12-30-2008 01:39 PM - edited 03-06-2019 03:11 AM
I have scenario where I have a corporate(HUB) site with multiple remotes(spokes). One remote in particular has it's own internet connection via another carrier and I want to use IP SLAs with policy-based routing to force this site to choose the local/site internet access for primary internet access and use the HUB internet access as a back-up (using BGP with a default route being advertised to the remote).
The issue I am having is that unless I put a default static route in (which negates what I am trying to do) pointing to the other ISP providers router the packets keep going over our MPLS network to get access to the internet.
All normal traffic with known routes learned via BGP and EIGRP (on the LAN) work fine. Just the policy-based routing for the SLA doesn't work.
Below is the part(s) of the config that relate to the IP SLA etc..
***** config starts here *****
track 123 rtr 1 reachability
!
track 124 rtr 2 reachability
!
interface GigabitEthernet0/0
description Remote LAN
ip address 192.168.127.2 255.255.255.0
ip policy route-map Internet_Failover
duplex full
speed 100
!
ip route xxx.59.105.246 255.255.255.255 192.168.127.3
!
ip sla 1
icmp-echo xxx.59.105.246
frequency 30
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo xxx.207.89.41
frequency 30
ip sla schedule 2 life forever start-time now
access-list 101 deny ip any xxx.155.50.0 0.0.0.255
access-list 101 deny ip any 192.168.0.0 0.0.255.255
access-list 101 deny ip any 192.xxx.89.0 0.0.0.255
access-list 101 deny ip any 10.0.0.0 0.0.0.255
access-list 101 deny ip any 172.16.0.0 0.15.255.255
access-list 101 permit ip any any
!
!
route-map Internet_Failover permit 10
match ip address 101
set ip next-hop verify-availability 192.168.127.3 10 track 123
set ip next-hop verify-availability xxx.207.89.41 20 track 124
**** config ends here ******
Any assistance would be greatly apprciated. The IOS is "c2800nm-advsecurityk9-mz.124-15.T7.bin"
12-30-2008 05:07 PM
Kevin,
Open for suggestions?
If you want the local ISP to handle the primary internet services
ip route 0.0.0.0 0.0.0.0 [local_ISP_gateway]
BGP will deliver another Quad_0 with a higher metric so if the local ISP is gone (you have to verify the gateway isn't reachable when the ISP is down, so the ip route above is removed from RIB), your router will use the BGP Quad_0.
If you aren't getting specific routes on the spoke from the hub, then you need to address it with either BGP or static routing at the spoke.
PBR and IP SLA on this scenario will make things way too complicated where you can accomplish a better design with pure routing, unless I'm missing some other requirement.
__
Edison.
12-30-2008 05:41 PM
My appologies. I may have been to vague. I was worried about being to "wordy"
I am not able to run BGP (or any other dynamic routing protocol) with the other ISP router as there is a customer owned Firewall between the 2 remote site routers and the customer is either not able to or un-willing to open up any more access in the FW other than to run ICMP packets (to confirm the local ISP is still a viable route).
I am running eBGP with this remote and the HUB site and a default-route is being learned at the remote via the eBGP. But, the end user wishes to use his local ISP at the remote and fail over to the HUB site dynamically in case the local ISP ckt goes down or is not reachable. That is why I was trying to use Policy-Based routing using SLA's to determine if the other ISP access was still up.
With that being said, if I remove "only" the current default route that I have pointing to the local ISP router (like you mention above) the packets bound for the internet will immediatly stop going thru the other local ISP and will successfully go thru my MPLS cloud through the HUB site to get to WWW.
The wierd part about this is I had it working for a day (using the above application)and verified it with trace routes but then it hasn't worked since. I have tried numerous things since and I am almost thinking its an IOS issue. Before I go thru the trouble of upgrading the IOS I thought I would bounce this off someone at a Tier III type level.
Believe me, I would try other "best practice" methods but my "scope of work" will not allow me. They customer said it worked with the last providers EQ and I even have the old config but it won't pan out for some reason. It may be because they were 3725s with a different IOS but at this point it's hard to tell.
Any assistance you can lend is greatly appriciated.
12-30-2008 07:46 PM
Hi Kevin,
Why dont you go for the static default route to the local ISP with tracking
ip route 0.0.0.0 0.0.0.0 [local ISP next-hop] track XXX
This way you'll use the local ISP and failover to to HUB [because as you said default-route is being learned via eBGP], when the local ISP is no longer reachable. Also you will avoid the use of PBR with object tracking.
HTH
Lejoe
12-31-2008 07:56 AM
Kevin,
Fair enough.
Going back to your configuration...
On the line
set ip next-hop verify-availability 192.168.127.3
Is 192.168.127.3 a Cisco device? If so, does it have CDP enabled? You can see this device via CDP from 192.168.172.2?
The verify-availability option will fail the route-map if the next hop isn't reachable via CDP.
http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi2.html#wp1012541
I recommend removing it if you aren't sure about CDP -and- you are tracking so it seems a bit redundant.
As for the 2nd line
set ip next-hop verify-availability xxx.207.89.41
Is this device directly connected to this router? I don't see it in the config.
Another thing...
if I remove "only" the current default route that I have pointing to the local ISP router (like you mention above) the packets bound for the internet will immediatly stop going thru the other local ISP and will successfully go thru my MPLS cloud through the HUB site to get to WWW.
I'm sorry - you lost me there. Isn't that what you want? To route your internet via the local ISP?
As Lejoe indicated, if you want to conditionally have the static route, you can track it.
HTH,
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide