Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
3
Replies

tracking solution?

davistw
Level 1
Level 1

‎12-24-2012 09:03 AM - edited ‎03-07-2019 10:46 AM

I have a problem.

I have 2 security domains seperate by data guards. (See attached drawing)

The data guards pass ICMP ping traffic along with selected scrubbed traffic.

Each data guard injects a ospf route into the routing table that is weighted to send all traffic though the primary unless it is down.

Here is the problem.

If either router A or B fail (but not both) traffic will not pass because the opposite side still thinks it has a route though the primary dataguard.

Ie: if router A fails the traffic on the A side will be routed to to B side but the return traffic on the B side will still think it has a path though the primary because of the injected ospf route and it will go into a black hole. I would have to turn off both A and B in order for traffic to pass correctly though the B side

I am thinking I can do this via route tracking. Am I on the right "track"?

If so how would you set it up?

If not do you have a recommendation as to how I can do it?

Thanks in advance...

dataguard.jpg

Labels:
Preview file
167 KB
0 Helpful
3 Replies 3

rais
Level 7
Level 7

‎12-24-2012 09:35 AM

You can use eBGP across the firewalls and iBGP at each site.

HTH.

0 Helpful

davistw
Level 1
Level 1
In response to rais

‎12-24-2012 09:40 AM

Thanks rais....

The dataguards will not pass BGP traffic and I have no control over them. I am locked into the ospf routes that they inject. What I need is a way to detect that the routes are no longer valid and shut down the interface.

0 Helpful

Abzal
Level 7
Level 7
In response to davistw

‎12-24-2012 10:31 AM

Hi,

I think you can do it with EEM, I've tested and it's working fine.

Here is:

track 10 ip route 172.16.0.0 255.255.255.0 reachability

When route is DOWN:

event manager applet RouteDown

event track 10 state down maxrun 30

action 1 syslog priority warnings msg "Route 172.16.0.0/24 is down, shutting down Interface f0/0"

action 2 cli command "enable"

action 3 cli command "configure terminal"

action 4 cli command "Interface f0/0"

action 5 cli command "shutdown"

action 6 cli command "end"

When a route is UP:

event manager applet RouteUp

event track 10 state up

action 1 syslog priority warnings msg "Route 172.16.0.0/24 is up, enabling Interface f0/0"

action 2 cli command "enable"

action 3 cli command "configure terminal"

action 4 cli command "Interface f0/0"

action 5 cli command "no shutdown"

action 6 cli command "end"

Hope it will help.

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents