Solved: what is set next hop verify availablity ????

selva Kathir · ‎06-12-2013

HI all,

I came across the below configuration on my wan router which has two uplinks through 2 isps.

Can any one help me to understand how set ip next-hop verify-availability command works .

route-map abc permit 10

match any

set ip next-hop verify-availability x.x.x.x 1 track 1

set ip next-hop verify-availability y.y.y.y track 2

ip sla 1

icmp-echo x.x.x.x source-interface serial 0/0/1

ip sla schedule 1 life forever start-time now

ip sla 2

icmp-echo y.y.y.y source-interface Serial0/2/1

ip sla schedule 2 life forever start-time now

this route map is applied on my Downlink interface which connects to my various lan segments .

Thanks in advance ,

Selva .

Bilal Nawaz · ‎06-12-2013

No, I didnt mention about creating default route. It is not interfering with routing table at all. All traffic where the route-map is applied, if it matches the route-map (which is match anything), router will set the next hop of those packets to be x.x.x.x or y.y.y.y depending on circumstances. There's no routes involved here.

If you take out the track commands your PBR will fail (policy based routing). You are doing source based routing with PBR not destination as normal.

The track commands are there so that you can ensure with your PBR that you are not going to black hole your traffic.

If none of your next hop's are available and tracking is in a down state for both, all traffic will be treated as normal.

Its kind of like your ON OFF switch for PBR.

With your PBR all traffic is going to next-hop x.x.x.x first, what happens with x.x.x.x fails? If you didnt have ip sla and tracking, your router would still try and send to x.x.x.x but would never realise that its dead - with tracking and verify-availability it will turn the PBR OFF for that particular rule (set). So without this, your traffic is essentially blackholed. In your case you have a secondary y.y.y.y next hop. If this fails then the backup is to use the routing table.

Your track commands are tracking ip sla 1 and 2 respectively. If you was to remove this configuration, your next hop's would not be tracked or monitored for 'up' or 'down' state.

Hope this explains better

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

Bilal Nawaz · ‎06-12-2013

This feature means that it (the router) should do PBR - ONLY IF the next hop is available and it verifies that by CDP database. using tracking and SLA If the next hop is not available, PBR would not be active for that particular route-map sequence number.

From your config you are using ICMP-ECHO to verify that the next hop is available. In your case the first next hop is set to x.x.x.x, I believe that if x.x.x.x is not available, y.y.y.y is then used. If this is not available either, then traffic will flow as per normal according to the routing table.

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

selva Kathir · ‎06-12-2013

will it create a default route ???

virtualy

selva Kathir · ‎06-12-2013

What will happen if i remove the below configuration from the above router .

track 1 rtr 1 reachability

!

track 2 rtr 2 reachability

What this configuration is about ???

Bilal Nawaz · ‎06-12-2013

No, I didnt mention about creating default route. It is not interfering with routing table at all. All traffic where the route-map is applied, if it matches the route-map (which is match anything), router will set the next hop of those packets to be x.x.x.x or y.y.y.y depending on circumstances. There's no routes involved here.

If you take out the track commands your PBR will fail (policy based routing). You are doing source based routing with PBR not destination as normal.

The track commands are there so that you can ensure with your PBR that you are not going to black hole your traffic.

If none of your next hop's are available and tracking is in a down state for both, all traffic will be treated as normal.

Its kind of like your ON OFF switch for PBR.

With your PBR all traffic is going to next-hop x.x.x.x first, what happens with x.x.x.x fails? If you didnt have ip sla and tracking, your router would still try and send to x.x.x.x but would never realise that its dead - with tracking and verify-availability it will turn the PBR OFF for that particular rule (set). So without this, your traffic is essentially blackholed. In your case you have a secondary y.y.y.y next hop. If this fails then the backup is to use the routing table.

Your track commands are tracking ip sla 1 and 2 respectively. If you was to remove this configuration, your next hop's would not be tracked or monitored for 'up' or 'down' state.

Hope this explains better

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

jerryroy777 · ‎05-27-2020

I am unclear about a few things with this response and maybe someone can offer suggestions :)

1) Is it doing PBR or no?
2) I have two ISP's, I want to utilize both circuits, would a route map for each ISP be an answer for this? What I mean is we have load balancers up front and they do round robin, I would like traffic that came in one ISP to go out the same ISP. Are the sla's typically only for a failover scenario?
3) Which would be a better option between doing track under the route map vs track on default route?

IP SLA Tracking on route-map:

route-map PolicyRoute-vz permit 20
match ip address route-VZ
set ip next-hop verify-availability x.x.x.x 1 track 1

route-map PolicyRoute-cl permit 30
match ip address route-CL
set ip next-hop verify-availability y.y.y.y 2 track 2

IP SLA Tracking on routes:
route outside-VZ 0.0.0.0 0.0.0.0 x.x.x.x 1 track 1
route outside-CL 0.0.0.0 0.0.0.0 y.y.y.y 2 track 2

ip sla 1

icmp-echo x.x.x.x source-interface outside-VZ

ip sla schedule 1 life forever start-time now
ip sla 2

icmp-echo x.x.x.x source-interface outside-CL

ip sla schedule 1 life forever start-time now