Tunnel i/f status based on ping response

aravindhs · ‎10-23-2009

Dear Experts

I have a scenario where by there are a couple of headOffice routers running mGRE to multiple spokes running GRE. Each of the HeadOffice router is connected to a firewall and then onto its internet links (at different HOffice locations)

Is there a way where we can turn the mGRE interface go up/down based on a ping response from a public IP address. The idea is to have the GRE spokes route the internet traffic out the other tunnel interface that terminates on the second HeadOffice router's mGRE tunnel.

So, just to rephrase it, the failover mechanism of internet (outbound) traffic will be based on the status of the GRE tunnel interface.

Any quick response would be greatly appreciated.

Many thanks

Kind Regards

Arav

lgijssel · ‎10-23-2009

Changing interface status is not an option but you can use object tracking to route traffic dependant on the ping response.

http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot_ps6441_TSD_Products_Configuration_Guide_Chapter.html

regards,

Leo

aravindhs · ‎10-23-2009

hi Leo

Thank you for your quick reply. This is what I'm doing now but since its mGRE and there are more than 250 spokes, I was thinking of doing something better than running ip sla on all of them & tracking them from the spokes which i'm doing currently. I was thinking of a way the gre tunnel would be brought up/down and use the gre tunnel keep mechanism to pull the spoke end's tunnel status down alng with it. Many thanks for your reply anyways.

Regards

Arav

Joseph W. Doherty · ‎10-23-2009

Have you considered running a dynamic routing protocol across your mGRE topologies?

aravindhs · ‎10-23-2009

Hi Joseph,

A dynamic routing protocol won't be possible because this setup is for internet access and hence 0.0.0.0 will need to be advertised from the mgre headend. but, the 0.0.0.0 route is already being used for the mpls vpn through the dialer interface. so im having to policy route all the guest_vlan internet bound traffic onto a tunnel interface.

cheers

arav

Dan Frey · ‎10-23-2009

EEM can do this for you. Create IP SLA, Track it, have EEM applet take action on the event.

ip sla 1

icmp-echo 192.168.7.2

frequency 15

ip sla schedule 1 life forever start-time now

track 1 rtr 1

event manager applet Tunnel_DOWN

event track 1 state down

action 1.0 cli command "enable"

action 1.1 cli command "configure terminal"

action 1.2 cli command "interface Tunnel 0"

action 1.3 cli command "shutdown"

action 1.4 cli command "end"

event manager applet Tunnel_UP

event track 1 state up

action 1.0 cli command "enable"

action 1.1 cli command "configure terminal"

action 1.2 cli command "interface Tunnel 0"

action 1.3 cli command "no shutdown"

action 1.4 cli command "end"

aravindhs · ‎10-26-2009

Dan, That's great ! I will try that today and let you know how it works. Looks like this will just do the job.

Many thanks again

Arav

aravindhs · ‎11-02-2009

Hi Dan

I am back at work and tried this but the event track command doesn't appear to be in there.

I am using - flash:c3825-spservicesk9-mz.124-3g.bin.

RNLI-LBS-internet-EX(config-applet)#event ?

application Application specific event

cli CLI event

counter Counter event

interface Interface event

ioswdsysmon IOS WDSysMon event

none Manually run policy event

oir OIR event

snmp SNMP event

syslog Syslog event

timer Timer event

RNLI-LBS-internet-EX(config-applet)#event track 1 state down

^

% Invalid input detected at '^' marker.

RNLI-LBS-internet-EX(config-applet)#

It would be greatly helpful if you or someone could advise me on how to implement this using event manager.

Many thanks

Regards

Arav

Dan Frey · ‎11-02-2009

Hi Arav,

Event track was added in 12.4T train. If you need to stay on the current code the event track can be changed to event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Down->Up" for Tunnel_Up and event syslog pattern "%TRACKING-5-STATE: 1 ip sla 1 state Up->Down" for Tunnel_Down.

aravindhs · ‎11-02-2009

Thank you Dan. I have actually enabled logging. Do I have to do anything in specific to get to generate the %TRACKING... syslog messages ?

-LBS-Internet-Aztw-CE2#sh logg

Syslog logging: enabled (11 messages dropped, 3 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: disabled

Monitor logging: disabled

Buffer logging: level debugging, 20 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level debugging, 398 message lines logged

Logging to 2.3.232.221 (udp port 514, audit disabled, link up), 8 message lines logged, xml disabled,

filtering disabled

LBS-Internet-Aztw-CE2# sh run | sec logg

logging userinfo

logging buffered 4096 debugging

no logging console

no logging monitor

logging cns-events debugging

ip sla monitor logging traps

logging trap debugging

logging facility syslog

logging 2.3.232.221 --> this very router (as i am not using any syslog servers..)

Its not working at the moment because I don't see any %TRACK.. messages in my logg buffer. Not sure how the matching of syslog patterns will work in your exmaple.

many thanks

Arav

Dan Frey · ‎11-03-2009

Hi Arav,

Can you post your EEM applet, track statement, and IPSLA policy?

Thanks,

Dan

aravindhs · ‎11-06-2009

Hi Dan

Thank you for all your help. I have managed to implement this in a different way with the help of a senior personnel. The problem was that there being a default route pointing to the dialer interface at the spoke router, the public internet vlan couldnt get out to the internet using another default route. So, we've implemented a vrf and used mgre tunnels throughout.

But one simple question still remains. How do I get such a syslog message as %TRACKING.... on the log buffer ? It would be nice if you would help me with that answer.

Many thanks for all your help

Regards

arav