Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4968
Views
0
Helpful
10
Replies

IP SLA tracking IP on the internet

Go to solution
egilles123
Level 1
Level 1

‎07-21-2016 05:58 PM - edited ‎03-08-2019 06:43 AM

I have a simple scenario where I'm doing IP SLA for failover.  See attached diagram

I have an MPLS and internet circuit. All internal traffic goes over the MPLS and the default route goes over the internet. In the event the internet traffic fails I want to fail over to the MPLS but not the just interface I want to track an external IP, for ex 8.8.8.8. Everything works when the IP is reachable and when the IP is not reachable the route gets withdrawn as expected but when the IP becomes reachable again tracking doesn't see it and therefore the route doesn't back installed. The reason why the route doesn't installed because it relies on the default route to get to 8.8.8.8 in the first place. What else can I do to make this scenario work. The reason I don't use the the next hop IP for the ISP is because there's actually a L3 FW between the internet and my internet router and that doesn't tell me if the internet is actually down. Any recommendations.

ip sla monitor 1
type echo protocol ipIcmpEcho 8.8.8.8
frequency 5
ip sla monitor schedule 100 life forever start-time now

track 1 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 10.1.1.1 track 1

Labels:
Preview file
42 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to egilles123

‎07-22-2016 02:49 PM

Hi

Yes this is what I mean, except the 1st acl. I mean you will use this acl on your PBR config. When I said filter this loopback, I was more thinking to allow only icmp from loopback to 8.8.8.8 on the firewall (just to control the traffic from that loopback)

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎07-21-2016 07:05 PM

Hi

When ISP 1 goes down you have internet reachability from MPLS right?

What I would do on that particular design is:

- create a loopback on your router that should have access to internet (maybe you can filter and say that this loopback as only icmp access on 8.8.8.8)

- create an acl and route-map for PBR. I mean define in PBR the next hop as your firewall when a ping is initiated from this loopback to 8.8.8.8

- modify your ipsla by addind the source ip that would be your loopback

this is quite simple to do and you force a particular ip to track 8.8.8.8 by always passing through the right path to check if your ISP is UP or DOWN.

 

Am I understood correctly your issue?

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
egilles123
Level 1
Level 1
In response to Francesco Molino

‎07-22-2016 05:50 AM

The plan is to have internet access through MPLS. See the updated attached diagram.

Let me see if I follow this. 

- create a loopback on your router that should have access to internet (maybe you can filter and say that this loopback as only icmp access on 8.8.8.8

access-list 100 permit icmp 2.2.2.2 0.0.0.0 8.8.8.8 0.0.0.0

- create an acl and route-map for PBR. I mean define in PBR the next hop as your firewall when a ping is initiated from this loopback to 8.8.8.8

route-map IPSLA permit
 match ip address 100
 set ip next-hop 10.1.1.4

int f0/0
 ip policy route-map IPSLA

- modify your ipsla by adding the source ip that would be your loopback

ip sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 source-ipaddr 2.2.2.2
 frequency 5
ip sla monitor schedule 1 life forever start-time now

ip route 0.0.0.0 0.0.0.0 10.1.1.1 track 1

Is this what your thinking. I'll test this out shortly.

Preview file
40 KB
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to egilles123

‎07-22-2016 02:49 PM

Hi

Yes this is what I mean, except the 1st acl. I mean you will use this acl on your PBR config. When I said filter this loopback, I was more thinking to allow only icmp from loopback to 8.8.8.8 on the firewall (just to control the traffic from that loopback)

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
egilles123
Level 1
Level 1
In response to Francesco Molino

‎07-22-2016 03:21 PM

Not sure if I understand. Can you write out the ACL and PBR that you think I should implement. Traffic is already allowed through on the firewall.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to egilles123

‎07-22-2016 04:39 PM

Sorry. Acl is correct. I was talking about filtering on firewall to allow 2.2.2.2 to only access 8.8.8.8 if you want.

you need to apply pbr on the interface facing mpls.

thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
egilles123
Level 1
Level 1
In response to Francesco Molino

‎07-23-2016 10:16 AM

I was able to get this working by using a local policy route and route map that points the next hop for sla to another IP that's another subnet. When using set ip next hop in a route map you have to specify the recursive key word if its another subnet or else it doesn't work. Thanks for your help

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to egilles123

‎07-23-2016 10:59 AM

Nice to hear that. 

You're very welcome


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
ahmedshoaib
Level 4
Level 4
In response to egilles123

‎07-23-2016 11:00 AM

Hi;

Try it what I mentioned you in my previous post, HSRP with IP SLA.

Thanks 

0 Helpful

Go to solution
ahmedshoaib
Level 4
Level 4

‎07-22-2016 05:23 PM

Hi;

You can achieve this via HSRP with IP SLA.

Configure the HSRP b/w both routers (internet & MPLS) with virtual ip add 10.1.1.1. On Internet Router you need to call IP sla in HSRP tracking.

 

Internet RTR:

ip sla monitor 1

type echo protocol ipIcmpEcho 8.8.8.8

frequency 5

ip sla monitor schedule 1 life forever start-time now

 

track 1 ip sla 1 / track 1 rtr 1 (depend on IOS)

 

Int G0/0

ip add 10.1.1.X 255.255.255.0

 standby 1 ip 10.1.1.1

 standby 1 priority 150

 standby 1 preempt

 standby 1 track 1 decrement 60

no shut

 

 

MPLS RTR:

Int G0/0

ip add 10.1.1.X 255.255.255.0

 standby 1 ip 10.1.1.1

 standby 1 preempt

 no shut

 

L3 Switch:

ip route 0.0.0.0 0.0.0.0 10.1.1.1

Thanks 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to ahmedshoaib

‎07-23-2016 10:03 AM

Hi

Yes this was the right solution if subnets between his L3 switch and MPLS and firewall was the same but I'm not sure.

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents