03-03-2010 11:07 PM - edited 03-04-2019 07:41 AM
I have an 1811, dual WAN. It's setup to failover properly, based on IP SLA and tracking. Fixed IP (33.33.33.100) with my primary ISP. I'm pinging my primary ISP's default gateway (33.33.33.1) for the tracking object. This works as expected. The problem is that when my primary ISP is experiencing heavy traffic, the gateway often stops responding to pings. The connection is still up, and it still passes traffic. But since I stop getting a response to the ping, my router things the connection is down, and switches to the backup ISP.
This is undesirable.
So I tried changing the ping to a different address (e.g., 44.44.44.1). I also changed the appropriate access-list (PingISP_A).
The pings work. If the primary connection is disabled, the router properly fails over. However, when the primary connection is reconnected, the pings do not start working again. I think this is because the route (ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100) is gone from the routing table at this point. Is there any way to get this working? Am I going about it the wrong way?
Thanks
Current config - works (except for the above issue)
interface FastEthernet0
description ISP_A
ip address 33.33.33.100 255.255.255.0
interface FastEthernet1
description ISP_B
ip address dhcp
ip dhcp-client default-router distance 20
ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100
ip route 0.0.0.0 0.0.0.0 dhcp 20
ip local policy route-map LocalPolicy
route-map LocalPolicy permit 10
match ip address PingISP_A
set ip next-hop 33.33.33.1
set interface Null0
ip access-list extended PingISP_A
permit icmp any host 33.33.33.1 echo
ip sla 111
icmp-echo 33.33.33.1 source-interface FastEthernet0
timeout 1000
threshold 100
frequency 3
ip sla schedule 111 life forever start-time now
track 100 rtr 111 reachability
delay down 30 up 30
03-03-2010 11:30 PM
Hi,
For better IP sla configuration you can use your ISP A router outside ip address as source address for IP SLA configuration.
Moreover, no need to do any ACL,route-map for this.
If the gateway ip is not reachable the the respective routes will be removed from the routing table due to tracking.
To make icmp to be success no need to do any route-map for this and to avoid such a scenario, increase the frequence to bit high and timeout too.
for more info just have a look into this url
http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html
Regards
Karuppu
03-04-2010 12:09 AM
Hi
Thanks for the reply. The problem I'm having is that ISPA's gateway will stop replying to pings, but will still pass traffic. I've seen it stop replying to pings for several minutes at a time, yet I can ping another address on the internet without problem.
03-04-2010 01:04 AM
Hi,
Then this scenario, you can ping the public DNS server 4.2.2.2 from your primary router and make the source interface as your outside ip address/interface.
regards
karuppu
03-04-2010 01:55 AM
Hi
That's exactly what I tried to do. But this is what happens:
primary static IP - 69.x.x.100, gateway 69.x.x.1
ping 4.2.2.2 - success
primary link goes down (legitimately)
ping 4.2.2.2 - no response
track 100 goes from [up] -> [down]
ip route 0.0.0.0 0.0.0.0 69.x.x.1 10 track 100 is removed from the routing table (because of track 100)
primary link comes back online
ping 4.2.2.2 - still no response
BUT, ping 69.x.x.1 works. (works most of the time, except when ISP is under heavy load, which is why I want to use a different address)
It appears that unless IP SLA is pinging something in the same subnet as my gateway, it won't ever "fail back".
03-04-2010 02:35 AM
Hi,
You can set the icmp packet size will bit bit small.By default cisco router takinig the ping datagram size is 100bytes.
under ip sla config request-data-size bytes use this command.hope u wil get success and set 36 bytes as ping datagram size.
I have tested in my network,the ping datagram size we can use from 36 to18024
ROUTER#ping
Protocol [ip]:
Target IP address: 10.70.42.165
Repeat count [5]:
Datagram size [100]: 32
% A decimal number between 36 and 18024.
Datagram size [100]: 36
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 36-byte ICMP Echos to 10.70.42.165, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ROUTER#
Regards
Karuppu
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: