Solved: IP SLA Reroute Question

cajunsausage · ‎03-16-2021

I have an IP SLA, Setup to reroute my traffic from Site A to an alternative location (Site B) if pings to my ISP fail for 30 seconds.

My question is:

In my situation where I was tracking an ICMP Echo reply from our ISP, I ran into a rather rare situation where I needed to have my IP SLA trigger and change the route automatically to my alternate location (Site B), but NOT come back when Site A comes back online. Unfortunately, I can't make the track statement delay up longer than 180 seconds and in my latest outage, I needed more time to ensure a clean circuit before switching it back, because my circuit was bouncing every 7 to 10 minutes and we were in the middle of a huge Board / Director meeting online.

I would prefer to just leave the internet traffic routing through Site B until the meeting was over. Maybe IP SLA is not the right technology or maybe I need to combine it with something else like a route-map...is that possible? Any suggestions would be greatly appreciated. Thanks for any help.

Reza Sharifi · ‎03-16-2021

Thanks for the diagram!

I don't see any command to block the preemption of IP SLA when the primary site comes back online but in a situation where the primary provider is having problems, you can shut that circuit down until the provider stabilizes and then wait for 12 or 24 hours before bringing it back online. I know this is manual and not dynamic but it can work especially if both circuits have the same speed.

HTH

View solution in original post

Reza Sharifi · ‎03-16-2021

How do you connect to your ISPs? Do you use BGP to static route?

Also, do you use HSRP or VRRP facing the LAN side of the network?

Maybe a diagram showing how all devices are connecting to the ISPs and the internal network would be helpful.

HTH

cajunsausage · ‎03-16-2021

All very basic static routing, no HSRP, or VRRP facing LAN side. Using dual stacked switches for Core on LAN Side.

All outbound internet traffic is prioritized to SITEA Internet.

If SITEA drops, All internet is forwarded to SITEB for outbound.

I have created a simple diagram with fake IPs, but commands are the same and should reference them as they are setup on my devices. Sorry can't paste config this quick. too much to sanitize.

I'm going to eventually get this network rockin on dynamic routing and SD-WAN and all kinds of HA, but in the interim, this is the thorn in my side.

Reza Sharifi · ‎03-16-2021

Thanks for the diagram!

I don't see any command to block the preemption of IP SLA when the primary site comes back online but in a situation where the primary provider is having problems, you can shut that circuit down until the provider stabilizes and then wait for 12 or 24 hours before bringing it back online. I know this is manual and not dynamic but it can work especially if both circuits have the same speed.

HTH

cajunsausage · ‎03-17-2021

Thank you very much for the reply. I agree with your response and have pretty much narrowed it down to 1 of 3 options:

1. Manually shut down the interface going out to the SITEA FW

2. Manually remove the default Route to the SITEA FW

3. Get Crazy with EEM or Python, neither of which I know anything about

Obviously I would prefer something dynamic, but in the absence of automation, I may have to start investigating either EEM or Python.