Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
2
Helpful
7
Replies

Approaches for DIA backup path selection

Go to solution
stevesmith741
Level 1
Level 1

‎06-28-2024 06:31 AM

Hi all,

We have a customer that has three internet links at each site (gold, silver, bronze) and wants to reserve the gold service for one group of users, and the silver service for another, with each able to use the other when theirs is not available. The bronze is to act as a last resort when both gold and silver are down. We have a centralised data policy to assign traffic from the different user groups to different local TLOC colours based on source address, and rely on fallback to the other path when their colour TLOC is not available. Trouble is, how to enable fallback to the bronze service? If we leave it enabled, it can be chosen as a backup path when either gold or silver goes down, due to ECMP routing decision process. So we keep it disabled until required at present. Hardly optimal. In the absence of a lab to test possible solutions, I'm wondering if anyone has experience with any of these option below.

Approach 1 would be to set the cost of the static default used for the bronze service higher (i.e., create an old old-fashioned floating static route). I know I can do this via the CLI on the Catalyst Edge router (ip route 0.0.0.0 0.0.0.0 <next-hop> 200), and I can see a "distance" parameter that can be applied to the next-hop entry in the vManage VPN template, but does this template "distance" translate to a CLI route metric, or is this used to set the admin distance for comparison against other protocols?

Maybe I could use a CLI template instead? Or maybe I've missed some other option in a template that I should use?

Approach 2. Assign different preferences to multiple TLOCs in a TLOC list, and reference that TLOC list in the set action of the policy match. I can't see a way to create TLOC entries that don't include TLOC system IDs, so how to use this approach for DIA eludes me and maybe it can't be done. Once again, I have no way to lab test this theory.

Approach 3. Use a dynamic routing protocol for one of the internet services and rely on differences in administrative distance to suppress the bronze service default route unless it is the only viable path.

Sorry for the long-winded question!

Steve

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP
In response to stevesmith741

‎07-04-2024 01:37 AM

That distance is Administrative Distance which is used to select best path. We, normally, don't call it as "metric" , because metric is something related to routing protocols like OSPF/EIGRP etc.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Kanan Huseynli
VIP
VIP

‎06-29-2024 03:23 PM

Hi,

the first question: do you use restrict or different tunnel group among different colors? Or full mesh design?

Basically between locations A and B do you have 3 tunnels or 9?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to Kanan Huseynli

‎06-29-2024 03:27 PM

Also, note that under tunnel there is option "last-resort" which comes available only when all other TLOCs are down (mostly used for LTE to save cost, but in your case it should also work).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
stevesmith741
Level 1
Level 1
In response to Kanan Huseynli

‎06-30-2024 06:22 PM

Hi Kanan, thanks for taking the trouble to reply. Excuse my ignorance here, but I’m wondering how tunnel groups or tunnel mesh consideraitons relate to Direct Internet Access? Can you illuminate?
Steve
0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to stevesmith741

‎07-01-2024 10:16 AM

Sorry, my bad. I've read DIA as AAR (app based routing). I'll re-check all and comment

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
Kanan Huseynli
VIP
VIP

‎07-03-2024 12:11 AM

Hi,

option 1 and 3 works. You need higher AD for last-resort path. For primary paths use tracker as well (if static routing is used) to avoid blackhole when link is working but ISP itself has problems (old style prevention method).

Use, local TLOC in data policy to chose actual path. When primary/secondary paths are down due to floating static route last-resort will be chosen.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Go to solution
stevesmith741
Level 1
Level 1
In response to Kanan Huseynli

‎07-03-2024 09:08 PM

Great, thanks Kanan. I like the simplicity of the floating static route, just not sure how I would apply it from a template. Will setting the "distance" parameter that I see can be applied to the next-hop entry in the vManage VPN template affect this metric, or is there some other trick to pushing out from vManage? Remember, I don't have a vManage instance in my very limited lab unfortunately...

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to stevesmith741

‎07-04-2024 01:37 AM

That distance is Administrative Distance which is used to select best path. We, normally, don't call it as "metric" , because metric is something related to routing protocols like OSPF/EIGRP etc.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents