cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
904
Views
0
Helpful
5
Replies

Dual WAN + PBR + IP SLA works, but there's a problem

david
Level 1
Level 1

I have an 1811, dual WAN.  It's setup to failover properly, based on IP SLA and tracking.  Fixed IP (33.33.33.100) with my primary ISP.  I'm pinging my primary ISP's default gateway (33.33.33.1) for the tracking object.  This works as expected.  The problem is that when my primary ISP is experiencing heavy traffic, the gateway often stops responding to pings.  The connection is still up, and it still passes traffic.  But since I stop getting a response to the ping, my router things the connection is down, and switches to the backup ISP.

This is undesirable. 

So I tried changing the ping to a different address (e.g., 44.44.44.1).   I also changed the appropriate access-list (PingISP_A). 

The pings work.   If the primary connection is disabled, the router properly fails over.   However, when the primary connection is reconnected, the pings do not start working again.  I think this is because the route (ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100) is gone from the routing table at this point.   Is there any way to get this working?  Am I going about it the wrong way?

Thanks

Current config - works (except for the above issue)

interface FastEthernet0

description ISP_A

ip address 33.33.33.100 255.255.255.0

interface FastEthernet1

description ISP_B

ip address dhcp

ip dhcp-client default-router distance 20

ip route 0.0.0.0 0.0.0.0 33.33.33.1 10 track 100

ip route 0.0.0.0 0.0.0.0 dhcp 20

ip local policy route-map LocalPolicy

route-map LocalPolicy permit 10

match ip address PingISP_A

set ip next-hop 33.33.33.1

set interface Null0

ip access-list extended PingISP_A

permit icmp any host 33.33.33.1 echo

ip sla 111

icmp-echo 33.33.33.1 source-interface FastEthernet0

timeout 1000

threshold 100

frequency 3

ip sla schedule 111 life forever start-time now

track 100 rtr 111 reachability

delay down 30 up 30

5 Replies 5

Hi,

For better IP sla configuration you can use your ISP A router outside ip address as source address for IP SLA configuration.

Moreover, no need to do any ACL,route-map for this.

If the gateway ip is not reachable the the respective routes will be removed from the routing table due to tracking.

To make icmp to be success no need to do any route-map for this and to avoid such a scenario, increase the frequence to bit high and timeout too.

for more info just have a look into this url

http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html

Regards

Karuppu

Hi

Thanks for the reply.   The problem I'm having is that ISPA's gateway will stop replying to pings, but will still pass traffic.  I've seen it stop replying to pings for several minutes at a time, yet I can ping another address on the internet without problem.

Hi,

Then this scenario, you can ping the public DNS server 4.2.2.2 from your primary router and make the source interface as your outside ip address/interface.

regards

karuppu

Hi

That's exactly what I tried to do.  But this is what happens:

primary static IP - 69.x.x.100,  gateway 69.x.x.1

ping 4.2.2.2 - success

primary link goes down (legitimately)

ping 4.2.2.2 - no response

track 100 goes from [up] -> [down]

ip route 0.0.0.0 0.0.0.0 69.x.x.1 10 track 100     is removed from the routing table (because of track 100)

primary link comes back online

ping 4.2.2.2 - still no response

BUT, ping 69.x.x.1 works.   (works most of the time, except when ISP is under heavy load, which is why I want to use a different address)

It appears that unless IP SLA is pinging something in the same subnet as my gateway, it won't ever "fail back".

Hi,

You can set the icmp packet size will bit bit small.By default cisco router takinig the  ping datagram size is 100bytes.

under ip sla config  request-data-size  bytes use this command.hope u wil get success and set 36 bytes as ping datagram size.

I have tested in my network,the ping datagram size we can use from 36 to18024

ROUTER#ping
Protocol [ip]:
Target IP address:  10.70.42.165
Repeat count [5]:
Datagram size [100]: 32
% A decimal  number between 36 and 18024.
Datagram size [100]: 36
Timeout in seconds  [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape  sequence to abort.
Sending 5, 36-byte ICMP Echos to 10.70.42.165, timeout is  2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max  = 1/2/4 ms
ROUTER#

Regards

Karuppu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco