Reliable Static Routing with IP SLA

(Rene Molenaar) #5

Hi Adriana,

When the main interface goes down, do you see it being removed from the routing table?

Is the router able to reach 190.yy.yy.20? Is there any other default route that has a better AD than 10 which prevents it from being installed?

Rene

0 Likes

(system) #6

Hi Rene,
I was testing a similar scenario and the below logs started to appear:

*Mar  1 02:04:33.427: %TRACKING-5-STATE: 1 rtr 5 state Up->Down
*Mar  1 02:04:39.427: %TRACKING-5-STATE: 1 rtr 5 state Down->Up
*Mar  1 02:07:43.427: %TRACKING-5-STATE: 1 rtr 5 state Up->Down
*Mar  1 02:08:19.427: %TRACKING-5-STATE: 1 rtr 5 state Down->Up
*Mar  1 02:10:03.427: %TRACKING-5-STATE: 1 rtr 5 state Up->Down

I have configured a static route towards the router which I need to monitor and also have enabled object tracking. Could you please let me know, what could be cause of these logs…

0 Likes

(Rene Molenaar) #7

Hi Shwetha,

If you look at the IP SLA statistics, do you see a lot of failures? Maybe the timeout is too low so the ping doesn’t make it back in time.

Rene

0 Likes

(system) #8

hi Rene,

One could implement this with two backup routes? Suposing i have two different ways to get to a branch location through ISP1 and another way through ISP2.

Thanks for your response!

0 Likes

(system) #9

Great article, helps me understand IP sla. When would this be used as opposed to ip sla with pbr?

Also how quick does the backup kick in? Wouldn’t using a routing protocol such as OSPF provide the same thing?

0 Likes

(system) #10

Hi Rene,
Fantastic article. This is the senerio I am trying. I have a site that is using a primary link as MPLS and a secondary backup link as VPN (IPsec site-to-site). Due to some erformance issues I would like to change the primary as the VPN and keep the MPLS as the backup. In my case I have a Fortigate Firewall at one site where the MPLS and VPN links terminate and at my head office I have a Core switch where the MPLS terminates and another fortigate where the VPN terminates. I have decreased the Administrative distance on the Fortigates to 18 so that it is lower than BGP 20. Now the VPN is the primary link but when I simulate a outage to the VPN the track routes are still in place hence the link never really fails over to the MPLS. Any pointers would be greatly appreciated.

0 Likes

(Rene Molenaar) #11

Hi Ian,

Static routes will send ALL traffic for a certain prefix in a certain direction. It doesn’t care what kind of traffic it is…PBR (Policy Based Routing) lets you change the next hop IP address for specific traffic, for example something that matches an access-list.

The “backup” time depends on the timers that you configured for IP SLA.

For your internal networks, OSPF is a good solution because it will automatically deal with failed links and such. IP SLA + Static routes however can be useful for the edge of your network. Imagine you have two ISPs and you want to check if ISP1 is reachable and if not, you can switch to ISP2.

Rene

0 Likes

(Rene Molenaar) #12

Hi Andrés,

Yes that would be a good scenario to use this solution.

Rene

0 Likes

(Rene Molenaar) #13

Hi Mac,

On which device you are still seeing these routes? On the Cisco switch?

Rene

0 Likes

(system) #14

I have a branch that is connected to the datacenter via MPLS (using EIGRP) and a backup link(floating static) via ezvpn. Most times when MPLS fails the failover doesn’t kick in immediately until we have to unplug the MPLS cable from the router port.

Is there anyway I can configure IP SLA to make the failover kick in immediately without unplugging the cable or rebooting the router?

0 Likes

(Rene Molenaar) #15

Hi Area,

Does your static route have object tracking like I did in my example? That should kick in immediately. Without it, the static route remains in the routing table unless the interface is down. If you enable a debug, do you see object tracking failing once the MPLS link is down?

Rene

0 Likes

(system) #16

very informative . well done man.

0 Likes

(ALFREDO V) #17

Question:
How will it work the example above plus having OSPF configured on R1, SP1 and SP2?.
The question is because the OSPF AD is 110 and static routes are AD 1 and AD 2.
Please advise

0 Likes

(Rene Molenaar) #18

Hi Alfredo,

There’s a trick if you want to use this for a routing protocol. I have a lesson for RIP & IP SLA:

Configuring OSPF to use IP SLA is similar to this.

Rene

0 Likes

(Frades) #19

i cant simulate this one on GNS3, i can simulate all commands except the “track 1 rtr 1”, theres no rtr command in my simulated router, im using Router 7200 version 15.2.
the next command on track 1 is:

interface Select an interface to track
ip IP protocol
list Group objects in a list
stub-object Stub tracking object

is there a same command here? since theres no “rtr” on my next command. thanks !

0 Likes

(Rene Molenaar) #20

I think it’s under IP now, try this:

track 1 ip sla

0 Likes

(Frades) #21

awesome, it works. thanks!

0 Likes

(Will N) #22

Hi Rene,
Is there a way to delay fail-back for more than 30 minutes or some timer to Primary ISP to avoid flapping connections? Or anyway to make it NO FAIL BACK like config?

0 Likes

(Rene Molenaar) #23

Hi Will,

The “track” command has a delay option but it has a maximum of 180 seconds. I think if you want to delay it for 30 minutes that your best bet is a simple script created with EEM.

Rene

0 Likes

(Sahar H) #24

Hi rene,

From your experience when you use bfd protocol over ip-sla and the opposite?

0 Likes