11-01-2012 03:47 AM - edited 03-07-2019 09:47 AM
Hi All
I need your valuable suugestions for implementing the redundancy in our site for wan connections
We are having two edge routers connecting our local network to external, one router is primary and other one is secondary as back up link, so I am planning to use hsrp on the internal interfaces of both the routers, and use tracking feature in hsrp for the external interface, we are using bgp for advertising all the routes externally so if the external link dies(say like bgp lost neighbourship), will HSRP still do the automatic failover?
I need you valuable suggestions and any better way to make the network stable
Many Thanks
Ven
Solved! Go to Solution.
11-01-2012 07:59 AM
Here is sample config
ip sla 1
icmp-echo 192.168.1.1 source-ip 192.168.1.2
frequency 5
ip sla schedule 2 life forever start-time now
track 1 ip sla 1 reachability
interface Ethernet1/0
ip address 192.168.23.2 255.255.255.0
standby 1 track 1 decrement 10
end
I am tracking reachability to 192.168.1.1 from source 192.168.1.2. with frequency of 5 seconds
Thanks
Raju
11-01-2012 10:26 AM
Stange, Feature Navigator claims both those IOSs support 'IP SLAs - ICMP Echo Operation'
11-01-2012 03:54 AM
Hi Ven,
Is it possible to run HSRP for both primary and secondary subnets?
A. Yes. The use of HSRP for secondary addresses is supported. This feature along with the multiple HSRP feature is beneficial in real networks. Refer to the Multiple HSRP Groups & Secondary Addresses section of HSRP Support for the configuration example
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml
As per
There a lot of technologies to load balance, you should ask ISP to work with you by BGP, and there you can configure route-maps. It is most preferable (imho).
Even you can use route-maps without BGP.
Or you can use IP SLA to loadbalance.
If you use HSRP, I think you need to divide for VLANs to load-balance.
Please refer
Currently Being Moderated
Please remember to rate the helpful tags
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-01-2012 07:09 AM
if you configure normal interface tracking, HSRP will failover to standby only if the interface goes down
if you want enhanced tracking, that is possible if rouing is down, the nexthop not reachable. In this case tracking next-hop reachbility is one method if your ISP is not blocking ICMP response
refernce link:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800a9679.shtml
If you don't want to do enhance tracking, you can run IBGP between the 2 HSRP routers. So even-if the primary HSRP doesn't have BGP up with ISP, still it will have the routes learned via IBGP with stnadby HSRP routes. Packets will come to active router, then it will go to standby router.
Thanks
Raju
11-01-2012 07:51 AM
thanks for your replies,
so tracking next hop is enabled by default in bgp right how can we relate it to internally as we are just using static routing internally and bgp among our global network on edge routers, can you please provide me with a sample configuration of tracking the next hop,
let me know if got it wrong
11-01-2012 07:59 AM
Here is sample config
ip sla 1
icmp-echo 192.168.1.1 source-ip 192.168.1.2
frequency 5
ip sla schedule 2 life forever start-time now
track 1 ip sla 1 reachability
interface Ethernet1/0
ip address 192.168.23.2 255.255.255.0
standby 1 track 1 decrement 10
end
I am tracking reachability to 192.168.1.1 from source 192.168.1.2. with frequency of 5 seconds
Thanks
Raju
11-01-2012 08:47 AM
Hi Raju
thanks for the info unfortunately ipsla is not supported on the router, so what would be the recommended way to work around , thanks for your assitance agian
Many Thanks
Ven
11-01-2012 09:02 AM
IP SLA has been shifting down to lesser feature set on some platforms, so you might be able to obtain it by upgrading within your existing feature set. What's the part number and IOS version on your existing devices?
11-01-2012 09:23 AM
you ma be running IP Base licence which doesn't support IP SLA. You need advanced lincence like Sec, UC or Data
As I mentioend eariler, an IBGP between the HSRP routers is another option you can thnik off to avoid traffic blackholing
Thanks
Raju
11-01-2012 09:27 AM
So we are using two 3745 routers with ios image of c3745-adventerprisek9-mz.123-8.T6.bin, as you can see from image below both routers are connected on to different switches,
we are having two 2921 aswell in new site with c2900-universalk9-mz.SPA.151-4.M4.bin
none of them supporting the feature ipsla, so hsrp is doing the failover setup when interface is down but tracking the next hop is my concern now,
appreciate guys for your feedback and valuable time
11-01-2012 10:26 AM
Stange, Feature Navigator claims both those IOSs support 'IP SLAs - ICMP Echo Operation'
11-05-2012 04:17 AM
Hi
I tried to set up ip sla icmp echo reachability set up on the router 2921 model with c2900-universalk9-mz.SPA.151-4.M4.bin image, but I am not having the options as you can see below, so upgrading ios to UNIVERSAL c2900-universalk9-mz.SPA.152-4.M1.bin will help?
Please let me know if there is any different configurations for ipsla icmp echo reachability (tracking next hop) set up on the exsisiting ios image
router1(config)#ip sla ?
key-chain Use MD5 Authentication for IP SLAs Control Messages
responder Enable IP SLAs Responder
server IPPM server configuration
Many Thanks
Ven
11-05-2012 05:47 AM
Hi,
since you have two BGP Routers to external, you should^Wmust set up an internal BGP session between them.
The worst thing which would happen if your primary WAN Connection failes,
the traffic will be forwareded by the primary WAN Router
thru it's LAN (or a private) connection to the Backup-WAN Router.
The HSRP/VRRP thing is good for preparation of the death of on of the two devices (or its power supplies).
Testing your ISP's bgp router with ip sla reachability or "ping" or so
will give you most of the time the same result as seeing the bgp/tcp/ip session going down;
Today, isp's tend to rate-limit control-plane traffix to their routers,
so you may see massive paket-lost pinging your ISP's infrastructure
while "internet routing " perfectly works.
Juergen.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide