how do i configure multiple static routes...

Unanswered Question
Sep 3rd, 2007
User Badges:

hello,


I know i have done this before, but i am having challenges configuring multiple static routes on a router for failover purposes.


I have a a branch network that with some specific branches being able to connect directly to our HQ out of the country while the others connect through one of the branches with the direct link. I want to create failover links to those branches without the direct link to the HQ such that when their link to the HO is no longer available through the particular branch office, they get cut over to another branch office with the same access as the main.

We are on a wide area IP network from a service provider who have put us on a VLAN on their fibre network.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
mohammedmahmoud Mon, 09/03/2007 - 07:54
User Badges:
  • Green, 3000 points or more

Hi,


Doing backup static routes (floating static routes) is achieved by having multiple static routes with different AD (Administrative Distance):


ip route <1st next-hop or outgoing interface>


ip route <2nd next-hop or outgoing interface> 254


The smaller the AD the more preferred the route, the default is 1 and 254 is the largest valid AD.


HTH,

Mohammed Mahmoud.

kelloggs4life Mon, 09/03/2007 - 08:06
User Badges:

Hello Mo'


Thanks for the quick response.

Just so that I am clear, do u think this setup will work without any further configurations on the router.


The network is an enterprise wide area network. It spans across countries. And with what I wanna achieve, I want to believe that by configuring another static route on the routers in question, they will be able to route traffic to the next available route automatically, if the default route fails?


there is also a default route of

ip route 0.0.0.0 0.0.0.0 1.1.1.1 on all the remote branch office routers. Would i need to change this?


Regards,


Femi

kelloggs4life Mon, 09/03/2007 - 08:10
User Badges:

Or do i simply add a second default route with a higher AD being that the initial default route does not have any AD, hence its AD is probably 1???



Regards,


Femi

mohammedmahmoud Mon, 09/03/2007 - 08:13
User Badges:
  • Green, 3000 points or more

Hi Femi,


What kind of WAN technologies are we talking about, if its an overlay (Layer 2 VPN, FrameRelay for example) then all that you'll have to do is configure the backup route on both sides, while if it is a peer-to-peer VPN (Layer 3 MPLS-VPN for example) then you'll need to interact with your provider to adjust your routing across his backbone.


As for the default route, i don't know what it does for you, i mean do you want to backup specific routes or everything, if everything then you'll also have to add another backup default route (and yes its default AD is 1).


HTH,

Mohammed Mahmoud.

kelloggs4life Mon, 09/03/2007 - 10:02
User Badges:

Hi Mo'


The WAN technology in scope here I think is Layer 2 VPN. The reason i think so is cos my service provider does not do any form of routing on my network. They have connected all our branches over their fibre network, and have created a VLAN for all these branches. Hence all routing is done from the remote offices alone. SO i believe we are using the Layer 2 technology, with a mesh kind of network. All i did was to add a secondary IP to the interface that connects to the service providers network and also added the default route with a higher AD.


Now I just did a test, by switching off the router to the main link on the network for the remote offices, but devices still cannot connect to the HO through the secondary default route which i configured on the routers with a higher AD of 20.


As for the default route, yes, I want all traffic to be routed to the next available router which is why i added the second static default route with a higher AD.


AM i doing something wrong or have I omitted something?



Femi

mohammedmahmoud Mon, 09/03/2007 - 10:22
User Badges:
  • Green, 3000 points or more

Hi Femi,


You are right about your WAN technology being layer2. For the floating static route to operate you must make sure that the main route has been removed from the routing table, please make sure that all the routes are pointing to both next-hop and interface simultaneously in order to make sure that the main route will be removed from the routing table (ip route ), and another thing please make sure that you are doing the static routes on both sides.


HTH,

Mohammed Mahmoud.

Richard Burts Mon, 09/03/2007 - 11:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Femi (and Pavlo and Mohammed)


I believe that there is another key point which has not been brought out yet. For the primary static route (default route in this case) to be removed from the routing table the interface through which the static route points must go protocol down. This works easily on point to point serial and similar technologies. It does not work well on Ethernet type interfaces. We do not know for sure which type of interface is used here, but from the description of the provider making a VLAN I am assuming it is Ethernet. Perhaps Fermi can clarify this.


Assuming that the interface is Ethernet then just pointing the static route to a next hop and an interface is not enough. You can lose connectivity to the next hop through that interface but the route will remain in the routing table as long as the interface remains protocol up. Cisco has introduced a feature called Reliable Static Routes with Object Tracking which addresses this issue. This link should give you information to get started with this:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html


If you implement reliable static routes with object tracking I believe that you will get the failover that you want.


HTH


Rick

mohammedmahmoud Mon, 09/03/2007 - 12:08
User Badges:
  • Green, 3000 points or more


Hi Rick,


Totally agree with you, thats what i kind of meant with "you must make sure that the main route has been removed from the routing table", any way what do you think about using SLA:



ip sla monitor 113

type echo protocol ipIcmpEcho


ip sla monitor schedule 113 start-time now

!


track 13 rtr 113

!

track 3 list boolean and

object 13 not

!

ip route 0.0.0.0 0.0.0.0 track 3



BR,

Mohammed Mahmoud.

Richard Burts Mon, 09/03/2007 - 12:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mohammed


You did correctly identify the requirement for the main route to be removed. I felt that your response implied that specifying both next hop and interface was sufficient to assure that the main route would be removed and that is not the case.


I believe that SLA uses the same mechanism of Object Tracking. It probably would work the way that you have suggested here. My impression is that your solution is slightly more complex than the approach described in the link that I posted. But either approach should work.


HTH


Rick

mohammedmahmoud Mon, 09/03/2007 - 12:38
User Badges:
  • Green, 3000 points or more

Hi Rick,


I was still trying to analyze the issue, and you nailed it perfectly as always :)


SLA is used for Enhanced Object Tracking, and i believe that it would be the best option, as the other options is to track interface line protocol or route reachability which i think both are not suitable for the case of the original poster.


BR,

Mohammed Mahmoud.

kelloggs4life Mon, 09/03/2007 - 14:31
User Badges:

Hi Rick/Mo',


My goodness, both of you are amazing! From the look of things, I am sure this aint your first or second time of crossing paths but i guess its a good thing. Brings out the best in all of us, i guess.


Rick, you are right, we are using fast ethernet interfaces in this case.


I have closed for the day and there is some form of maintenance that is being carried out at ma office all night long. But I will cetainly try out both your suggestions - SLA and Reliable Static Routing using Object Tracking. I will definitely get back to you both once I am done configuring and testing tomorrow.


Once again, thanks a lot u 2 for ur contributions. I really appreciate it and I hope I will be able to help with ma little experience in the near future.


Regards


Femi

Richard Burts Mon, 09/03/2007 - 18:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Femi


Yes Mohammed and I cross paths with some frequency on the forums. And I do think that it is a good thing. The forum has many talented participants and each has a point of view that may be different from others. I believe that the collective effort which utilizes the multiple points of view will frequently arrive at the optimum solution.


I believe that either of the approaches (Reliable Static Routes with Object Tracking or SLA) could work for you. Give them a try and choose the one that seems best for your par5ticular circumstance. And please keep us updated with what happens.


HTH


Rick

mohammedmahmoud Mon, 09/03/2007 - 23:56
User Badges:
  • Green, 3000 points or more

Hi,


Actually, i've learned a lot from Rick, he is one of the pioneer experts on this forum, and i do value his opinion and guidance always, and i appreciate his professional feedback, and i really hope that the efforts of all the contributers in this forums would make it the best ever.


Now to the main issue, please take care to adjust the following when trying SLA, in order to reflect the outage in a nice time:


ip sla monitor 113

type echo protocol ipIcmpEcho

timeout 1000 > (default 5000) <<< msec - PLEASE TAKE CARE

frequency 3 > (default 60 - frequency can't be less than timeout)



HTH,

Mohammed Mahmoud.

kelloggs4life Tue, 09/04/2007 - 09:48
User Badges:

Hi Rick/Mo',


Thanks again for your contributions. I sure will give both options a try and definately get back to you in due course.


I am reading up on Static Routes with Object Tracking at the moment.


But with regards the SLA config that you stated here Mo', what does the timeout command imply? Is it complete by just putting in


timeout 1000 > 5000

frequency 3 > 60


Are these two commands OK as above? If so or not, can u briefly guide as to the implications of having lower or higher values?

With reference to your earlier posts, i believe the following commands will also be applied:


ip sla monitor schedule 113 start-time now


track 13 rtr 113


track 3 list boolean and object 13 not


ip route 0.0.0.0 0.0.0.0 track 3


Please let me know if any of the above commands are incorrect.


1 more thing, you were saying I had to configure same on the router on the other end?

Is this still the case here?



Regards


Femi

mohammedmahmoud Tue, 09/04/2007 - 10:05
User Badges:
  • Green, 3000 points or more

Hi Femi,


You are very welcomed, yes you'll need the following:


ip sla monitor 113

type echo protocol ipIcmpEcho

timeout 1000

frequency 3



ip sla monitor schedule 113 start-time now

!


track 13 rtr 113

!

track 3 list boolean and

object 13 not

!

ip route 0.0.0.0 0.0.0.0 track 3



As for these commands:


timeout 1000

frequency 3


They mean try 3 ICMP echoes with timeout 1 second, the reason i recommended these values is to fast reflect the failure as the default values are frequency = 60 and timeout = 5000(msec) which won't reflect the failure as fast as required.


Static routing must be accomplished on both ends (as routing is a bidirectional process), and thus you must make sure that the packets can go and come back over the path.


HTH,

Mohammed Mahmoud.


kelloggs4life Tue, 09/04/2007 - 10:32
User Badges:

Hi Mo',


I guess the command below configures static routing on the remote router already:

!

ip route 0.0.0.0 0.0.0.0 track 3


I believe implies the next hop router IP that is contacted in the case of a failure of the link to the main router. Also, I guess there is no need to increase the AD on this route since it is using SLA?


But to configure static routes on the destination/backup router may not be needed as the destination router also runs on OSPF and is part of the enterprise wide network hence automatic routing should be done without necessarily adding any more static routes. But if you think this will still not work, then i guess i will configure a static route with a higher AD on the destination router as well.


I tried a basic static route config on the remote router to a backup router and then shut down the main router just to test, I didnt get the desired result, some applications worked while others didnt. Although, this was just achieved by adding secondary IP on remote router's WAN interface and also adding a static route pointing to another router that could route to the desired destination. This router of cos is on the same WAN with an IP on the same range as the secondary IP configured on the remote router.


So to achieve the static route config on the next hop router, the route must have a higher AD so as not to conflict with the main route in the case the main link is still available?

Actions

This Discussion