« Best Cisco Laptop? | Main | Solarwinds Enters the NetFlow Fray...for Free? »

August 4, 2008

Dynamic Failover with IP SLA

I just stumbled across this killer post on Shawn's Blog that describes how to set up IP SLA to allow a static route to failover if pings to a specified internet host should fail. This is really useful if you have two ISPs (and thus, two default routes) where the router cannot detect a link failure. This is really common if you have a cable/DSL modem or some type of wireless connectivity. Here's the basic config, taken directly from Shawn's Blog:

ip sla 1 < The number 1 here is arbitrary, used only to identify this sla. It is otherwise knows as the operation number>

icmp-echo 4.2.2.2 < 4.2.2.2 is a DNS server that responds to pings out on the internet>

timeout 500 < This is how long to wait for a response from the ping>

frequency 3 < This is the repeat rate for the SLA>

ip sla schedule 1 start-time now life forever < This command says "start SLA 1 now and keep it running forever>

track 1 rtr 1 reachability < This comand creates the track object "1" and monitors the SLA 1>

now for the routing, we need to change the default route and associate it with the tracker

no ip route 0.0.0.0 0.0.0.0 1.1.1.1

and then put it back with the tracking

ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1

Then we need to add our secondary route

ip route 0.0.0.0 0.0.0.0 1.1.1.2 10

Now when the ping to 4.2.2.2 fails the primary route is removed and the secondary route with the higher metric becomes the default. The route will be reinstated when the connectivity is restored.

With the 12.4 and higher releases the commands have changed slightly but the "?" is your friend. If I receive requests for the syntax I will post it as well, but it is pretty easy to convert.

Here is the reference to the Cisco IP SLA documentation

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080441845.html

Posted by JC at August 4, 2008 1:36 PM

Trackback Pings

TrackBack URL for this entry:
http://www.cioara.org/cgi-bin/mt-tb.cgi/290

Comments

Just a short note:
I'm not really convinced, that it will work as expected with the above example:
If you track the reachability of 4.2.2.2, as soon as the static route over the secondary ISP will be the preferred, 4.2.2.2 will be available again, thus, will reinstall the primary default gateway, causing the routes to flap continously.
I'd rather use the WAN interface (or another IP from that ISP, which is most likely not reachable from the outside world) instead.

It may worth to know, that this works also on pix/asa firewalls, above 7.x:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Posted by: Krekk at August 6, 2008 12:44 AM

The IP SLA functionality in the Cisco IOS is really useful. Furthermore you can use another feature of the IOS - the Embedded Event Manager. Together with stub object tracking they form a very powerful tool that can help manage default route selection not only relying on reachability of some hosts, but also make decisions based on plenty of other parameters of the IOS itself.

For example, IOS can change the default route when one of the numerous interface counters exceeds a threshold.

In the following example, default route changes when the "Receive Rate in BPS" counter of FastEthernet4 exceeds 100 000:

track 1 stub-object
default-state down

ip route 0.0.0.0 0.0.0.0 1.1.1.1 10
ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1

event manager applet app1
event interface name "FastEthernet4" parameter receive_rate_bps entry-val 100000 entry-op gt entry-val-is-increment false poll-interval 10
action beta track set 1 state up
event manager applet app2
event interface name "FastEthernet4" parameter receive_rate_bps entry-val 100000 entry-op le entry-val-is-increment false poll-interval 10
action beta track set 1 state down

All of this stuff together is called Enhanced Object Tracking. Lots of information on this can be found here:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fthsrptk.html

Posted by: mindplay at August 6, 2008 7:05 AM

Ivan Pepelnjak has this similar article with an working example applicable in real-life: http://www.nil.com/ipcorner/SmallSiteMultiHoming/
It's worth looking at it as it includes nice diagrams and step-by-step router configurations.

Posted by: AdrianT at August 6, 2008 7:59 AM

Awesome - thanks all! Great stuff.

Posted by: JC at August 6, 2008 1:49 PM

I am glad you liked my post. Normally when we deploy these we static the icmp target out one interface or the other.
Shawn

Posted by: Shawn at August 6, 2008 4:46 PM

Hi Jeremy, again i still cant thank you enough for the world of ccna that you've taught me. I just finished the topic of VPN and some of the side notes that you add just adds interest in wanted to learn more, on the VPN topic you touch on a story of how DES was rip to shreds wide open by a 12 year old girl. any idea where can i find this article as it does intrigue me. Thank you.

Posted by: Amarjit Sonik at August 8, 2008 9:49 AM

hi,
this message is for jeremy, i didn't found any email to forward it to you, so let's enter in the main subject,
i was watching your cbt nuggets BSCI videos and when you were talking about what "H" means in the "sh ip eigrp nei",the answer is Handle, you can found that in the "BSCI-StudentGuide-3.0 volume 1", hope this clears your big doubt about that :), and i thank you for the awesome videos
bye

Posted by: nassim at August 12, 2008 3:43 AM

Post a comment




Remember Me?

(you may use HTML tags for style)