Thanks for the quick reply,

you've given me more to think about. Yes the interface on the other end does stay up. However I created my static routes specifying the next hop and not the interface. I thought maybe that would get around this issue. Something intersting to note though:

I have a couple of special static routes (specific ip addresses) that always go over connection 1, but I made a backup route for these over connection 2 with an ip route statement and a high administrative distance. When I killed the interface, these special routes moved over. Why would that work and not the other routes for the whole network? I will check out that document you sent in the meantime.

Thank you again

Ok, so my suspicion was correct and that is why it's not working.

This behaviour is dependent on the type of link. With Ethernet, as long as the local port is plugged into a switch, it will always stay up no matter what happens at the other end. There is no end-to-end keepalive for Ethernet. With ATM links, you can use OAM loopback cells to detect when there is a break in connectivity so that interface is brought down if the end-to-end connectivity is no longer there. With PPP links, you cannot have any other devices between the two router ports (by definition) so if one goes down, so does the other.

If you need help configuring up the reliable static routes, let me know as I can post a sample config I have that works quite well.

Hope that helps - pls rate the post if it does.

Paresh

Thank you,

You will probably think this is crazy but one link is an atm to frame relay and the other is a ipsec vpn. But both are about the same latency and bandwidth. But like you said, the nature of these types of links are that one end stays up when the other goes down. I think the document you linked me to is what I needed. I already read it and am ready to implement it on the network. I will have to customize it, of course, because of the link types. But it is definately doable.

thanks

Hello,

It works great. However I only did some minimal steps:

Create the monitor:

ip sla monitor 1

type echo protocol ipIcmpEcho 10.10.10.3

timeout 1000

threshold 2

frequency 2

ip sla monitor schedule 1 life forever start-time now

Create tracking object:

track 10 rtr 1 reachability

Use the track in a route statement:

ip route 192.168.33.0 255.255.255.0 10.10.10.3 track 10

The cisco documentation has you make a routing policy and a route map. I couldn't think of why to do this. If it works without should I do it?

thanks for all of the help!

Aha!

Now I see.

thank you

Hello,

Maybe I should start a new thread if I keep having questions, but one more:

Can I force the pings to go out the interface I want with:

type echo prot ipIcmpEcho 10.10.10.3 source-interface fa2/0

Or does that just use the ip address of the interface as the source address in the icmp packet?

The reason I ask is that i don't quite understand how to use the route policy in my case. I don't have a backup link, but rather two load-balanced links with redundancy. So would I need two route maps?

thanks

OK,

A little more reading now I understand what the route-map is doing. But in my case the next-hop IS the target IP address that is being monitored (one link is dedicated frame-relay and the other is a vpn) is it OK to use that for the next-hop? I'll try.

Hi again,

In answer to your first question, setting the source-interface to fa2/0 simply changes the source IP of the packet - it will still get routed out of the best interface for that route.

Now, I would advise that you monitor an address within the core of your network at the other site. That helps to detect failures that are further downstream of the link. It is quite possible that the link stays up but a link downstream of it fails and the static route will stay up.

If you are tracking two routes, do the following:

- monitor two different IP addresses for the two tracked objects

- use the same local-policy but tweak the route-map so that the next-hop is set based on which address is being pinged. This will allow you to send the pings over the two different links based on where they are going

Hope that helps - pls rate the post if it does.

Paresh

Yup,

That's exactly what I did, and it tested successfully.

Just to clarify:

The address I am monitoring is the core on the far side. It's just that there are no stops (that are layer 3 ip) in between on the frame network.

thanks,

Well, if that is the case, then that address should do just as well for monitoring purposes as anything else.

Glad to see you got it all working.

Paresh

Once again, thank you so much for all of the help, you have been very helpful. Do you know of any solutions that will do the object tracking automatically? I came across the GLBP protocol on cisco's site, but I don't know that this applies to my situation.

good day