Solved: Failover in PBR

NAGISWAREN2 · ‎12-19-2011

Hi all,

I have two internet link connected to same router. I would like to do PBR in our router . Email via ISP 1 and http via ISP 2. But here i need failover over fauction too. In the event of any of ISP link is down, the specified PBR policy must use another available ISP link to route the traffic? Both ISP link is DSL. Sample configuration needed. Thanks

Regards, Nagis

Richard Burts · ‎12-20-2011

Yes you have correctly identified one of the potential issues. If you track the IP of the DSL modem it may be reachable but the ISP network may not be reachable. This is exactly the situation that I faced with my customer. We were using DSL as the alternate way to get Internet connectivity and we wanted to send certain particular traffic (HTTP or Email) using the DSL. Here is a brief description of what we did.

- we configured a primary static default route using the primary outbound interface.

- we configured a floating static default route to provide failover if the primary interface failed.

- we identified an address that was a hop or two beyond the DSL modem for the network of the DSL provider and used that as the address to track.

- we configured a host specific static route for that address specifying that it had to go through the DSL interface to reach it.

- we configured IP SLA to track this address.

- we configured PBR to identify the particular traffic that we wanted to send via DSL, and configured the set next-hop to use the verify-availability capability.

The result is that as long as the specified address inside the DSL network was reachable the router used PBR for the particular traffic that we identified and sent it via DSL. And if the router lost connectivity to that address in the DSL network then PBR was not used on the particular traffic and normal routing was done.

We found that it worked quite well.

HTH

Rick

HTH

Rick

View solution in original post

smitesh kharecha · ‎12-19-2011

Hi,

Any particular needs you want to do this via PBR ?

As such I don't prefer PBR much in a network, unless there is need to route the particular traffic via some other means.

As per your requirement, I suggest to go with object tracking and floating routes..

Regards,

Smitesh

Latchum Naidu · ‎12-19-2011

Hi,

To failower between two ISP links you can use IP SLA, see the below thred which I explained very well.
https://supportforums.cisco.com/thread/2121390?tstart=0

Please rate the helpfull posts.
Regards,
Naidu.

Richard Burts · ‎12-19-2011

Naidu

The link that you provide is a nice discussion of using IP SLA to achieve failover for static routing. But it does not quite fit the situation of the original poster who wants to do failover (or withdrawal) of Policy Based Routing. I have done this for a customer and the key to doing it is an optional clause used with the set next-hop command. It would look something like this:

route-map to_cable permit 10

match ip address http_out

set ip next-hop verify-availability 74.93.210.62 1 track 123

The route map is used for PBR and the match statement is just standard match entries in an access list. The set hext-hop statement includes the verify-availability clause. verify-availability uses track 123 to track the availability of the next hop address and if the next hop address is not available then PBR is bypassed and a normal routing decision is used. I believe that this is what the original poster is looking for.

HTH

Rick

HTH

Rick

Latchum Naidu · ‎12-19-2011

Hi Rick,

I agree with you on the PBR part and that it is what I have for one of my customer, create route-map and set default gateway to which the custoemr want when they have multiple ones.

But how the failover will happen between two ISP's on the same router terminated. And where you will apply this route-map.
I thought like will create a route-map and apply it on the WAN interface but again thinking like what about the remaining traffic.

Please rate the helpfull posts.
Regards,
Naidu.

Richard Burts · ‎12-19-2011

Naidu

With PBR you place the route map on the inteface where the traffic arrives. If you place the route map on the WAN interface that would mean that you want to apply different routing decision for traffic that ISP is sending to the customer. It is pretty clear in the original post that he wants to send some user traffic to ISP 1 and other traffic to ISP 2. So for this he would need to place the route map on the interface toward the users in the network and not on the WAN.

If the original poster places the route map on the inside interface then his route map can identify certain traffic (like Email) and set a next-hop toward the ISP where he wants Email to go. And using the verify-availabilty as I explained will mean that if that ISP has become not available then the Email will be sent to the other ISP which provides failover.

HTH

Rick

HTH

Rick

KATTUBAVA E.S · ‎12-19-2011

I would appreciate if anyone post a sample config for the above scenario..

Thanks

bava

NAGISWAREN2 · ‎12-19-2011

Hi richard,

Yes exactly. I need to archieve fail over in PBR. But in here, im using DSL link with fix IP. Meaning to say the the next hop IP will be my DSL modem IP, which i guess will be always available regarless of the internet link is UP or DOWN, unless the cable unplugged or modem turned off. How can i achieve this? for example, http traffic routed via ISP 2, and the route-map will track the availabily of ISP 2 by ping to ISP 2 DNS server IP. anyway to do this? Thanks for your help.

Regards, Nagis

Richard Burts · ‎12-20-2011

Yes you have correctly identified one of the potential issues. If you track the IP of the DSL modem it may be reachable but the ISP network may not be reachable. This is exactly the situation that I faced with my customer. We were using DSL as the alternate way to get Internet connectivity and we wanted to send certain particular traffic (HTTP or Email) using the DSL. Here is a brief description of what we did.

- we configured a primary static default route using the primary outbound interface.

- we configured a floating static default route to provide failover if the primary interface failed.

- we identified an address that was a hop or two beyond the DSL modem for the network of the DSL provider and used that as the address to track.

- we configured a host specific static route for that address specifying that it had to go through the DSL interface to reach it.

- we configured IP SLA to track this address.

- we configured PBR to identify the particular traffic that we wanted to send via DSL, and configured the set next-hop to use the verify-availability capability.

The result is that as long as the specified address inside the DSL network was reachable the router used PBR for the particular traffic that we identified and sent it via DSL. And if the router lost connectivity to that address in the DSL network then PBR was not used on the particular traffic and normal routing was done.

We found that it worked quite well.

HTH

Rick

HTH

Rick

NAGISWAREN2 · ‎12-20-2011

Thanks richard... This is what i exactly looking for.

Regards, Nagis