Tunnel i/f status based on ping response

Unanswered Question
Oct 23rd, 2009
User Badges:

Dear Experts


I have a scenario where by there are a couple of headOffice routers running mGRE to multiple spokes running GRE. Each of the HeadOffice router is connected to a firewall and then onto its internet links (at different HOffice locations)


Is there a way where we can turn the mGRE interface go up/down based on a ping response from a public IP address. The idea is to have the GRE spokes route the internet traffic out the other tunnel interface that terminates on the second HeadOffice router's mGRE tunnel.


So, just to rephrase it, the failover mechanism of internet (outbound) traffic will be based on the status of the GRE tunnel interface.


Any quick response would be greatly appreciated.


Many thanks


Kind Regards

Arav

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aravindhs Fri, 10/23/2009 - 02:59
User Badges:

hi Leo


Thank you for your quick reply. This is what I'm doing now but since its mGRE and there are more than 250 spokes, I was thinking of doing something better than running ip sla on all of them & tracking them from the spokes which i'm doing currently. I was thinking of a way the gre tunnel would be brought up/down and use the gre tunnel keep mechanism to pull the spoke end's tunnel status down alng with it. Many thanks for your reply anyways.


Regards

Arav

Joseph W. Doherty Fri, 10/23/2009 - 04:06
User Badges:
  • Super Bronze, 10000 points or more

Have you considered running a dynamic routing protocol across your mGRE topologies?

aravindhs Fri, 10/23/2009 - 04:21
User Badges:

Hi Joseph,


A dynamic routing protocol won't be possible because this setup is for internet access and hence 0.0.0.0 will need to be advertised from the mgre headend. but, the 0.0.0.0 route is already being used for the mpls vpn through the dialer interface. so im having to policy route all the guest_vlan internet bound traffic onto a tunnel interface.


cheers

arav


Daniel Frey Fri, 10/23/2009 - 12:06
User Badges:
  • Cisco Employee,

EEM can do this for you. Create IP SLA, Track it, have EEM applet take action on the event.


ip sla 1

icmp-echo 192.168.7.2

frequency 15

ip sla schedule 1 life forever start-time now


track 1 rtr 1



event manager applet Tunnel_DOWN

event track 1 state down

action 1.0 cli command "enable"

action 1.1 cli command "configure terminal"

action 1.2 cli command "interface Tunnel 0"

action 1.3 cli command "shutdown"

action 1.4 cli command "end"

event manager applet Tunnel_UP

event track 1 state up

action 1.0 cli command "enable"

action 1.1 cli command "configure terminal"

action 1.2 cli command "interface Tunnel 0"

action 1.3 cli command "no shutdown"

action 1.4 cli command "end"



aravindhs Mon, 10/26/2009 - 06:13
User Badges:

Dan, That's great ! I will try that today and let you know how it works. Looks like this will just do the job.


Many thanks again


Arav

aravindhs Mon, 11/02/2009 - 03:27
User Badges:

Hi Dan


I am back at work and tried this but the event track command doesn't appear to be in there.


I am using - flash:c3825-spservicesk9-mz.124-3g.bin.


RNLI-LBS-internet-EX(config-applet)#event ?

application Application specific event

cli CLI event

counter Counter event

interface Interface event

ioswdsysmon IOS WDSysMon event

none Manually run policy event

oir OIR event

snmp SNMP event

syslog Syslog event

timer Timer event


RNLI-LBS-internet-EX(config-applet)#event track 1 state down

^

% Invalid input detected at '^' marker.


RNLI-LBS-internet-EX(config-applet)#


It would be greatly helpful if you or someone could advise me on how to implement this using event manager.


Many thanks

Regards

Arav

Daniel Frey Mon, 11/02/2009 - 07:08
User Badges:
  • Cisco Employee,

Hi Arav,

Event track was added in 12.4T train. If you need to stay on the current code the event track can be changed to event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Down->Up" for Tunnel_Up and event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Up->Down" for Tunnel_Down.

aravindhs Mon, 11/02/2009 - 09:02
User Badges:

Thank you Dan. I have actually enabled logging. Do I have to do anything in specific to get to generate the %TRACKING... syslog messages ?


-LBS-Internet-Aztw-CE2#sh logg

Syslog logging: enabled (11 messages dropped, 3 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: disabled

Monitor logging: disabled

Buffer logging: level debugging, 20 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled


No active filter modules.


Trap logging: level debugging, 398 message lines logged

Logging to 2.3.232.221 (udp port 514, audit disabled, link up), 8 message lines logged, xml disabled,

filtering disabled


LBS-Internet-Aztw-CE2# sh run | sec logg

logging userinfo

logging buffered 4096 debugging

no logging console

no logging monitor

logging cns-events debugging

ip sla monitor logging traps

logging trap debugging

logging facility syslog

logging 2.3.232.221 --> this very router (as i am not using any syslog servers..)


Its not working at the moment because I don't see any %TRACK.. messages in my logg buffer. Not sure how the matching of syslog patterns will work in your exmaple.


many thanks

Arav


Daniel Frey Tue, 11/03/2009 - 08:13
User Badges:
  • Cisco Employee,

Hi Arav,

Can you post your EEM applet, track statement, and IPSLA policy?


Thanks,

Dan

aravindhs Fri, 11/06/2009 - 03:15
User Badges:

Hi Dan


Thank you for all your help. I have managed to implement this in a different way with the help of a senior personnel. The problem was that there being a default route pointing to the dialer interface at the spoke router, the public internet vlan couldnt get out to the internet using another default route. So, we've implemented a vrf and used mgre tunnels throughout.


But one simple question still remains. How do I get such a syslog message as %TRACKING.... on the log buffer ? It would be nice if you would help me with that answer.


Many thanks for all your help


Regards

arav

Actions

This Discussion