Here is my network configuration:
10.10.10.0/24 -(Firewall)--- R1 -- (static)ISP ---- R2 --- (OSPF)---R3----(OSPF)--- HQ -----
- R1 connects to R2 through ISP with a default route to R2
- at R2
+ Subnet 10.10.10.0/24 is redistributed into OSPF
+ Static route Ip route 10.10.10.0/24 <ISP>
- at R3
Subnet 10.10.10.0/24 is seen at R3 through OSPF
now i have a new dedicated ethernet link between R1 and R3
What i want to achieve is the redundancy for the 10.10.10.0/24
- Traffic to HQ shall go to ISP if R2 is reachable through ISP
- If the link to R2 fails traffic shall go to R3
With the following condition:
1. I am not allowed to configure dynamic routing between R1 and R2
HSRP won't work because
If the ISP link fails traffic will be sent to R3 but because the OSPF static route redistribution
at R2, the traffic going back to 10.10.10.0/24 through R3 will be dropped by ISP
What is the best solution to my problem ? Appreciate your help
The configuration at R1 will be simple. Basically, an default route to R3 with a higher metric should take care of this.
However, at R2 the configuration will depend on the ISP connection and how R2 determines the internet connection is down. We can use OER or a conditional route-map.
R2's connection to the ISP is via a Serial connection or Ethernet drop. Can you illustrate the R2 connection as best as possible ?
hi sir edison, i once read that we could install a static route in routing table if X condition matches, but i couldnt remember how to do it, can we really do it, coz if we can i think it will make this problem really easy to solve, can u tell us how to conditionally install a static route.
ip route [destination ip] [destination subnet] [gateway] [track]
You need to create a track that if valid the ip route will be installed in the RIB.
hi sean u can work this out using tunnel interfaces between R1 and R2. now the point is u will need eigrp or ospf on the tunnel to serve not as a routing protocol but as a keepalive mechanism, i have done it in my lab and the design is good i think, as soon as the isp connection on either side is down so will the tunnel interface and we would have set a route to 10.10.10.0 on R3 like this
ip route 10.10.10.0 255.255.255.0 R1 111 (AD higher than ospf ;) )
becoz entry at R3 for 10 network will be like this before
O EX 10.10.10.0 [110/20]
now catch this ->
at R2 there will be a static route to 10.10.10.0 via TUNNEL interface, if isp link is down so will the tunnel interface, when tunnel interface is down so will be the static route and when the static route is not there so R2 will not redistribute anything to R3 ;) SO R3 will use the route via ethernet link which i mentioned above :)
i hope u got the point, i can paste the whole configuration if u think this will meet ur needs
Sorry I've got time to read your post carefully, this also sounds like a good one.
just one question, what the impact likely would be for the static route 10.10.10.0/24 via TUNNEL interface at R2 ? will ARP cause any problem here ?
If you have confguration ready would you pls post it here
Thank you guys for your thought.
Thanks Rox, for the tunnel solution we are not allowed to do this otherwise it would make this quite simeple with OSPF :-)
Edison's insight comes quite close :-)
Let me elaborate more on the R1---ISP --- R2
10.10.10.0/24 ---(Firewall)--- R1 ---(ISP_R1) ----(ISP Network) ---- (ISP2_R2) --- R2-- OSPF
At R1 we have default static route:
ip route 0.0.0.0 0.0.0.0 (ISP_R1)'s IP address
IP route 10.10.10.0/24 (ISP_R2)'s IP address
and 10.10.10.0/24 -> OSPF redistribution
That is basically, we just throw all traffic to the ISP next hop router at R1 & R2 and they will take care of the routing
The solution to the problem i think is:
1. at R1 we have static default floating route to R3
2. Configure OSPF between R1&R3 and redistribute 10.10.10.0/24 to OSPF (Higher metric)
now how should i configure R2 to make sure that if 10.10.10.0/24 is unreachable the redistribution route at R2 will disappear in OSPF ?
How is R2 connection to the ISP. When R2 loses that connection, does an interface goes down or a route is lost ?
hi i think in this case ip route with track might be a better option, since it will gonna look if a particular prefix is reachable which is in this case 10.10.10.x and places the static route, now as soon as the prefix is lost to R2 due to connection failure it will not place the route in table and therefore will not redistribute it,
now does this meets ur need ?
hi i have checked it, u will have to set this on R2
ip sla monitor 1
type echo protocol ipIcmpEcho 10.10.10.1
ip sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
ip route 10.10.10.0 255.255.255.0 (isp-ip) track 1
now on R3
ip route 10.10.10.0 255.255.255.0 (R1 ethernet ip) 111 ( AD > ospf 110 )
this will work it out
check and tell us if its working
I've got a little problem wit R3 (Still using IOS 12.2 and does not support IP SLA) and i can't upgrade the IOS to 12.3 - (Not enough flash & downtime required)
Not a problem, use Cisco SAA instead of IP SLA, same concept
Thanks alot, but the Track IP ROUTE command is still not available in this IOS release 12.2(x) so the tunnel option mentioned by Rox seems to be the only option left ?
You can use the 'protocol ipIcmpEcho' option within the rtr command.
However, I still don't have a solid understanding on how R2 determines the remote network is down.
You answered my query with:
"When connection is lost the link between R2 and ISP will still be UP most of the time"
Can you elaborate ?
Sorr for the confusion, The R2 to ISP link is Ethernet so the link is always up even the remote subnet is unreachable unless we manually unplug the cable
My suggestion is configuring BGP fully meshed between R1, R2 and R3.
This will take care of your problem without the need for static routes and Cisco's SAA.
It will be a much cleaner config and it will allow you full redundancy among peers.