cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
0
Helpful
2
Replies

Auto Failover: ASA or Router

All,

I'm in the process of configuring failover for dual routers to dual ISPs (both routers connected to their own ISP using BGP).  I was wondering if it would be more efficient to configure a backup default route using tracking on our ASA that will automatically store the backup route in the route table or use HSRP with tracking on our ASRs that will failover to the standby unit if the default route on the primary is unreachable?  If possible, could I use both for max redundancy?  Here is a sample of our config on both the ASA and one of the ASRs (I've changed the real IP addresses for privacy):

ASA:

sla monitor 10

type echo protocol ipIcmpEcho 1.1.1.1 interface outside

num-packets 3

sla monitor schedule 10 life forever start-time now

track 10 rtr 10 reachability

route outside 0.0.0.0 0.0.0.0 1.1.1.254 1 track 10

route outside 0.0.0.0 0.0.0.0 1.1.1.253 5

Primary ASR:

interface GigabitEthernet0/0/1

ip address1.1.1.254 255.255.255.0

standby 2 ip 1.1.1.1

standby 2 priority 110

standby 2 timers 1 3

standby 2 preempt delay minimum 60

standby 2 track 10

speed 1000

no negotiation auto

track timer ip route 1

!

track 10 ip route 0.0.0.0 0.0.0.0 reachability

!

Regards,

Terence

2 Replies 2

I forgot to mention above that I have set up our core network using GNS3 and have tested both configs individually.  It seems that the HSRP failover takes anywhere from 1 minute to 1 1/2 minutes before it fails over to the standby device.  My test from the ASA using back up default routes takes less than 30 seconds before the back up route is stored in the route table.  Once the primary route is back up, no pings drop and the transition looks to be seamless unlike our minimum 60 second delay with HSRP.  Of course, this may be because the next hop IP is on the interface of the ASR connecting to our LAN and no BGP is involved.  I'm looking forward to hearing some feedback.  Thanks!

Well,

I think I found the answer to my question.  After testing these configs further, I found that using HSRP is best because I can track my default route so if an internal failure with my ISP occurs, my router will failover to the other.  I can't do that (at least from what I'm aware of) with the ASA.  I can track as far as the gateway address of my ASR which is the IP of the /30 between my ASR and the ISP.  I can't track past that or at least I don't think I can from the ASA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco