×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Policy-based Routing (PBR) with tracking for Catalyst 3xxx switches - A workaround using EEM

Document

Tue, 01/12/2010 - 10:16
Nov 26th, 2009
User Badges:
  • Cisco Employee,

Issue


As per Cisco documentation, the verify-availability (IPSLA) option isn't supported on 3750 switches, and most 3xxx series catalyst switches.


Even though IP SLA is supported as a feature, it's not supported with policy-based routing. You may still use the basic PBR option "set ip next-hop".


Links to confirm issue


Here are links for 12.2(40)SE and 12.2(50)SE, which will help clarify this:


Catalyst 3750 Switch Software Configuration Guide, 12.2(40)SE: Unsupported Commands in Cisco IOS Release 12.2(40)SE

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swuncli.html#wp1060487


Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE: Unsupported Commands in Cisco IOS Release 12.2(50)SE

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139


Workaround


To use EEM Applet with IP SLA to track and make required modifications.


Sample Topology

Sample Topology.png

Sample Scenario


Customer installed a new fiber between the two 3750 switches (R2, R3) and wants traffic from a certain server in site one, going to and coming from site 2, to go over the fiber. (R1 - R4 should go over fiber) as opposed to the MPLS cloud.


However, he has FIDDI converters in between the two switches to terminate the fiber, and so if the link between the two FIDDI converters goes down, the switches ports will be up/up, and line protocol won't go down. So the PBR traffic will get black-holed and not failover to MPLS or any other route in the routing table. Hence, he needed to use the "set ip next-hop verify-availablity" with tracking for that PBR route, in the event that it goes down, the traffic can failover to the MPLS link.


I've simulated the MPLS link by using EIGRP, so those routes are dynamic. I configured IP SLA, and then use event manager to trigger based on the state of the tracking object. If fiber is up, PBR is installed, if fiber goes down, PBR config is removed.


MIB Monitored


We use an EEM applet to track the state of "rttMonCtrlOperTimeoutOccured" object in the CISCO-RTT-MON MIB.
A value of 1 or true is indicative of "timeout" and 2 or false of "OK / reachable".

Note: The IP SLA (NUM) is the last number in the OID; i.e the last digit 1 in "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1"


Sample Config


Applied to R2; mirror config applied to R3


----


access-list 199 permit ip host 192.168.0.30 host 192.168.100.30
!
route-map DTPBR permit 10
match ip address 199
set ip next-hop 172.16.10.2
!
ip sla 1
icmp-echo 172.16.10.2 source-ip 172.16.10.1
timeout 2000
frequency 2
!
ip sla schedule 1 life forever start-time now
!
event manager applet fiberup
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "2" exit-op eq exit-val "1" poll-interval 5
action 1.0 syslog msg "fiberup"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "ip policy route-map DTPBR"
action 3.4 cli command "exit"
!
event manager applet fiberdown
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "1" exit-op eq exit-val "2" poll-interval 5
action 1.0 syslog msg "fiberdown"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "no ip policy route-map DTPBR"
action 3.4 cli command "exit"
exit
!


-----


Links


Tools & Resources: SNMP Object Navigator

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=rttMonCtrlOperTimeoutOccurred


Cisco IOS hints and tricks: Log IP SLA failures
http://blog.ioshints.info/2007/01/log-ip-sla-failures.html

Loading.
Marwan ALshawi Sat, 12/19/2009 - 04:47
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

why you dont creat track for the ip sla you have

and under the EEM make the event as track up or down ?


anyway its interesting one

Gautam Renjen Tue, 01/12/2010 - 10:16
User Badges:
  • Cisco Employee,

Apologies for the late reply.


You are right. Even I configured the first version of this solution as follows::


----

track 1 rtr 1

event manager applet FIBERUP

   event track 1 state up

event manager applet FIBERDOWN

   event track 1 state down

---


However, most switches don't support tracking of an IP SLA. They usually support tracking an interface / route / line protocol etc, but not an RTR object.


That is the reason I didn't include it.


Thanks for asking.

Actions

This Document

Related Content