Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
0
Helpful
32
Replies

Routing to Vendor network and tracking interface failure

mbroberson1
Level 3
Level 3

‎03-24-2009 06:39 AM - edited ‎03-04-2019 04:03 AM

Please see attached diagram for more details.

Senario:

You have a connection to vendor/business partner. You have two connections to this business partner. You are runing EIGRP on your internal network and with your routers and core switches. You don't know and don't care what IGP's the vendor is running. They are most likely doing statics. The vendor has two circuits from their routers to their network. If one of the vendors circuits goes down their equipment will failover to using their seconday circuit and equipment.

NOW the BIG question:

How can you configure your company primary router to notice when the vendor primary fails over and instruct your secondary router to take over as the primary path to the vendor network. Your company routers are using HSRP over a L2 link and the primary has static routes pointing to the failover ASA HSRP address of the Vendors ASAs.

I think you will have to do some sort of interface tracking, but not 100% sure.

Thanks!

Brandon

Labels:
Preview file
55 KB
0 Helpful
32 Replies 32

lamav
Level 8
Level 8
In response to mbroberson1

‎03-24-2009 07:57 AM

HSRP configs look fine. Show me the statics and the routing protocol configs.

Also, when the vendor tests failover, exactly what does he fail to create the failover?

0 Helpful

mbroberson1
Level 3
Level 3
In response to lamav

‎03-24-2009 08:21 AM

Hi Lamav,

Please see attached.

when the vendor fails over they will usually failover their ASA form ther primary to ther secondary causing traffic to go over their secondary equipment and circuit.

Thanks,

Brandon

Preview file
2 KB
0 Helpful

lamav
Level 8
Level 8
In response to mbroberson1

‎03-24-2009 08:45 AM

"when the vendor fails over they will usually failover their ASA form ther primary to ther secondary causing traffic to go over their secondary equipment and circuit."

And this is supposed to effect you, how?

Make sure the vendor is pointing to your HSRP VIP.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎03-24-2009 06:59 AM

Hi Brandon,

You can create an IP SLA to track reachability via ICMP to the vendor's circuit.

Once that monitoring is configured, you can setup your HSRP to decrement its priority based on that tracking status.

http://www.cisco.com/en/US/docs/ios/ha/command/reference/ha_s3.html#wp1044974

HTH,

__

Edison.

0 Helpful

lamav
Level 8
Level 8
In response to Edison Ortiz

‎03-24-2009 07:03 AM

"You can create an IP SLA to track reachability via ICMP to the vendor's circuit."

I seriously doubt that the vendor is going to allow him to PING his ASA to death. Most likely that ASA will be blocking all ICMP.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to lamav

‎03-24-2009 07:06 AM

Victor,

We are not pinging the ASA, we are pinging the vendor's router WAN interface.

__

Edison.

0 Helpful

lamav
Level 8
Level 8
In response to Edison Ortiz

‎03-24-2009 07:08 AM

Understood. But I doubt the vendor is going to allow PINGs through his ASA. If so, that'll be a first for me.

0 Helpful

mbroberson1
Level 3
Level 3
In response to Edison Ortiz

‎03-24-2009 07:08 AM

Hi Edison,

Could you kindly give a config example of what this would look like on both the company primay and company secondary routers?

Thanks,

Brandon

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to mbroberson1

‎03-24-2009 07:18 AM

Brandon

Per your requirements, it seems they want you to draw traffic to your secondary router from your LAN segment and currently they are using HSRP to do that.

Your primary router is the active HSRP router so you need to decrement its value based on a tracked event.

The only router that needs to be modified will be your company primary router.

Note.- I don't have any equipment at the moment, this was taken from the documentation:

1) Create a tracked object:

ip sla monitor 1

type icmp-echo dest-ipaddr [wan-circuit-ip]

ip sla monitor schedule 1 start now life forever

(More information at: http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_02.html#wp1052325)

2) Associate the track to the HSRP config:

standby 1 preempt

standby 1 priority 105

standby 1 track 1 decrement 10

On the secondary router, make sure you have:

standby 1 preempt

HTH,

__

Edison.

0 Helpful

mbroberson1
Level 3
Level 3
In response to Edison Ortiz

‎03-24-2009 07:23 AM

Hi Edison,

So the [wan-circuit-ip] would be the address of the vendor primary's "far-remote-side", or the local side?

Regards,

Brandon

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to mbroberson1

‎03-24-2009 07:33 AM

Good question. It's up to you how far out you want the ICMP packet to travel. Keep in mind to modify the timeout and frequency within the SLA monitor and try not to be too aggressive on those parameters.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to mbroberson1

‎03-25-2009 06:20 AM

VRRP and HSRP have the same features.

The main difference between HSRP and VRRP is that HSRP is Cisco proprietary while VRRP is industry standards.

__

Edison.

0 Helpful

mbroberson1
Level 3
Level 3
In response to Edison Ortiz

‎03-25-2009 06:29 AM

Hi Edison,

See if this would be a valid configuration?

Can you track on the same interface where you are running HSRP on?

Thanks,

Brandon

Preview file
1 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card