Whacky default route tracking behavior on C1812 routers (IOS 12.4) with dual ISP

lapinmort · ‎12-01-2010

I have configured two C1812 routers with the same amount of RAM, Flash, IOS, and configuration except for the IP addresses and next hop routes. Yet they behave differently. Both routers use Fa0 and Fa1 as WAN interfaces to the ISP1 and ISP2 routers respectively.

Here is how the default routes are setup of both routers:

! A set is configured without tracking but a high AD. Without these, the IP SLA jobs fail and tracked routes don't come up.

ip route 0.0.0.0 0.0.0.0 10.0.0.1 200

ip route 0.0.0.0 0.0.0.0 20.0.0.1 200

! A set is configured with tracking

ip route 0.0.0.0 0.0.0.0 10.0.0.1 track 100

ip route 0.0.0.0 0.0.0.0 20.0.0.1 track 200

track 100 ip sla 10 reachability

track 200 ip sla 20 reachability

ip sla 10

icmp-echo 4.2.2.2 source fa0

scheduled to run forever

ip sla 20

icmp-echo 4.2.2.2 source fa1

scheduled to run forever

No ZBF or access lists configured.

Route maps used for NAT entries

On one router (this is the behavior I want), the routing table will initially show:

0.0.0.0/0 [200/0] 10.0.0.1

* [200/0] 20.0.0.1

Then the IP SLA jobs start pinging 4.2.2.2 from Fa0 and Fa1, and get a response.

The tracking objects are turned up, and the tracked routes with a higher precedence replace the previous set of routes. The routing table shows:

0.0.0.0/0 [1/0] 10.0.0.1

* [1/0] 20.0.0.1

Load balanced tracked routes. If one of them goes down, the other will remain, and once IP SLA succeeds again for the failed route, the route is reinserted in the routing table and load balances.

Now the other router behaves this way:

Initially the routes are load balanced using the static routes with a weight of 200:

0.0.0.0/0 [200/0] 10.0.0.1

* [200/0] 20.0.0.1

But IP the IP SLA jobs fail when trying to ping 4.2.2.2 from fa0 or fa1. Pings to 4.2.2.2 are successful however, when you specify a LAN interface as the source, or specify no source.

If I shut down Fa1, the IP SLA job 10 and track object 100 come up. And the routing table shows:

0.0.0.0/0 [1/0] 10.0.0.1

If I do a no shut on Fa1, the routing table still shows the same thing.

Anyone has an idea why those two routers would behave differently?

Thank you in advance for any replies.

Best,

Rado

Mohamed Sobair · ‎12-01-2010

Hi,

The Source specified in the IP SLA should be able and have access to the internet and ping 4.2.2.2. try to perform normal ping to 4.2.2.2 with a source of F0 or F1, if it fails , then the IP SLa would fail as well.

I assume that F0 is a private IP address and Your LAN have the public address , thats why when you dont specify a source, it takes the WAN interface as a source and it has no accessibility to the Internet precisely 4.2.2.2.

Make sure you specify the LAN interface as a source in your router for the SLA to be successful.

HTH

Mohamed

lapinmort · ‎12-01-2010

"try to perform normal ping to 4.2.2.2 with a source of F0 or F1, if it fails , then the IP SLa would fail as well."

I've done that. The funny thing is that it works fine on one router, and doesn't on the other. They have the same configuration, and my LAN/WAN interfaces are not mixed up.

I have something like this:

/ Fa0 (10.0.0.2) -------(10.0.0.1) ISP1 router-----Internet----\

Vlan 1 --| 4.2.2.2

(LAN) \ Fa1 (20.0.0.2) ------- (20.0.0.1) ISP2 router----- Internet----/

If I ping 10.0.0.1 from Fa0 and 20.0.0.1 from Fa1, it works just fine on both routers, as these entries are in the routing table.

So when I setup ip route 0.0.0.0/0 10.0.0.1 200 and ip route 0.0.0.0/0 20.0.0.1 200, I have the entries in the routing table showing as load balanced default routes, and you'd think that would allow me to ping 4.2.2.2 using the LAN interface or the WAN interfaces as source.

Rado

lapinmort · ‎12-02-2010

The problem was a route-map with a bad traffic matching access-list.

The access-list specified a LAN subnet that did not exist. As soon as I corrected it, I was able to ping 4.2.2.2 using fa0 and fa1 as sources.

Thanks for your assistance.

Rado