09-03-2014 05:46 AM - edited 03-07-2019 08:37 PM
I have IP SLA working fine in a HQ branch office where it pings the destination router IP off of a metro-e fiber connection every 20 seconds. If this link goes down it will remove this route since were tracking icmp under 800ms. Then the router will fall back to a route with a higher AD which points to a tunnel interface that is working fine over a 4G cellular connection.
My question is, would the router at the other end need a similar IP SLA tracking statement, or would it just realize the traffic is now coming over the tunnel and route over the tunnel?
I'm doing it this way because the ISP has fast Ethernet hand-off and 99.9999% that is always "up" but that doesn't necessarily mean fiber could be cut or the switch at the CO could go down, etc... Were also fairly small so haven't implemented routing protocols.
I would like to save the money from buying the (now replaced) DATA+WAAS licence for the other endpoint's 2911. I can't buy just the DATA licence anymore, only the more expensive combination licence is available now. The source side is a 2811 before the licencing madness, or maybe we bought it with more functionality (was installed before my time). At least the DATA licence is needed for IP SLA in a 2911, which means spending money.
09-04-2014 12:51 AM
Hi Keith,
This way you can control outgoing traffic, but to route reverse traffic via tunnel, you need to have similar arrangement on the provider side. When your link with ISP goes down, or layer3 connectivity broken, ISP should stop advertising your lan network to internet and the other router(where tunnel is terminating) should starts attracting reverse traffic.
--Pls dont forget to rate helpful posts--
Regards,
Akash
09-04-2014 07:25 AM
Ok because I have a 2811 router here and a 2911 router at another location.
IP SLA is configured on the 2811 here. But the 2911 does not have IP SLA commands besides responder, therefore I have to purchase a licence which cisco no longer sells just the DATA licence now... you have to buy DATA+WAAS which is about $200 more (according to my reseller).
Anyway if I SHUT the primary interface down on the 2811 here, IP SLA can no longer ping the primary interface at the other site so it correctly removes those routes in that track and if fails back to an alternate route I have installed with a higher AD. This route goes across the tunnel. The routers can talk to each other but the 2911 at the other end cannot talk back to my core switch in my headquarters. So I think that end is trying to come over the traffic that is shut on the 2811 here. If I put IP SLA on that other side it would obviously see no ping response and alter the routes accordingly.
I guess I have no choice but to spring for the licence addition to our 2911 ip base routers.
09-04-2014 08:35 AM
you can do two parralel GRE tunnel from 2811 to 2911
and you can do two static routes throw tunnels with bigger metric in 4G tunnell
in case one tunell fals all traffic will go throw existing tunnel
tunnel throw 4G you already have.
and dont forget to rate post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide