Routing shift on directly connected routes.

muneeb.ali · ‎05-03-2018

Greetings,

I have L3 switch. On the L3 switch, multiple sites are connected through DPLC with interface vlan 701. Now i want to apply policy based routing based on IP SLA. I want to monitor the DPLC link in case the link is down the route is shifted to firewall and towards internet with IPSec VPN.

Now the challenge is that those specific routes are directly connected.

Diana Karolina Rojas · ‎05-03-2018

Helo good morning,

Sorry but I can't understan why this is a problem, maybe I couldn't understand you very well. But you can make an IP-SLA that uses icmp echo for an ip that is only reachable through that specific router.

Do not forget to rate useful post.

Best Regards,

muneeb.ali · ‎05-03-2018

Let me elaborate the question:

I have four subnets, 10.11.0.0/16, 10.10.10.0/24, 10.10.5.0/24 and 10.10.7.0/24.

The connectivity is like this.

10.11.0.0/16 is subnet of remote site. It is connected over DPLC to central site on a L2 network.
10.10.10.0/24 is subnet of remote site. It is connected over DPLC to central site on a L2 network.
10.10.5.0/24 & 10.10.7.0/24 are subnets of single remote site. It is connected over DPLC to central site on a L2 network.

On our L3 switch at central site, these are connected over Vlan 701.

interface Vlan701
ip address 172.23.0.1 255.255.255.240 secondary
ip address 10.11.1.1 255.255.255.0 secondary
ip address 10.11.2.1 255.255.255.0 secondary
ip address 10.11.5.1 255.255.255.0 secondary
ip address 172.27.0.1 255.255.0.0 secondary
ip address 10.54.1.1 255.255.255.252 secondary
ip address 172.20.200.2 255.255.255.248 secondary
ip address 172.20.200.19 255.255.255.248 secondary
ip address 10.11.6.1 255.255.255.0 secondary
ip address 172.20.200.27 255.255.255.248 secondary
ip address 116.58.21.130 255.255.255.224 secondary
ip address 116.58.62.74 255.255.255.248 secondary
ip address 10.10.10.1 255.255.255.252 secondary
ip address 172.20.3.193 255.255.0.0
no ip redirects
end

Subnets 10.11.0.0/24, 10.10.10.0/24 are directly connected to L3 switch. I want to apply policy based routing on these networks based on IP SLA. However, these are directly connected networks. How can I apply policy based routing in this scenario?

Diana Karolina Rojas · ‎05-04-2018

Good morning muneeb.ali

I think you already can to do this, but like I said in my last response you have to do an ip sla echo to an IP address that is located in the remote side (an SVI from a switch interface for example) an apply de PBR policy in the interface Vlan 701 in your main site, I think your configuration has to be something like this:

!

track 1 ip sla 1 reachibility

!

ip sla 1

icmp-echo 10.10.10.6 source-interface Vlan 701

timeout 1000

threshold 100

frequency 5

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo 10.11.0.6 source-interface Vlan 701

timeout 1000

threshold 100

frequency 5

ip sla schedule 2 life forever start-time now

!

ip access-list standard LAN1

permit 10.10.10.0 0.0.0.255

ip access-list standard LAN2

permit 10.11.0.0 0.0.0.255

!

route-map ISP1 permit 10

match ip address LAN1

set ip next-hop verify-availability 10.10.10.6 1 track 1

set ip next-hop X.X.X.X

route-map ISP1 permit 20

match ip address LAN2

set ip next-hop verify-availability 10.11.0.6 2 track 2

set ip next-hop X.X.X.X

interface Vlan701

ip policy route-map ISP1

I really have never done this, but you can try it in a mantienance windows. Let me know if this works to you.

---Please do not forget to rate/mark useful post---

Best Regards,