Route-map redirecting and failover

David Rosener · ‎02-24-2010

Hi.

I am trying to determine how I can configure a route-map policy to failover from one next-hop ip to a different next-hop ip if the first one goes down. I have a specific application that accesses remote servers over the backup ISP connection. I tell it to go via the backup ISP using a route-map policy. See config below.

int fa 0/0
description Inside
ip address 172.21.21.1 255.255.255.0
ip policy route-map ISP2-Redirect

int se 0/0
description ISP1
ip address 10.10.1.1 255.255.255.0

int se 0/1
description ISP2
ip address 10.20.2.1 255.255.255.0

ip access-list extended ISP2-Redirect-Match
permit ip 172.21.21.0 0.0.0.255 10.0.0.186 0.255.255.0

route-map ISP2-Redirect permit 10
match ip address ISP2-Redirect-Match
set ip next-hop 10.20.2.2

However, if the connection to 10.20.2.2 fails, how can I configure the route-map policy to send the traffic over ISP1?

Any ideas?

Jon Marshall · ‎02-24-2010

dosejam327 wrote:

ip access-list extended ISP2-Redirect-Match
permit ip 172.21.21.0 0.0.0.255 10.0.0.186 0.255.255.0

route-map ISP2-Redirect permit 10
match ip address ISP2-Redirect-Match
set ip next-hop 10.20.2.2

However, if the connection to 10.20.2.2 fails, how can I configure the route-map policy to send the traffic over ISP1?

Any ideas?

Add the second next-hop to the first one ie.

set ip next-hop 10.20.2.2 10.10.1.2

because these are serial links you should not need to use IP SLA to track the availability of the next-hop. If the next-hop ie. 10.20.2.2 and 10.10.1.2 could go down but your serial interface could stay up then you will need to look at IP SLA.

Jon

Marwan ALshawi · ‎02-24-2010

Hi

I think Jon has described the entire concept here

however i will give a link to a document i created here will help you to achieve what you are looking for

https://supportforums.cisco.com/docs/DOC-8313

good luck

if helpful Rate

David Rosener · ‎03-03-2010

I have been looking into our issue here and I think I understand it enough to go into more

detail. We currently use an MPLS connection as our primary connectivity to out remote locations. VSAT is our back up in case the MPLS circuit is somehow cut. However we have an application that we want to only use VSAT. We recently diversified our MPLS at our headend with to separate MPLS DS3 circuits going to separate POPs. Attached to one of our edge routers is a DS1 that goes directly to VSAT's home base where they send the signal out over satellite. We will eventually get a 2nd DS1 connected into our other edge router for backup when the first one fails. These DS1's terminate at our local telco who will cut the line over if the 1st one fails. However, there is only one IP address at the VSAT home base. So as our route map stands right now, Edge R1 points to the VSAT IP as the next-hop. Edge R2 points to R1 as the next-hop, which will forward the traffic out to VSAT. What we would like to do is somehow set the preference higher on the DS1 interface on R2 than the connection to R1. The traffic will send data over to R1 as long as the DS1 circuit is down on R2. When R2 notices the DS1 is up (the DS1 on R1 should be down at this point) all the data should go to the DS1 on R2. So I think using an IP address as the next-hop won't allow this to work. Are there any other ways to configure this set up?

David Rosener · ‎03-11-2010

Not sure if anyone got a chance to read this over since my last post. Still searching for a solution. Please let me know if I need to clarify anything.

Thanks.

Rick Morris · ‎03-11-2010

At first glance I would have recommended a static route with a metric for failover. However, it appears you need to set up a PBR, policy based routing, to make this work. You will need to create ACL's to match the traffic type, then create route-maps to set the function.

udohsamson · ‎07-19-2020

i do not know if this post has been closed. but what you want to achieve could be done using IP-SLA. i recently setup something similar to this in my office too.

1. on Edge R2 create an IP-SLA to monitor DS1

2. create a track object for the SLA

3. apply it to your route.

i hope this helps.

paul driver · ‎07-19-2020

Hello

@David Rosener wrote:

However we have an application that we want to only use VSAT

Your OP does suggest policy routing would be applicable - However can confirm you if you do require all users to reach an certain application to be routed via a specific path of each edge rtr (DS1 VSAT) other then the default path DS3 and what routing process do you have running?

Attached is a possible example of PBR for each edge rtr to use DS1 link as primary for certain traffic and then their related interconnected link as a secondary path and iat last resort their own DS3 interconnect.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul