I have a IP SLA being tracking a primary interface of a remote 2951 router. When the the pings to 188.8.131.52 from the primary interface fail - it sends a UP->Down to the syslog buffer and then it triggers the Event Manager script and the backup interface comes up. And the opposite happens when the primary interface starts pinging 184.108.40.206 successfully.
The issue I was having was that when the primary interface was pinging to 220.127.116.11, every so often( like once a day) the ping would drop and it would trigger the Event Manager script - which would fail over to the backup and then quickly fail back to the primary but, the users would go down briefly. I had the tracking delay up and delay down set to 10 but, the frequency of the IP SLA set to 30. Now I have the frequency still set to 30 but I increased the tracking delay up and delay down to 180 - the max. I believe that will take care of the occassional ping lose.
This recovery time of 180 is a little long. The primary interface is connected to the VPN via a 50Mbs pipe. If I increased the IP SLA frequency to - say every second and decreased the tracking delay up and delay down to 10, first would it be taxing on the bandwidth and second, would the deleay down 10 delay up 10 be enough time for the occasional ping lose?
I used to run into this problem too when I was pinging networks outside of the ISP I was connected too.
To resolve this I started to ping the IP of the last HOP I had no control over such as the WAN interface connected to the PE (Provider edge layer 3 device) so if that link were to go down then I’m ok with the failover to go over the backup link. Pinging a remote site like 18.104.22.168, or 22.214.171.124 is great because they are well connected IP but at anytime they can go down but the internet be up.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...