Michael

If you look carefully you will see that it is not really 2 default routes but is 1 regular static default route and 1 floating static default route to back up the primary in case it fails. The extra 2 at the end of the second default route is an administrative distance and differentiates the primary static default route from the backup. This is a "good thing" and not a problem.

HTH

Rick

Hi Rick

Cheers, for the swift response and clarification. I was thinking it was possibly that. I have read about floating static routes being used as backup routes in my studies but have never configured them or seen the configured.

I will know in future how they show up in a routing table.

Best Regards & again many thanks,

Michael

Michael

If you have not configured floating static routes or not seen them in configs then they are easy to miss. I am glad that you now have a better understanding of them. It may be helpful to look at the previous posting of show ip route from the GA router (where the floating static is configured) and figure which static is currently in the routing table.

HTH

Rick

Gentlemen,

I think that is the problem. We see amber or warning lights on the p-t-p equipment so that is most likely the issue here. I won't call it a complete victory, but it certainly is the best news I have heard all week.

I will keep you updated next week. I can't thank you enough. A good learning experience for me.

James

I am glad that the discussion has been helpful. It has been an unusual and interesting problem to figure out. Please do update us as you work through the issue.

HTH

Rick

i suspected the firewall.

Hey guys,

A little update for you. We finally got the ISP on the phone and they have been remotely connecting to our smartjacks and cisco routers to help diagnose the problem. One of the things they saw was that the timing between the two routers was out of whack. I don't have much specific info, but how does timing work on these things and more importantly, based on the configs posted earlier, how should we reconfigure timing?

If that makes sense...?

James

A little more detail from them might be helpful. On most leased lines the timing on the circuit is based on timing from the provider. And I believe that is what you have based on this config:

!

interface Serial1

description connected to GA router via t1

bandwidth 1120

ip address 10.1.2.1 255.255.255.0

no ip directed-broadcast

encapsulation ppp

no fair-queue

service-module t1 timeslots 1-20

service-module t1 remote-alarm-enable

!

If the ISP does not want timing from the circuit then you might try to configure:

service-module t1 clock source internal

Otherwise try to get some more information from the ISP including what they suggest as a solution.

In the mean time it might be helpful if you would post the output of show service-module serial 1. (from both routers)

HTH

Rick

Hi Rick

Yes, I can see from the output of the "show ip route" command on the GA Router that the gateway of last resort is the default static route 192.168.120.2, which is denoted in the routing table by the code "S*" and that this is the route of choice as the AD is 1 as opposed to the AD of 2 that the floating static route is configured with.

I will do some playing around with floating static routes on my home lab tomorrow so I can gain experience configuring them and seeing how they work when I kill the primary default route :)

Once again many thanks for your explanations, they are much appreciated.

Best Regards,

Michael

NY router:

NY_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is v1.10,

Image checksum is 0x461796D6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is line,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 1d05h

loss of signal : 1, last occurred 20:28:01

loss of frame : 7, last occurred 01:11:47

AIS alarm : 6, last occurred 01:11:47

Remote alarm : 0,

Module access errors : 0,

Total Data (last 96 15 minute intervals):

510 Line Code Violations, 1040 Path Code Violations

3 Slip Secs, 80639 Fr Loss Secs, 21 Line Err Secs, 6 Degraded Mins

29 Errored Secs, 29 Bursty Err Secs, 18 Severely Err Secs, 80627 Unavail Sec

s

Data in current interval (97 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

GA router:

GA_router#show service-module serial 1

Module type is T1/fractional

Hardware revision is 0.88, Software revision is 1.07,

Image checksum is 0x8510A6B6, Protocol revision is 0.1

Receiver has no alarms.

Framing is ESF, Line Code is B8ZS, Current clock source is line,

Fraction has 20 timeslots (64 Kbits/sec each), Net bandwidth is 1280 Kbits/sec.

Last module self-test (done at startup): Passed

Last clearing of alarm counters 01:12:10

loss of signal : 0,

loss of frame : 0,

AIS alarm : 0,

Remote alarm : 1, last occurred 01:12:00

Module access errors : 0,

Total Data (last 4 15 minute intervals):

0 Line Code Violations, 0 Path Code Violations

6 Slip Secs, 11 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

62 Errored Secs, 0 Bursty Err Secs, 11 Severely Err Secs, 0 Unavail Secs

Data in current interval (690 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

James

Thank you for posting this output as I requested. It does show that currently both routers are getting timing (clocking) from the line. And this is generally what I would expect on a leased line. If the provider thinks that there is a timing problem you might talk to them about whether it is worth it to try using clock source internal as I suggested. I would probably not do this without checking with the provider.

This output does show that there are issues on the line. Note particularly:

510 Line Code Violations,

1040 Path Code Violations

80639 Fr Loss Secs

80627 Unavail Sec

Does the provider have anything to say about these?

HTH

Rick

The ISP changed some clocking on the routers on Wednesday, but I am still having difficulty. I think the p-t-p connection is going up and down or is at least having too many packet errors/collisions and therefore the vpn is taking over.

To me it's different and I am not used to the setup here, which I think is wrong. Each subnet (NY and GA) has two default gateways. One is the p-t-p connection and the other is the vpn/Internet connection. Shouldn't each subnet have 1 gateway? What is the "best practice" to implement.

I think what is happening is that the p-t-p is flaky and the packets can't decided which way to go so they oscillate between the p-t-p and the vpn.

James

It is not clear what the ISP changed, but it seem pretty clear that it did not clear up the problem. Perhaps a fresh output of show service-module would be helpful.

I am not clear about your comment that each subnet has 2 default gateways. Is this related to the static route/default route and the floating static/default route? Or is it something else? Perhaps when we understand the question a bit better we can have answers about best practice.

HTH

Rick