05-28-2017 02:40 PM - edited 03-08-2019 10:45 AM
I was just curious why there is no Backup channel on some traffic class and backup channel on others.
Exchange Application:
Dst-Site-Prefix: 192.168.0.0/6 Application: exchange DSCP: default [0] Traffic class id:48670 app_id:218103857
Clock Time: 20:44:35 (UTC) 05/28/2017
TC Learned: 00:07:24 ago
Present State: CONTROLLED
Current Performance Status: in-policy
Current Service Provider: INET1 since 00:06:53
Previous Service Provider: Unknown
BW Used: 0 Kbps
Present WAN interface: Tunnel11 in Border 172.16.1.1
Present Channel (primary): 275 INET1 pfr-label:0:11 | 0:0 [0xB0000]
Backup Channel: none
Destination Site ID bitmap: 1
Destination Site ID: X.X.X.X
Class-Sequence in use: 70
Class Name: email using policy low-latency-data
BW Updated: 00:03:24 ago
Reason for Latest Route Change: Uncontrolled to Controlled Transition
Route Change History:
LDAP Application
Dst-Site-Prefix: 192.168.0.0/16 Application: ldap DSCP: default [0] Traffic class id:48726 app_id:50332037
Clock Time: 20:50:58 (UTC) 05/28/2017
TC Learned: 00:04:15 ago
Present State: CONTROLLED
Current Performance Status: in-policy
Current Service Provider: INET1 since 00:03:44
Previous Service Provider: Unknown
BW Used: 1 Kbps
Present WAN interface: Tunnel11 in Border 172.16.1.1
Present Channel (primary): 276 INET1 pfr-label:0:0 | 0:0 [0x0]
Backup Channel: 284 INET2 pfr-label:0:0 | 0:0 [0x0]
Destination Site ID bitmap: 0
Destination Site ID: X.X.X.X
Class-Sequence in use: 10
Class Name: net-admin using policy low-latency-data
BW Updated: 00:03:49 ago
Reason for Latest Route Change: Uncontrolled to Controlled Transition
Route Change History:
05-29-2017 07:33 AM
Are you using IWAN or standard PFR on its own ?
check the master and border router where the policies are held and pushed , you will see if there is configuration setup for a backup path for that traffic , in some cases they wont want certain traffic making use of the internet paths as they mat not be as stable as the say the MPLS , its all based on design and what traffic gets shifted where when the thresholds etc are met, they may only want exchange traffic over the primary for that reason
05-29-2017 07:55 AM
We are using IWAN. The Master controller shows backup channel for exchange, but on the Spoke it does not show backup channel for exchange.
05-29-2017 07:55 AM
Then you have an issue somewhere maybe on the spoke itself , it should show its path if its setup right and the dscp markings are set for the backup path too as its the redundant path , I cant say really anything further from what's been provided but I would look at a working application and follow it through against the exchange app and see where the diff is in config master to spoke , something has to be causing it , in pfr it doesn't just chose you set it to do that
05-29-2017 07:56 AM
Correction we are using IWAN
05-29-2017 07:59 AM
same thing were using IWAN too its just got even more config to look at unfortunately
so when you do a show domain XXXXX master traffic-class... your not seeing the backup channel on spoke at all like below for all traffic-classes , you have setup per application on spoke side instead for all apps ?
Present WAN interface: Tunnel12 in Border x.x.x.x
Present Channel (primary): 806 H2S_I pfr-label:2:12 | 0:0 [0x20C0000]
Backup Channel: 793 H2S_M pfr-label:2:11 | 0:0 [0x20B0000]
05-29-2017 08:15 AM
For some destination I am seeing back channels for some on the spoke, but not for all application.
"you have setup per application on spoke side instead for all apps ?"
I'm not sure are you asking me if I have to setup backup channels per application?
The HUB set all the configs automagically on the spokes
BTW how is IWAN working out for you guys?
05-29-2017 08:26 AM
this is difficult without seeing design and setup as IWAN Pfr can be built multiple ways ,on you're spoke sites you have 2 links yes ?
what command on the spoke sites are you using to see that the exchange traffic is not on the backup , I check mime with the command above which shows a present path for primary and backup traffic all classes not application specific , the application specific stuff is set on the master router and then the border router enforces it what's on the master
BTW how is IWAN working out for you guys?
We have had to move through multiple images to find a stable release to stop tunnels failing and we also had issues with certs authentication and DMVPN but were over the hurdle now a bit it seems , its a good technology but some of the images seem to have problems , were running .155-3.S5 on ASRs and 4331s which seems ok now , not seeing half the issues as the earlier images
05-29-2017 08:37 AM
Yes we have two links on the spoke.
The command I am using is " show domain XXX master traffic-classes | begin exchange.
Seems like we're running into the same hurdles you guys are.
We have two data centers. We are at the begging stages of deploying IWAN and currently testing on one spoke.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide