I have a configuration where I am doing BGP peering two different service providers and using HSRP to control outbound failover. One of the service providers (SAVVIS) recently installed two additional T1 interfaces into my router that connects me to them. Instead of providing me three serial interfaces, they installed an Integrated Edge Device (IED) - essentially a router thaat multilinks the three serial circuits. From the IED they provide me an Ethernet connection. I use this as my primary route out to the Internet.
Well, if I track the Ethernet interface on my router that connects to their IED and the circuit fails, which it has already, HSRP does not failover because the Ethernet interface doesn't drop.
Does anybody know of an alternative way to accomplish this without using the track interface command in HSRP?
You are along the right path. The problem with normal HSRP like you have noticed is that it tracks the ethernet interface which does not go down during link failures. By using enhanced object tracking, you can track more advanced things. A good one, and very applicable to you is SAA tracking.
By using SAA probes, you can configure the router to probe a particular IP address with ICMP packets for example. A tracked object can be declared against this probe such that the tracked object is up when there are ICMP replies and the tracked object is down when there are no ICMP replies. The status of the link can therefore be reliably determined.
Check the following link for further examples and explanation.
Thank you. I think that may solve my issue. I assume the following rtr commands must also be applied:
type echo protocol ipIcmpEcho
rtr sched 1 start-time now life forever
track 2 rtr 1 state
track 3 rtr 1 reachability
ip address 10.21.0.4 255.255.0.0
standby 3 ip 10.21.0.10
standby 3 priority 120
standby 3 preempt
standby 3 track 2 decrement 10
standby 3 track 3 decrement 10
Will this configuration fail back when the tracked ojbect becomes available again?
I'm assuming that's what the "delay up seconds down seconds" command does. This allows you to wait a certain amount of time after the object becomes reachable or unreachable before, in this case, promoting or demoting the primary router.
Another thing to note, is that depending on the ip address of the tracked object and your routing configuration, you might want to configure local policy based routing to force the locally generated packets out through an interface. The idea is that when there is a failed link, the routing protocol could reconverge, such that the tracked object is now reachable via another route.
It appears as though the rtr command is only available with certain IOS feature sets.
But I was able to use the track 10 ip route A.B.C.D/30 command, which I believe will accomplish the same thing. I then added "standby 2 track 10 decrement 10" to my HSRP interface configuration. This should cause HSRP to decrement the router priority by 10, forcing it to become the standby router. When the tracked object becomes reachable again, the router priority should be incremented by 10, causing it to become the primary router again.
Yeah, the logic is right. Also, not IOS support the rtr feature.
You need to be careful though on which route you are tracking. The route will need to disappear during the link failure. For instance, it might not make sense to track the connected route of the ethernet interface since that route will always be in the routing table. Realising that you are running BGP, you could track a route that is only learnt via that BGP connection.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...