Dual WAN + PBR + IP SLA works, but there's a problem

Unanswered Question

I have an 1811, dual WAN.  It's setup to failover properly, based on IP SLA and tracking.  Fixed IP (33.33.33.100) with my primary ISP.  I'm pinging my primary ISP's default gateway (33.33.33.1) for the tracking object.  This works as expected.  The problem is that when my primary ISP is experiencing heavy traffic, the gateway often stops responding to pings.  The connection is still up, and it still passes traffic.  But since I stop getting a response to the ping, my router things the connection is down, and switches to the backup ISP.


This is undesirable. 


So I tried changing the ping to a different address (e.g., 44.44.44.1).   I also changed the appropriate access-list (PingISP_A). 


The pings work.   If the primary connection is disabled, the router properly fails over.   However, when the primary connection is reconnected, the pings do not start working again.  I think this is because the route (ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100) is gone from the routing table at this point.   Is there any way to get this working?  Am I going about it the wrong way?


Thanks





Current config - works (except for the above issue)



interface FastEthernet0

description ISP_A

ip address 33.33.33.100 255.255.255.0


interface FastEthernet1

description ISP_B

ip address dhcp


ip dhcp-client default-router distance 20


ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100

ip route 0.0.0.0 0.0.0.0 dhcp 20


ip local policy route-map LocalPolicy


route-map LocalPolicy permit 10

match ip address PingISP_A

set ip next-hop 33.33.33.1

set interface Null0


ip access-list extended PingISP_A

permit icmp any host 33.33.33.1 echo


ip sla 111

icmp-echo 33.33.33.1 source-interface FastEthernet0

timeout 1000

threshold 100

frequency 3

ip sla schedule 111 life forever start-time now


track 100 rtr 111 reachability

delay down 30 up 30

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KARUPPUCHAMY MA... Wed, 03/03/2010 - 23:30
User Badges:
  • Silver, 250 points or more

Hi,


For better IP sla configuration you can use your ISP A router outside ip address as source address for IP SLA configuration.


Moreover, no need to do any ACL,route-map for this.


If the gateway ip is not reachable the the respective routes will be removed from the routing table due to tracking.


To make icmp to be success no need to do any route-map for this and to avoid such a scenario, increase the frequence to bit high and timeout too.


for more info just have a look into this url


http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html


Regards

Karuppu

KARUPPUCHAMY MA... Thu, 03/04/2010 - 01:04
User Badges:
  • Silver, 250 points or more

Hi,


Then this scenario, you can ping the public DNS server 4.2.2.2 from your primary router and make the source interface as your outside ip address/interface.


regards

karuppu

Hi


That's exactly what I tried to do.  But this is what happens:


primary static IP - 69.x.x.100,  gateway 69.x.x.1


ping 4.2.2.2 - success


primary link goes down (legitimately)


ping 4.2.2.2 - no response


track 100 goes from [up] -> [down]


ip route 0.0.0.0 0.0.0.0 69.x.x.1 10 track 100     is removed from the routing table (because of track 100)


primary link comes back online


ping 4.2.2.2 - still no response


BUT, ping 69.x.x.1 works.   (works most of the time, except when ISP is under heavy load, which is why I want to use a different address)



It appears that unless IP SLA is pinging something in the same subnet as my gateway, it won't ever "fail back".

KARUPPUCHAMY MA... Thu, 03/04/2010 - 02:35
User Badges:
  • Silver, 250 points or more

Hi,


You can set the icmp packet size will bit bit small.By default cisco router takinig the  ping datagram size is 100bytes.


under ip sla config  request-data-size  bytes use this command.hope u wil get success and set 36 bytes as ping datagram size.


I have tested in my network,the ping datagram size we can use from 36 to18024


ROUTER#ping
Protocol [ip]:
Target IP address:  10.70.42.165
Repeat count [5]:
Datagram size [100]: 32
% A decimal  number between 36 and 18024.
Datagram size [100]: 36
Timeout in seconds  [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape  sequence to abort.
Sending 5, 36-byte ICMP Echos to 10.70.42.165, timeout is  2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max  = 1/2/4 ms
ROUTER#



Regards

Karuppu

Actions

This Discussion