Solved: Re: Failover routing with SLA

psaravanan · ‎04-03-2011

Hi Friends,

I have one query on failover of the link routing in core switch.

My primary link is MPLS which is connected from MPLS router to Coreswitch, So whenever MPLS goes down then the traffic should route to IPSec Site to Site VPN tunnel through Internet firewall.

Please suggest which failover is possible and more realiable and flexible.

Whether Static route with change administrative Distance from 1 to 2 or

IP SLA technology.

I am newly heard the IP SLA failover. Please suggest which failover is better and more flexible.

Is there any other protocol for failover is there.

Note: My current Core switch is 3750 switch, but going ahead will replace to cisco 6506 switch.

Thanks in advance.

Regards,

Saravanan

Jon Marshall · ‎04-03-2011

Saravanan

In answer to your general question, static routes with higher AD (floating statics) work well with P2P links such as serial where if the far end goes down then so does the local interface and then the usual default-route is removed from the routing table and the floating static is used.

Where floating statics don't work is with ethernet for example ie.

R1 -> SW1 -> R2

on R1 you have your floating static. The trouble happens when R2 goes down or the interface on R2 goes down. Because the R1 interface is connected to a switch then it stays up and so even though the path is no longer available R1 does not know this and does not replace the usual default-route with the floating static. In this scenarion you need to use IP SLA to check the availability of R2.

So it really depends on how you are connected to your WAN.

Jon

View solution in original post

Haris P · ‎04-03-2011

I think you can use static route with IP SLA tracking with different cost

ip sla monitor 2
type echo protocol ipIcmpEcho 200.200.200.200
ip sla monitor schedule 2 life forever start-time now

track 124 rtr 2 reachability

ip sla monitor 3
type echo protocol ipIcmpEcho 100.100.100.100
ip sla monitor schedule 3 life forever start-time now

track 125 rtr 3 reachability

primary route

ip route 192.168.1.0 255.255.255.0 192.168.2.1 track 124

secondary route can be configured with higher cost,say 200

ip route 192.168.1.0 255.255.255.0 192.168.2.50 track 125 200

in normal situations for secondary route no need to have ip sla tracking ,because it will work only when primary goes down

Jon Marshall · ‎04-03-2011

Saravanan

In answer to your general question, static routes with higher AD (floating statics) work well with P2P links such as serial where if the far end goes down then so does the local interface and then the usual default-route is removed from the routing table and the floating static is used.

Where floating statics don't work is with ethernet for example ie.

R1 -> SW1 -> R2

on R1 you have your floating static. The trouble happens when R2 goes down or the interface on R2 goes down. Because the R1 interface is connected to a switch then it stays up and so even though the path is no longer available R1 does not know this and does not replace the usual default-route with the floating static. In this scenarion you need to use IP SLA to check the availability of R2.

So it really depends on how you are connected to your WAN.

Jon

psaravanan · ‎04-03-2011

Thanks Marshall/Harish,

I think, In my scenario SLA with static route will be best option. Once again I will explain my scenario.

My primary link is MPLS, which has Data, VOIP and Vconf will pass through the link. When primary goes down, we are plan to create a site to site VPN tunnel, which should pass Data and Vconf traffic only.

Remote MPLS -------------------------------> Local MPLS----------------> Core switch <-----------------Internet firewall <--------------Internet router

router (Customer end) router (our end) (L3 switch) (ASA 5510 VPN tunnel)

Primary link should pass data, VOIP and vconf and when primary goes down then Data and vconf should pass through VPN tunnel.

Next scenario,

Primary and secondary both links should be in active, when primary goes down then all traffic should pass through VPN tunnel.

Thanks in advance,

Rgds,

Saravanan.

psaravanan · ‎04-11-2011

Hi Jon Marshall,

I have 3750 switch (c3750-ipbasek9-mz.122-50.SE1.bin). I need to implement IP SLA route decision maker.

I try to configure

ip sla operation-number and below . but i am not able to configure.

It shows IP sla responder or key-chain.

but i need to configure SLA with routing decision.

Pls let me know, whether Ipbase IOS can support SLA.

I saw the configuration on the below link, but I can't configure it on the switch.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swipsla.html

Pls help me, to configure IP SLA with primary route and secondary route.

Thanks and regards,

Saravanan

samavedula_rama · ‎04-11-2011

It will support

ip sla 1

icmp-echo x.x.x.x source y.y.y.y [x.x.x.x is the remote address to monitor,source is optional]

freq xx [optional,how frequent icmp echo should be sent]

track 1 rtr 1

ip sla schedule 1 start-time now life forever

Should do it.

psaravanan · ‎04-11-2011

Hi Rama mohan,

Thanks for your reply,

I try to configure ip sla 1, but in configuration mode it shows ip sla responder and key-chain command only available while type IP SLA.

In track command also, i tried it.

track ip

(It only display)

Pls suggest is there any option/command to enable Ip sla operator-number and other options.

I already that IP sla in configuration mode.

Regards,

Saravanan

samavedula_rama · ‎04-11-2011

My bad.

c3750-ipbasek9-mz.122-50.SE1 only supports IP SLA responder.

You might want to consider c3750-ipservicesk9-mz.122-50.SE1 instead

Check the feature navigator if you have any questions.

http://tools.cisco.com/ITDIT/CFN/Dispatch

Thanks.

psaravanan · ‎04-12-2011

Hi All,

Thanks for your support.

I upgraded into Ipservice image and i configured IP SLA in the core switch. The below scenario is created now.

192.168.10.1---------->192.168.10.4---------------------------->192.168.20.4-------------->192.168.20.1

Site A Core| switch Site A router link Site B router | SiteB Core switch

| |

|---------->192.168.10.5--------------------------> 192.168.20.5-----------|

redunt link

I configured IP sla responder on the site B core switch.

I have configured IP SLA on Site A coreswitch, but the routing is not happen while configure into track id.

Please check the configuration on the attachment.

Note: I had enabled delay on the track id reachability command also.

Thanks and Regards,

Saravanan

Haris P · ‎04-13-2011

Dear ,

Can you try after removing the below two commands and

try ?

track resolution ip route static 1

ip sla enable reaction-alerts

psaravanan · ‎04-13-2011

Hi Haris,

Thanks for your reply,

I have removed the above two lines, after then also the routing is not happen.

I have tried to configure IP route with Track value(10) and backup is IP route static with metric value 50.

But it has routed with static route with metric 50, I don't know, why the track value is not happen.

Then I tried to configure both Primary and secondary IP route with Track value (10,15).

But the routing is not initiated.

Please help to me the solve the issue.

Regards,

Saravanan.

psaravanan · ‎04-15-2011

Hi All,

Please let me know is there any update?