Would both router endpoints need IP SLA for a branch to branch failover?
I have IP SLA working fine in a HQ branch office where it pings the destination router IP off of a metro-e fiber connection every 20 seconds. If this link goes down it will remove this route since were tracking icmp under 800ms. Then the router will fall back to a route with a higher AD which points to a tunnel interface that is working fine over a 4G cellular connection.
My question is, would the router at the other end need a similar IP SLA tracking statement, or would it just realize the traffic is now coming over the tunnel and route over the tunnel?
I'm doing it this way because the ISP has fast Ethernet hand-off and 99.9999% that is always "up" but that doesn't necessarily mean fiber could be cut or the switch at the CO could go down, etc... Were also fairly small so haven't implemented routing protocols.
I would like to save the money from buying the (now replaced) DATA+WAAS licence for the other endpoint's 2911. I can't buy just the DATA licence anymore, only the more expensive combination licence is available now. The source side is a 2811 before the licencing madness, or maybe we bought it with more functionality (was installed before my time). At least the DATA licence is needed for IP SLA in a 2911, which means spending money.
This way you can control outgoing traffic, but to route reverse traffic via tunnel, you need to have similar arrangement on the provider side. When your link with ISP goes down, or layer3 connectivity broken, ISP should stop advertising your lan network to internet and the other router(where tunnel is terminating) should starts attracting reverse traffic.
Ok because I have a 2811 router here and a 2911 router at another location.
IP SLA is configured on the 2811 here. But the 2911 does not have IP SLA commands besides responder, therefore I have to purchase a licence which cisco no longer sells just the DATA licence now... you have to buy DATA+WAAS which is about $200 more (according to my reseller).
Anyway if I SHUT the primary interface down on the 2811 here, IP SLA can no longer ping the primary interface at the other site so it correctly removes those routes in that track and if fails back to an alternate route I have installed with a higher AD. This route goes across the tunnel. The routers can talk to each other but the 2911 at the other end cannot talk back to my core switch in my headquarters. So I think that end is trying to come over the traffic that is shut on the 2811 here. If I put IP SLA on that other side it would obviously see no ping response and alter the routes accordingly.
I guess I have no choice but to spring for the licence addition to our 2911 ip base routers.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...