I am considering a PBR solution for a 4500 series switch to selectively forward packets to a directly connected Cisco WAAS box. I need to know how PBR will detect if the next hop (WAAS) is unavailable in failure scenarios. My research shows that the verify-availability parameter is not yet available for the 4500. I need to know that packets are not going to be dropped if the WAAS fails
set ip next-hop a.a.a.a
if a router has arp entry in ARP cache for a.a.a.a then it will forward traffic to a.a.a.a.
if the arp entry in ARP cache for a.a.a.a expire then the router will stop forward traffic to a.a.a.a.
I tested it in a lab.
I shutdown the next-hop router and clear ARP cache on the local router. The ARP cache for a.a.a.a therefore expires. However the router continues to forward traffic to the PBR next-hop a.a.a.a despite not getting ARP reply from the next-hop router. You can observe the behavior by doing "debug ip policy" and "debug arp" (see below):
*Mar 28 18:57:56.309: IP: s=18.104.22.168 (GigabitEthernet1/0), d=22.214.171.124, len 100, FIB policy match
*Mar 28 18:57:56.313: IP: s=126.96.36.199 (GigabitEthernet1/0), d=188.8.131.52, len 100, policy match
*Mar 28 18:57:56.317: IP: route map TESTPBR2, item 10, permit
*Mar 28 18:57:56.317: IP: s=184.108.40.206 (GigabitEthernet1/0), d=220.127.116.11 (GigabitEthernet2/0), len 100, policy routed
*Mar 28 18:57:56.321: IP: GigabitEthernet1/0 to GigabitEthernet2/0 172.16.23.3
*Mar 28 18:57:56.325: IP ARP: sent req src 172.16.23.2 ca03.0b74.0038,
dst 172.16.23.3 0000.0000.0000 GigabitEthernet2/0
*Mar 28 18:58:00.301: IP ARP throttled out the ARP Request for 172.16.23.3
Please comment if you tested otherwise.
What IOS is running on the 4500? You could try configs similar to these...NOTE: Apparently Cisco has decided consistency on these features is not important across IOS boundaries, so you will probably have to question mark it until you figure out the exact configuration required.
ip sla monitor 1
type echo protocol ipIcmpEcho 18.104.22.168
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 22.214.171.124
ip sla monitor schedule 2 life forever start-time now
track 1 rtr 1 reachability
track 2 rtr 2 reachability
route-map NEXT-HOP-FAIL permit 20
set ip next-hop verify-availability 126.96.36.199 1 track 1
set ip next-hop verify-availability 188.8.131.52 2 track 2
ip policy route-map NEXT-HOP-FAIL
You may have to use the "rtr" command instead of sla, depending on IOS. Just question mark it out and get something similar to what I have above. You can tweak threshold etc. to match topology, depending on interface types.
in cat4500-entservicesk9-mz.122-52.SG.bin on 4506 V-10GE
the command set ip next-hop verify-availability not available
please share the another solution thank you.