06-28-2024 06:31 AM
Hi all,
We have a customer that has three internet links at each site (gold, silver, bronze) and wants to reserve the gold service for one group of users, and the silver service for another, with each able to use the other when theirs is not available. The bronze is to act as a last resort when both gold and silver are down. We have a centralised data policy to assign traffic from the different user groups to different local TLOC colours based on source address, and rely on fallback to the other path when their colour TLOC is not available. Trouble is, how to enable fallback to the bronze service? If we leave it enabled, it can be chosen as a backup path when either gold or silver goes down, due to ECMP routing decision process. So we keep it disabled until required at present. Hardly optimal. In the absence of a lab to test possible solutions, I'm wondering if anyone has experience with any of these option below.
Approach 1 would be to set the cost of the static default used for the bronze service higher (i.e., create an old old-fashioned floating static route). I know I can do this via the CLI on the Catalyst Edge router (ip route 0.0.0.0 0.0.0.0 <next-hop> 200), and I can see a "distance" parameter that can be applied to the next-hop entry in the vManage VPN template, but does this template "distance" translate to a CLI route metric, or is this used to set the admin distance for comparison against other protocols?
Maybe I could use a CLI template instead? Or maybe I've missed some other option in a template that I should use?
Approach 2. Assign different preferences to multiple TLOCs in a TLOC list, and reference that TLOC list in the set action of the policy match. I can't see a way to create TLOC entries that don't include TLOC system IDs, so how to use this approach for DIA eludes me and maybe it can't be done. Once again, I have no way to lab test this theory.
Approach 3. Use a dynamic routing protocol for one of the internet services and rely on differences in administrative distance to suppress the bronze service default route unless it is the only viable path.
Sorry for the long-winded question!
Steve
Solved! Go to Solution.
07-04-2024 01:37 AM
That distance is Administrative Distance which is used to select best path. We, normally, don't call it as "metric" , because metric is something related to routing protocols like OSPF/EIGRP etc.
06-29-2024 03:23 PM
Hi,
the first question: do you use restrict or different tunnel group among different colors? Or full mesh design?
Basically between locations A and B do you have 3 tunnels or 9?
06-29-2024 03:27 PM
Also, note that under tunnel there is option "last-resort" which comes available only when all other TLOCs are down (mostly used for LTE to save cost, but in your case it should also work).
06-30-2024 06:22 PM
07-01-2024 10:16 AM
Sorry, my bad. I've read DIA as AAR (app based routing). I'll re-check all and comment
07-03-2024 12:11 AM
Hi,
option 1 and 3 works. You need higher AD for last-resort path. For primary paths use tracker as well (if static routing is used) to avoid blackhole when link is working but ISP itself has problems (old style prevention method).
Use, local TLOC in data policy to chose actual path. When primary/secondary paths are down due to floating static route last-resort will be chosen.
07-03-2024 09:08 PM
Great, thanks Kanan. I like the simplicity of the floating static route, just not sure how I would apply it from a template. Will setting the "distance" parameter that I see can be applied to the next-hop entry in the vManage VPN template affect this metric, or is there some other trick to pushing out from vManage? Remember, I don't have a vManage instance in my very limited lab unfortunately...
07-04-2024 01:37 AM
That distance is Administrative Distance which is used to select best path. We, normally, don't call it as "metric" , because metric is something related to routing protocols like OSPF/EIGRP etc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide