Route-map redirecting and failover

Unanswered Question
Feb 24th, 2010

Hi.


I am trying to determine how I can configure a route-map policy to failover from one next-hop ip to a different next-hop ip if the first one goes down. I have a specific application that accesses remote servers over the backup ISP connection. I tell it to go via the backup ISP using a route-map policy. See config below.


int fa 0/0
description Inside
ip address 172.21.21.1 255.255.255.0
ip policy route-map ISP2-Redirect


int se 0/0
description ISP1
ip address 10.10.1.1 255.255.255.0

int se 0/1
description ISP2
ip address 10.20.2.1 255.255.255.0


ip access-list extended ISP2-Redirect-Match
permit ip 172.21.21.0 0.0.0.255 10.0.0.186 0.255.255.0


route-map ISP2-Redirect permit 10
match ip address ISP2-Redirect-Match
set ip next-hop 10.20.2.2


However, if the connection to 10.20.2.2 fails, how can I configure the route-map policy to send the traffic over ISP1?


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 02/24/2010 - 14:59

dosejam327 wrote:




ip access-list extended ISP2-Redirect-Match
permit ip 172.21.21.0 0.0.0.255 10.0.0.186 0.255.255.0


route-map ISP2-Redirect permit 10
match ip address ISP2-Redirect-Match
set ip next-hop 10.20.2.2


However, if the connection to 10.20.2.2 fails, how can I configure the route-map policy to send the traffic over ISP1?


Any ideas?


Add the second next-hop to the first one ie.


set ip next-hop 10.20.2.2 10.10.1.2


because these are serial links you should not need to use IP SLA to track the availability of the next-hop. If the next-hop ie. 10.20.2.2 and 10.10.1.2 could go down but your serial interface could stay up then you will need to look at IP SLA.


Jon

David Rosener Wed, 03/03/2010 - 13:56

I have been looking into our issue here and I think I understand it enough to go into more

detail. We currently use an MPLS connection as our primary connectivity to out remote locations. VSAT is our back up in case the MPLS circuit is somehow cut. However we have an application that we want to only use VSAT. We recently diversified our MPLS at our headend with to separate MPLS DS3 circuits going to separate POPs. Attached to one of our edge routers is a DS1 that goes directly to VSAT's home base where they send the signal out over satellite. We will eventually get a 2nd DS1 connected into our other edge router for backup when the first one fails. These DS1's terminate at our local telco who will cut the line over if the 1st one fails. However, there is only one IP address at the VSAT home base. So as our route map stands right now, Edge R1 points to the VSAT IP as the next-hop. Edge R2 points to R1 as the next-hop, which will forward the traffic out to VSAT. What we would like to do is somehow set the preference higher on the DS1 interface on R2 than the connection to R1. The traffic will send data over to R1 as long as the DS1 circuit is down on R2. When R2 notices the DS1 is up (the DS1 on R1 should be down at this point) all the data should go to the DS1 on R2. So I think using an IP address as the next-hop won't allow this to work. Are there any other ways to configure this set up?

David Rosener Thu, 03/11/2010 - 08:27

Not sure if anyone got a chance to read this over since my last post. Still searching for a solution. Please let me know if I need to clarify anything.


Thanks.

Rick Morris Thu, 03/11/2010 - 10:34

At first glance I would have recommended a static route with a metric for failover.  However, it appears you need to set up a PBR, policy based routing, to make this work.  You will need to create ACL's to match the traffic type, then create route-maps to set the function.

Actions

This Discussion

Related Content