Routing with Metric

Unanswered Question
Mar 15th, 2009
User Badges:

Dear All,

I have Cisco ASA and 4 Routers.

each 2 of the routers is used as main and Backup for each other, All the available ports I have in my ASA to connect to my routers are two.

I suggested to use 1 port of the ASA, plug it in a switch and connect its corresponding 2 routers in the same switch then, to use 2 route commands on the ASA with 2 different metrics ( 10, 200 ) , the 10 for the main and the 200 for the backup.

but, my question is : does this way guarantee that if the main link goes down, the backup route on the ASA will send the packets to the Backup router ( backup link ) ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 03/15/2009 - 05:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Mmajai,


first of all what you call metric is actually Administrative Distance.


>> does this way guarantee that if the main link goes down, the backup route on the ASA will send the packets to the Backup router ( backup link ) ?


Yes but it can take up to 4 hours to detect the primary link failure that is the time the ARP entry for router1 stays in the ARP cache of ASA.


I would suggest you to use a dynamic routing protocol like OSPF:

you can make router1 to advertise a better default route (with a lower seed metric) and router2 a worse default route.


If the primary fails the ASA detects this at the OSPF dead interval timer expiration (40 seconds with default settings) and starts to use the default route with worse higher metric


you can use in routers


router ospf 10

default-information originate route-map setmetric metric-type 1

network 0.0.0.255 area 0


route-map setmetric

set metric 50


on second router you can use:


router ospf 10

default-information originate route-map setmetric metric-type 1

network 0.0.0.255 area 0


route-map setmetric

set metric 500


500 > 50 so R1 def route is preferred



for ASA see


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1094564


the reason is that being the ASA connected to the switch port it cannot detect when a router interface goes down because its interface is still up.

so the default route next-hop is used until a new ARP request is done and fails.


A dynamic routing protocol solves this issue: if the router interface dies the router hellos are not heard and after 4 missed hellos the neighbor is declared dead and the routes learned from it are removed from ospf database and from routing table.


Hope to help

Giuseppe


Actions

This Discussion