, the public internet vlan couldnt get out to the internet using another default route. So, we've implemented a vrf and used mgre tunnels throughout.
But one simple question still remains. How do I get such a syslog message as %TRACKING.... on the log buffer ? It would be nice if you would help me with that answer.
Many thanks for all your help
Regards
arav
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide