Need solution

Answered Question
Sep 4th, 2010

Hi,

I have configured the IP SLA i my network, now my requirement is I want interface to be down automatically when there is SLA failure, I am looking for the config for the same

Here is present config

config @ A localtion
-----------------

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.2
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability


ip route 10.20.0.0 255.255.0.0 10.255.0.2 track 123
ip route 10.20.0.0 255.255.0.0 Tunnel0 10


Configuration @ B location
-----------------

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.1
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability


ip route 10.10.0.0 255.255.0.0 10.255.0.1 track 123
ip route 10.10.0.0 255.255.0.0 Tunnel0 10

no ip route 10.20.0.0 255.255.0.0 10.255.0.2 track 123
no ip route 192.168.200.0 255.255.255.0 10.255.0.2

ip route 192.168.200.0 255.255.255.0 fa0/2 track 123
ip route 192.168.200.0 255.255.255.0 fa0/2

Regards

Kumar

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 4 months ago

You do not need to add delay unless you are seeing brief intermittent problems in the network, and you'd like to dampen the switch-overs.  The EEM policy must be watching the tracked object, so 123 is correct in this case.

I really do not understand what you're saying for option 2.  A physical interface does not have to go down for an IP SLA collector to timeout.  However, the IP address that you are pinging must only be reachable over one of the interfaces.

Typically, for what you are doing a user will have a router with two outbound interfaces (e.g. two interfaces that connect to the internet).  They ping an IP address in the cloud, but not one with which they typically need to communicate.  When the collector times out, they fail over to the other interface.  If you ping an address that is reachable across both interfaces, then the ping will always succeed, and you will see constant failovers when the IP is not reachable across the primary path.

The problem with the constant failovers is actually bug CSCtf11508.  In 15.1(2)T and later (where this bug is fixed) specifying a source address for your IP SLA collector will mitigate this problem allowing you to specify any IP address to ping.  For example:

type echo protocol icmpEcho 10.255.0.2 source-interface Gi0/0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Sun, 09/05/2010 - 09:40

You could use EEM to do this.

event manager applet shut-intf

event track state down

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int fa0/2"

action 4.0 cli command "shut"

action 5.0 cli command "end"

event manager applet no-shut-intf

event track state up

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int fa0/2"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

sateeshk10 Sun, 09/05/2010 - 21:09

Hi,

Thanks for your prompt response, eem config is fine but here is the my requirement....

Option1: Need to track the remote IP address for reachability. If the reachability is down then interface to be shut down, if rechabilty has restored then again interface to be up(no shut)

Option2:  If reachability is down then remove the route and add the route again vice-versa..

Regards

Kumar

Joe Clarke Sun, 09/05/2010 - 21:32

The EEM applets I posted will take care of Option 1 provided you specify the correct interface.  The catch is that the IP address that you are pinging cannot be reachable when the secondary route is up.  If that is the case, then you can either go with the floating static routes option or the EEM option.

sateeshk10 Sun, 09/05/2010 - 22:31

Hi,

For option 1: Here is the final config..pls validate...

ip sla monitor 1
type echo protocol ipicmpecho 10.255.0.2
timeout 1000
frequency 3
threshold 2

ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability

Do i need add delay ?

delay down 60 up 60  ---> Without this will my present config work?


event manager applet shut-intf
event track 123 state down  --------------> I need to call IP SLA with number ryt ?
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fa0/2"
action 4.0 cli command "shut"
action 5.0 cli command "end"

event manager applet no-shut-intf
event track 123 state up
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fa0/2"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

Option2: As per the connectivty below allways primary interface shows up as  switch to router always shows up if the fibre link got failurealso.. due to this my router never switched over to floating route....

Location A -- Switch --- Fibre -- switch - LocationB

I appreciate your quick reply....

Regards

kumar....

Correct Answer
Joe Clarke Mon, 09/06/2010 - 10:02

You do not need to add delay unless you are seeing brief intermittent problems in the network, and you'd like to dampen the switch-overs.  The EEM policy must be watching the tracked object, so 123 is correct in this case.

I really do not understand what you're saying for option 2.  A physical interface does not have to go down for an IP SLA collector to timeout.  However, the IP address that you are pinging must only be reachable over one of the interfaces.

Typically, for what you are doing a user will have a router with two outbound interfaces (e.g. two interfaces that connect to the internet).  They ping an IP address in the cloud, but not one with which they typically need to communicate.  When the collector times out, they fail over to the other interface.  If you ping an address that is reachable across both interfaces, then the ping will always succeed, and you will see constant failovers when the IP is not reachable across the primary path.

The problem with the constant failovers is actually bug CSCtf11508.  In 15.1(2)T and later (where this bug is fixed) specifying a source address for your IP SLA collector will mitigate this problem allowing you to specify any IP address to ping.  For example:

type echo protocol icmpEcho 10.255.0.2 source-interface Gi0/0

sateeshk10 Wed, 09/08/2010 - 02:26

hI,

I have tried to configure the same in switch, but i haven`t find EVENT TRACK command..any suggestions on IOS? Here is the present IOS details

Switch model: 3550

Version: 12.2(52) SE

SBDC-PROD-CORE1(config)#event manager applet test
SBDC-PROD-CORE1(config-applet)#even
SBDC-PROD-CORE1(config-applet)#event ?
  application         Application specific event
  cli                 CLI event
  counter             Counter event
  identity            Identity event
  interface           Interface event
  ioswdsysmon         IOS WDSysMon event
  ipsla               IPSLA Event
  mat                 MAC address table event
  neighbor-discovery  Neighbor Discovery event
  none                Manually run policy event
  oir                 OIR event
  routing             Routing event
  rpc                 Remote Procedure Call event
  snmp                SNMP event
  snmp-notification   SNMP Notification Event
  snmp-object         SNMP object event
  syslog              Syslog event
  tag                 event tag identifier
  timer               Timer event

-----------------------------------------------------------------

SBDC-PROD-CORE1#sh event manager version
Embedded Event Manager Version 3.20
Component Versions:
eem: (v320_throttle)2.1.50
eem-gold: (v320_throttle)1.0.4
eem-call-home: (v320_throttle)1.0.4
Event Detectors:
Name                Version   Node        Type   
application         01.00     node0/0     RP     
neighbor-discovery  01.00     node0/0     RP     
identity            01.00     node0/0     RP     
mat                 01.00     node0/0     RP     
syslog              01.00     node0/0     RP     
routing             03.00     node0/0     RP     
cli                 01.00     node0/0     RP     
counter             01.00     node0/0     RP     
interface           01.00     node0/0     RP     
ioswdsysmon         01.00     node0/0     RP     
none                01.00     node0/0     RP     
oir                 01.00     node0/0     RP     
snmp                01.00     node0/0     RP     
snmp-object         01.00     node0/0     RP     
ipsla               01.00     node0/0     RP     
snmp-notification   01.00     node0/0     RP     
timer               01.00     node0/0     RP     
rpc                 01.00     node0/0     RP 

pls help me..

Regards

Kumar

Joe Clarke Sat, 09/11/2010 - 17:42

The track ED is not available on Cat3Ks.  You will need to use the syslog ED instead, and match on the TRACKING syslog messages.

Actions

This Discussion