Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Would both router endpoints need IP SLA for a branch to branch failover?

I have IP SLA working fine in a HQ branch office where it pings the destination router IP off of a metro-e fiber connection every 20 seconds.  If this link goes down it will remove this route since were tracking icmp under 800ms.  Then the router will fall back to a route with a higher AD which points to a tunnel interface that is working fine over a 4G cellular connection.

My question is, would the router at the other end need a similar IP SLA tracking statement, or would it just realize the traffic is now coming over the tunnel and route over the tunnel?

I'm doing it this way because the ISP has fast Ethernet hand-off and 99.9999% that is always "up" but that doesn't necessarily mean fiber could be cut or the switch at the CO could go down, etc... Were also fairly small so haven't implemented routing protocols.

I would like to save the money from buying the (now replaced) DATA+WAAS licence for the other endpoint's 2911.  I can't buy just the DATA licence anymore, only the more expensive combination licence is available now.  The source side is a 2811 before the licencing madness, or maybe we bought it with more functionality (was installed before my time).  At least the DATA licence is needed for IP SLA in a 2911, which means spending money.





Everyone's tags (1)
Cisco Employee

Hi Keith, This way you can

Hi Keith,


This way you can control outgoing traffic, but to route reverse traffic via tunnel, you need to have similar arrangement on the provider side. When your link with ISP goes down, or layer3 connectivity broken, ISP should stop advertising your lan network to internet and the other router(where tunnel is terminating) should starts attracting reverse traffic.


--Pls dont forget to rate helpful posts--




New Member

Ok because I have a 2811

Ok because I have a 2811 router here and a 2911 router at another location.


IP SLA is configured on the 2811 here.  But the 2911 does not have IP SLA commands besides responder, therefore I have to purchase a licence which cisco no longer sells just the DATA licence now... you have to buy DATA+WAAS which is about $200 more (according to my reseller).

Anyway if I SHUT the primary interface down on the 2811 here, IP SLA can no longer ping the primary interface at the other site so it correctly removes those routes in that track and if fails back to an alternate route I have installed with a higher AD.  This route goes across the tunnel.  The routers can talk to each other but the 2911 at the other end cannot talk back to my core switch in my headquarters.  So I think that end is trying to come over the traffic that is shut on the 2811 here.  If I put IP SLA on that other side it would obviously see no ping response and alter the routes accordingly.

I guess I have no choice but to spring for the licence addition to our 2911 ip base routers.

you can do two parralel GRE

you can do two parralel GRE tunnel from 2811 to 2911

and you can do two static routes throw tunnels with bigger metric in 4G tunnell

in case one tunell fals all traffic will go throw existing tunnel

tunnel throw 4G you already have.


and dont forget to rate post

CreatePlease to create content