Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Policy-based Routing (PBR) with tracking for Catalyst 3xxx switches - A workaround using EEM

 

Issue

 

As per Cisco documentation, the verify-availability (IPSLA) option isn't supported on 3750 switches, and most 3xxx series catalyst switches.

 

Even though IP SLA is supported as a feature, it's not supported with policy-based routing. You may still use the basic PBR option "set ip next-hop".

 

Links to confirm issue

 

Here are links for 12.2(40)SE and 12.2(50)SE, which will help clarify this:

 

Catalyst 3750 Switch Software Configuration Guide, 12.2(40)SE: Unsupported Commands in Cisco IOS Release 12.2(40)SE

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swuncli.html#wp1060487

 

Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE: Unsupported Commands in Cisco IOS Release 12.2(50)SE

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swuncli.html#wp1088139

 

Workaround

 

To use EEM Applet with IP SLA to track and make required modifications.

 

Sample Topology

Sample Topology.png

Sample Scenario


Customer installed a new fiber between the two 3750 switches (R2, R3) and wants traffic from a certain server in site one, going to and coming from site 2, to go over the fiber. (R1 - R4 should go over fiber) as opposed to the MPLS cloud.

 

However, he has FIDDI converters in between the two switches to terminate the fiber, and so if the link between the two FIDDI converters goes down, the switches ports will be up/up, and line protocol won't go down. So the PBR traffic will get black-holed and not failover to MPLS or any other route in the routing table. Hence, he needed to use the "set ip next-hop verify-availablity" with tracking for that PBR route, in the event that it goes down, the traffic can failover to the MPLS link.

 

I've simulated the MPLS link by using EIGRP, so those routes are dynamic. I configured IP SLA, and then use event manager to trigger based on the state of the tracking object. If fiber is up, PBR is installed, if fiber goes down, PBR config is removed.

 

MIB Monitored

 

We use an EEM applet to track the state of "rttMonCtrlOperTimeoutOccured" object in the CISCO-RTT-MON MIB.
A value of 1 or true is indicative of "timeout" and 2 or false of "OK / reachable".

Note: The IP SLA (NUM) is the last number in the OID; i.e the last digit 1 in "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1"

 

Sample Config

 

Applied to R2; mirror config applied to R3

 

----

 

access-list 199 permit ip host 192.168.0.30 host 192.168.100.30
!
route-map DTPBR permit 10
match ip address 199
set ip next-hop 172.16.10.2
!
ip sla 1
icmp-echo 172.16.10.2 source-ip 172.16.10.1
timeout 2000
frequency 2
!
ip sla schedule 1 life forever start-time now
!
event manager applet fiberup
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "2" exit-op eq exit-val "1" poll-interval 5
action 1.0 syslog msg "fiberup"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "ip policy route-map DTPBR"
action 3.4 cli command "exit"
!
event manager applet fiberdown
event snmp oid "1.3.6.1.4.1.9.9.42.1.2.9.1.6.1" get-type exact entry-op eq entry-val "1" exit-op eq exit-val "2" poll-interval 5
action 1.0 syslog msg "fiberdown"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "int gi0/2"
action 3.3 cli command "no ip policy route-map DTPBR"
action 3.4 cli command "exit"
exit
!

 

-----

 

Links

 

Tools & Resources: SNMP Object Navigator

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=rttMonCtrlOperTimeoutOccurred

 

Cisco IOS hints and tricks: Log IP SLA failures
http://blog.ioshints.info/2007/01/log-ip-sla-failures.html

Comments

why you dont creat track for the ip sla you have

and under the EEM make the event as track up or down ?

anyway its interesting one

Cisco Employee

Apologies for the late reply.

You are right. Even I configured the first version of this solution as follows::

----

track 1 rtr 1

event manager applet FIBERUP

   event track 1 state up

event manager applet FIBERDOWN

   event track 1 state down

---

However, most switches don't support tracking of an IP SLA. They usually support tracking an interface / route / line protocol etc, but not an RTR object.

That is the reason I didn't include it.

Thanks for asking.

8443
Views
0
Helpful
2
Comments