Failover route

Answered Question
Oct 11th, 2008
User Badges:

OK this may be a simple question. I have a pair couple of sites that have both a TLS fiber and a T1 connection back to the main site and I am trying to get them to fail over just on static routing and it is not working. Both devices are 2811 ISR routers. I have 2 static routes on the router with different metrics and it just won't fail over. Do I have to have a routing protocol like EIGRP or OSPF enabled to have a route failover?

Correct Answer by Edison Ortiz about 8 years 7 months ago

As you've seen from the result of your test, the route does not get withdrawn from the table as the physical interface remains up/up.


You either need to implement dynamic routing protocol on this link (my preferred suggestion) or incorporate IP SLA on this configuration and track the remote IP address for reachability. If the reachability is down, the IP SLA will remove the primary route and the secondary static route will be used.


The following is a good write-up of how this configuration should be done:


http://www.internetworkpro.org/wiki/Bring_down_an_interface_when_IP_SLA_fails


HTH,


__



Edison


Please rate helpful posts


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Sat, 10/11/2008 - 14:32
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If the primary static route next-hop is still remain reachable when the TLS is down, then you won't failover to the secondary static route.


When the T1 is down, try pinging the next-hop address and determine why is still reachable.


Can you please post the portion of the config?


HTH,


__


Edison.

svanguilder Sat, 10/11/2008 - 16:53
User Badges:

Hi Edison,

The TLS is the primary link and the serial/T1 is the backup. The TLS is a fiber link that they hand off to us at layer 2/Ethernet. If I unplug the cable to the fiber/TLS link the ping just goes to no reply and if I try a trace route it goes pretty to the inside interface and then stops. So it doesn't make it to the next hop, I acts like it can't find the other route. If I change the serial interfaces metric to 1 it follows the serial route and not the TLS. I have tried sending it out the interface and not the next hop with same results. The ACL just controls what subnets can access the router and doesn't affect this traffic.


HQ router

T1 interface

!

interface Serial0/0/0

ip address 192.90.30.1 255.255.255.0

ip route-cache flow


TLS

!

interface FastEthernet0/2/0

description Nashwauk

switchport access vlan 21


!

interface Vlan21

ip address 10.254.245.70 255.255.255.252

!

Routes

ip route xxx.xx.177.128 255.255.255.192 10.254.245.69 2

ip route xxx.xx.177.128 255.255.255.192 192.90.30.1 3


Remote router


Serial Interface

!

interface Serial0/3/0

ip address 192.90.30.254 255.255.255.0

TLS interface

!

interface FastEthernet0/1

ip address 10.254.245.69 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1.2

description $ETH-LAN$

encapsulation dot1Q 21

ip access-group 103 in

no snmp trap link-status


Routes

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.254.245.70 2

ip route 0.0.0.0 0.0.0.0 192.90.30.1 3

Edison Ortiz Sat, 10/11/2008 - 18:24
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The HQ router has an incorrect address on the next-hop for the secondary route.


It should use 192.90.30.254, not 192.90.30.1


HTH,


__


Edison.

svanguilder Sat, 10/11/2008 - 19:14
User Badges:

I was messing with what I pasted on the my last post and got the wrong info, too happy with the delete key and too lazy to go back and copy it again, my bad. I am at home and connected by rdp to my laptop at work and copying and pasting back and forth from place to place. Here is what is actually in there.


ip route xxx.xx.177.128 255.255.255.192 10.254.245.69 2

ip route xxx.xx.177.128 255.255.255.192 192.90.30.254 3

Edison Ortiz Sat, 10/11/2008 - 19:23
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Please post the output of show ip route from both devices while the TLS is up and down.


__


Edison.

svanguilder Sun, 10/12/2008 - 03:09
User Badges:

I will have to be at the remote site to get the ip route with the TLS down and that would have to be off hours, but maybe later in the week.


Here is the remote site with the TLS connected. The one thing I am noticing right away is my secondary route is not showing up.

Gateway of last resort is 10.254.245.70 to network 0.0.0.0


C 192.90.30.0/24 is directly connected, Serial0/3/0

xxx.xxx.0.0/26 is subnetted, 1 subnets

C xxx.xx.177.128 is directly connected, FastEthernet0/0

10.0.0.0/30 is subnetted, 1 subnets

C 10.254.245.68 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [2/0] via 10.254.245.70


Here is the HQ and it shows the same thing, no secondary route. This is obviously not the whole route table from the HQ router to many public addresses to edit out.


S xxx.xx.177.128/26 [2/0] via 10.254.245.69

Edison Ortiz Sun, 10/12/2008 - 08:41
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Only the best route will be shown in the routing table. The important output to see is when the TLS is down.


___


Edison.

svanguilder Sun, 10/12/2008 - 09:12
User Badges:

I kinda figured it was something of that sort. Here are the results. I am not sure why the remote site is not seeing the route as down. Unless as longs the link stays up even if the other end is dead it stays up.


OK I remotely shut down FA0/1 on the remote router then it failed over to 192.90.30.1. Not sure if this is going to help if the device it is attached to stays up but the line itself goes down.


Is there any way I can get it to look at the next hop not just if the interface is up?


remote site.

C 192.90.30.0/24 is directly connected, Serial0/3/0

xxx.xx.0.0/26 is subnetted, 1 subnets

C xxx.xx.177.128 is directly connected, FastEthernet0/0

10.0.0.0/30 is subnetted, 1 subnets

C 10.254.245.68 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [2/0] via 10.254.245.70


HQ


S xxx.xx.177.128/26 [3/0] via 192.90.30.254


Here is what I get at the remote site if I shutdown FA0/1


C 192.90.30.0/24 is directly connected, Serial0/3/0

xxx.xx.0.0/26 is subnetted, 1 subnets

C xxx.xx.177.128 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [3/0] via 192.90.30.1

Correct Answer
Edison Ortiz Sun, 10/12/2008 - 15:58
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

As you've seen from the result of your test, the route does not get withdrawn from the table as the physical interface remains up/up.


You either need to implement dynamic routing protocol on this link (my preferred suggestion) or incorporate IP SLA on this configuration and track the remote IP address for reachability. If the reachability is down, the IP SLA will remove the primary route and the secondary static route will be used.


The following is a good write-up of how this configuration should be done:


http://www.internetworkpro.org/wiki/Bring_down_an_interface_when_IP_SLA_fails


HTH,


__



Edison


Please rate helpful posts


svanguilder Mon, 10/13/2008 - 04:54
User Badges:

Thanks for the help guys. I answered my questions on the failover now I just need to go back and make a plan to implement Dynamic routing. We haven't done so yet as we didn't have a need to, but now with the redundant links and it not failing over the way I would like it to there is a need.


Once again thanks for the help.


Scott

Actions

This Discussion