Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2760
Views
0
Helpful
6
Replies

IP SLA. Tracking DNS Server Reachability in the Two ISPs

Vadym Belyayev
Level 1
Level 1

‎04-28-2013 11:45 AM - edited ‎03-07-2019 01:04 PM

Hello all,

I am trying to understand whether the CCNP route guide's article has no sense or I am a dumbass, because I do not find any sense in the example below:

R3 represents a branch office connected to two ISPs.

In this scenario Cisco IOS IP SLAs are used to track the reachability to the DNS servers (with IP addresses 10.0.8.1 and 10.0.8.2) and tie the results to the static default routes on R3.

If there is a DNS server failure, the Cisco IOS IP SLAs probes will fail, the static default route to that DNS will be removed, and all traffic will be rerouted toward the other ISP.

dns sla.png

Step 1. Verify reachability to the DNS servers.

Step 2. Configure Cisco IOS IP SLAs.

Step 3. Verify Cisco IOS IP SLAs operations.

Step 4. Configure tracking options.

Step 5. Configure static default routes or PBR that are tied to object tracking (the DNSservers).

Step 6. Verify dynamic operations and routing changes when the tracked objects fail.

*Note that EIGRP routing is configured and there is EIGRP connectivity toward DNS servers from R3... This is basically the main point of confusion.

R3 has:

ip sla monitor 99

type echo protocol ipIcmpEcho 10.0.8.1

frequency 10

ip sla monitor schedule 99 life forever start-time now

ip sla monitor 100

type echo protocol ipIcmpEcho 10.0.8.2

frequency 10

ip sla monitor schedule 100 life forever start-time now

* It should ping both servers forever using EIGRP route to reach them.

and also:

track 1 rtr 99 reachability

delay down 10 up 1

ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 1

track 2 rtr 100 reachability

delay down 10 up 1

ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 2

*Basically two default routes would always exist in the routing table. When "track 1" for example (object 1, which is SLA 99, IP 10.0.8.1) fails to respond a ping, default route 0.0.0.0 0.0.0.0  through 192.168.2.2 is deleted.

so when for example DNS server 10.0.8.2 fails, the following occurrs:

The EIGRP route to 10.0.8.2 is immediately deleted, and there are now no routes to 10.0.8.2.

This is the object being tracked with the track 2 command; it tracks reachability to IP SLAs object 100, which is an ICMP echo to 10.0.8.2.

After about 10 seconds, the value specified in the delay command, the static default route via 192.168.1.2 (R2) is deleted.

My questions are:

1. Why all this mess with SLA, what traffic the author wants to route to another ISP, the whole traffic?

2. If the routing is dynamic, there should be no need to implement SLA, when a connectivity to 1st DNS fails and the EIRGP route is deleted, while a second /32 EIGRP route toware 2nd DNS still exists, it will be used, so the logic is already here, no need to implement additional logic with SLA.

3. Lets say I have many EIRGP routes from ISP1 and for some reason it is not working well, so setting a 0.0.0.0 0.0.0.0 default route through ISP2 would not change anything, since the routing occurrs at the longest match and my default route will not be used, since all the EIRGP routes still point to ISP1, so they are still being used.

Can anyone explain me the meaning of this exercise? I am struggling to understand it, but unfortunately cannot find any sense in it...

Thanks a lot!!!

Labels:
0 Helpful
6 Replies 6

Bilal Nawaz
VIP Alumni
VIP Alumni

‎04-28-2013 01:41 PM

Hello, I think SLA's may be required.. Lets think about it, you have EIGRP running between R1, R2 and R3, but they have no knowledge of the DNS existing or not. Anything past that 'cloud' is unknown, hence you need the probes to probe at the servers.

Everything might be all up and working within the routed environment, but we cant be certain of anything past that. Unless DNS servers were participating in routing protocols which i doubt.

If reachability of the DNS goes down - there is a good possiblity that the internet connection is gone down too. Even though the link to the ISP routers might remain 'up'

Therefore we use SLA and track to remove the 'invalid' route from the routing table (since we cant get out to the internet), as probe of ICMP would have detected that reachability is gone. Then your other default route would be used for all connections and routes.

You have two static default routes out. Since the metric/AD is the same (1) then they will be balanced I think. So it is important not to blackhole any outbound traffic, and stop using the default route that doesnt actually work.

hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎04-28-2013 07:17 PM

I am with Bilal on this one. Baiscally the set up you describe above is based on the fact that R3 does not communicate any dynamic routing with either of the ISP's routers.  R3 is simply using a static default routes (with identical metrics for some reason). to send traffic to the outside world. static routes are what they say they are; static. they will always be in the routing table.  SLA Tracking can make them "dynamic" again.

so the answer to your questions would be:

1. correct assume it is, for the reason I have given.

2   you are correct in case you communicate with your provider using EIGRP in this case, by using a dynamic routing protocol between you and your provider is not always happening. But if you do, you are right, you wont need and IP SLA

3.  you are correct, if you receive specific routes from an upstream router that would there for not match the default routes, it will route via ISP1. If ISP1 had an upstream problem with some of the advertised subnets, then that is an upstream problem, even IP SLA's wont fix that.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Vadym Belyayev
Level 1
Level 1
In response to Dennis Mink

‎04-28-2013 08:58 PM

Thank you very much Dennis and Bilal!!!

2 minutes ago I started typing my answer, but during the typing I think I understood everything.

My confusion was that for some reason I thought that I had to add another default route first to both ISPs, so my SLA could ping and therefore start working, but having two static (to make SLA reach the destination via IP) and default routes made no sense to me..

Now I understand that I have to only add a static route pointing to the DNS server ONLY and another default 0.0.0.0.0 route to carry all the other traffic..

Dont know why I did not understand this before...

Am I correct?

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Vadym Belyayev

‎04-28-2013 10:25 PM

I have a different take on this.
From R3s point of view, it should have two exit paths right?
Through ISP 1 and ISP2.
Lets forget about the DNS for now.

So... We have two default routes out. If one of them fails, the other one should take over, right?

Lets go through two scenarios.

1) everything is 'up' and working
R3 and two static default routes out. It is load balancing between both of them. So some traffic goes through ISP1 and some through ISP2.

So this is all good BUT let's take scenario 2

2) ISP 1 fails. The link to the ISP router remains up, but the ISP router itself can't get out to the Internet an the DNS. Therefore we can't get out on R3 through ISP 1 either....
But you still have a static route pointing out to ISP1!!!
So my traffic that I'm generating from the LAN, if I decided to go to google.com and R3 decides to use the route towards ISP1 my web browser will not load right? Because the Internet is down. So what's the point of having two ISPs when the whole process is not intelligent enough to provide me with resilience when I have two ISP links.

Lets take scenario 3

3) we have configured SLA and tracking. I'm browsing on the LAN just off R3... Everything works.
But all of a sudden the Internet stops working in ISP1.
R3 still has two default routes at this stage, remember it will be using both of them like before! I am one of the unlucky users in the branch office. I am unable to browse the Internet! (This is the black hole!!)

R3 has decided to send me up towards ISP1. Since its still active in the routing table.
At this point the icmp will fail! Because Internet is down. But 10 seconds or so later, the default route towards ISP1 is taken out of the routing table. The only path left is ISP2!

There I am going mad pulling out my hair, trying to open another browser - all of a sudden it starts working again!

Why? Because R3 has only one working route out to the Internet. Through ISP 2. It has taken the 'bad' route out because of the SLA.

When Internet is restored in ISP1 then they will be load balanced again.

You do not need specific routes for DNS, the solution that is in the book is perfect.

The only way for us to actually work out whether or not the Internet is UP and working is to probe DNS as it is out there through the Internet. This is the I only beneficial reason I can think of as to why we would be probing DNS. And it does make sense, right?

With this, we apply some intelligence to R3 so it knows whether to take a route out of the routing table or not. Almost a dynamic feel to it all.

You may have eigrp with more specific routes, and if it has routes to DNS, and connectivity is lost, then eigrp should converge and take the specific route out. Then we lose the route and no longer know how to get there.

This has nothing to do with the default routing since both of our default routes are static. It just helps us determine when to take out either of the static routes.

Hope this explains better.

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Vadym Belyayev
Level 1
Level 1
In response to Bilal Nawaz

‎04-29-2013 06:33 AM

Bilal,

This was also my point, that I did not need to install 2 static routes toward my DNS servers, prior to the setting up IP SLA.

But it doesn´t work like the book says.

These default routes are not installed in the routing table after you type "ip route 0.0.0.0 0.0.0.0 192.168.1.1 or 2.1 track1/2", because there is no L3 connectivity still.

IP SLA to work and to install its 0.0.0.0 route into the routing table, needs to have L3 connectivity with DNS servers to perform its ping and based on the successfull response install the default routes, without this, the routing table won´t have anything.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Vadym Belyayev

‎04-29-2013 11:02 AM

Yes of course, you are correct.

So are we saying that, ISP 1 and ISP 2 do not know how to get to the DNS servers? or is it that they do know, but R3 doesnt know how to get to them?

I thought that EIGRP was advertising them?

Do you have a running config and a show ip route that I can look at on R3 please?

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents