[c-nsp] track just not working right at all
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Fri Aug 3 10:35:21 EDT 2007
>
>
> Your SLA 100 is down so any route tracking that SLA will be removed
> from the FIB
>
Great, exactly what I want.
What the problem (I feel/see) is that I have :
ip route 0.0.0.0 0.0.0.0 192.168.75.1 10 name SEABREEZE track 100
ip route 0.0.0.0 0.0.0.0 192.168.0.1 11 name HUGHES track 200
ip route 0.0.0.0 0.0.0.0 192.168.75.1 250 name SEABREEZE_FB
ip route 0.0.0.0 0.0.0.0 192.168.0.1 251 name HUGHES_FB
So since the lowest weight is tracked by 100, and its down,
go to the next highest weight... Which is 11. Thats tracked by 200.
And thats up. So, it should be using that. But it doesn't... It
seems to end up going PAST that to the 250 weight and settling there.
>
> It looks like you are pinging remote IPs via both of your interfaces
> with the 4 track commands. The problem with this is that when the
> SLA is down, the route is removed and then the ping can't reach it's
> destination via that interface and the SLA will never recover.
>
I don't (shouldn't be) having that problem. I have a
local policy :
ip local policy route-map LocalPolicy
ip access-list extended Ping-HUGHES-VJOFN
permit icmp host 192.168.0.3 host 204.107.90.128
ip access-list extended Ping-HUGHES-WCGRTR
permit icmp host 192.168.0.3 host 64.200.58.69
ip access-list extended Ping-SEABREEZE-VJOFN
permit icmp host 192.168.75.49 host 204.107.90.128
ip access-list extended Ping-SEABREEZE-WCGRTR
permit icmp host 192.168.75.49 host 64.200.58.69
route-map LocalPolicy permit 10
match ip address Ping-SEABREEZE-VJOFN
set ip next-hop 192.168.75.1
!
route-map LocalPolicy permit 11
match ip address Ping-SEABREEZE-WCGRTR
set ip next-hop 192.168.75.1
!
route-map LocalPolicy permit 20
match ip address Ping-HUGHES-VJOFN
set ip next-hop 192.168.0.1
!
route-map LocalPolicy permit 21
match ip address Ping-HUGHES-WCGRTR
set ip next-hop 192.168.0.1
So (I believe) that this should "force" the packet
to go out the correct interface at all times.
>
> You should have one SLA per interface, pinging the other end of the
> interface to determine if the interface is up or down. Then, set
> your default route statement based on the state of the SLA.
>
I've had issues with the "other end down, but no internet
connectivity". So thats why I'm pinging something far away (VJOFN).
I put another IP in (WCGRTR) since I do at times reboot VJOFN and
don't want that site to disappear because I reboot a computer. :)
I'd love to put in a track to check for the actual interface being
up/down, but in both instances the interface won't go down unless
what its attached to loses power. If that loses power, so will
my router too, so kinda a non issue unfortunately.
>
> If you want to see if you can reach certain networks via an interface
> you should be using BGP not SLA
>
I am not allowed to run BGP on either connection. BELIEVE me,
I'd love to be...
Tuc
> -Matt
>
>
> On Aug 3, 2007, at 9:26 AM, Tuc at T-B-O-H.NET wrote:
>
> > Hi,
> >
> >
> > I'm trying to use tracking to decide which connection to
> > use. From what I can tell, I have it set up perfectly. However,
> > its not working perfectly. I have 4 items "ip sla monitor"d, but
> > only 2 currently for tracking (100 and 200). I'm having the issue
> > that when 100 is down, 200 isn't taking over, its going to the next
> > highest weighted connection!
> >
> > C3640-1# sho track br
> > Track Object Parameter Value
> > 100 rtr 100 reachability Down, delayed
> > Up (119 secs remaining)
> > 101 rtr 101 reachability Down, delayed
> > Up (29 secs remaining)
> > 200 rtr 200 reachability Up
> > 201 rtr 201 reachability Up
> >
> > C3640-1#sho ip route track
> > ip route 0.0.0.0 0.0.0.0 192.168.75.1 10 name SEABREEZE track 100
> > state is [dow
> > n]
> > ip route 0.0.0.0 0.0.0.0 192.168.0.1 11 name HUGHES track 200
> > state is [up]
> >
> >
> > C3640-1# sho track
> > Track 100
> > Response Time Reporter 100 reachability
> > Reachability is Down, delayed Up (90 secs remaining)
> > 613 changes, last change 00:27:45
> > Delay up 180 secs, down 30 secs
> > Latest operation return code: Timeout
> > Tracked by:
> > STATIC-IP-ROUTING 0
> > Track 101
> > Response Time Reporter 101 reachability
> > Reachability is Down, delayed Up (1 sec remaining)
> > 52 changes, last change 00:27:44
> > Delay up 180 secs, down 30 secs
> > Latest operation return code: Timeout
> > Track 200
> > Response Time Reporter 200 reachability
> > Reachability is Up
> > 54 changes, last change 06:26:40
> > Delay up 20 secs, down 10 secs
> > Latest operation return code: OK
> > Latest RTT (millisecs) 707
> > Tracked by:
> > STATIC-IP-ROUTING 0
> > Track 201
> > Response Time Reporter 201 reachability
> > Reachability is Up
> > 29 changes, last change 04:39:40
> > Delay up 20 secs, down 10 secs
> > Latest operation return code: OK
> > Latest RTT (millisecs) 700
> >
> > This confirms it....
> >
> > C3640-1#sho ip route
> > Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> > E1 - OSPF external type 1, E2 - OSPF external type 2
> > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> > level-2
> > ia - IS-IS inter area, * - candidate default, U - per-user
> > static route
> > o - ODR, P - periodic downloaded static route
> >
> > Gateway of last resort is 192.168.75.1 to network 0.0.0.0
> >
> > C 192.168.75.0/24 is directly connected, Ethernet0/0
> > C 192.168.0.0/24 is directly connected, Ethernet1/0
> > C 192.168.3.0/24 is directly connected, BVI1
> > S* 0.0.0.0/0 [250/0] via 192.168.75.1
> >
> > My config is a 3640 running c3640-jk9s-mz.124-13a.bin .
> >
> > ip sla monitor 100
> > type echo protocol ipIcmpEcho 204.107.90.128 source-ipaddr
> > 192.168.75.49
> > timeout 4000
> > frequency 10
> > ip sla monitor schedule 100 life forever start-time now
> > ip sla monitor 101
> > type echo protocol ipIcmpEcho 64.200.58.69 source-ipaddr
> > 192.168.75.49
> > timeout 4000
> > frequency 10
> > ip sla monitor schedule 101 life forever start-time now
> > ip sla monitor 200
> > type echo protocol ipIcmpEcho 204.107.90.128 source-ipaddr
> > 192.168.0.3
> > timeout 4000
> > frequency 10
> > ip sla monitor schedule 200 life forever start-time now
> > ip sla monitor 201
> > type echo protocol ipIcmpEcho 64.200.58.69 source-ipaddr 192.168.0.3
> > timeout 4000
> > frequency 10
> > ip sla monitor schedule 201 life forever start-time now
> >
> > track 100 rtr 100 reachability
> > delay down 30 up 180
> > !
> > track 101 rtr 101 reachability
> > delay down 30 up 180
> > !
> > track 200 rtr 200 reachability
> > delay down 10 up 20
> > !
> > track 201 rtr 201 reachability
> > delay down 10 up 20
> >
> > ip route 0.0.0.0 0.0.0.0 192.168.75.1 10 name SEABREEZE track 100
> > ip route 0.0.0.0 0.0.0.0 192.168.0.1 11 name HUGHES track 200
> > ip route 0.0.0.0 0.0.0.0 192.168.75.1 250 name SEABREEZE_FB
> > ip route 0.0.0.0 0.0.0.0 192.168.0.1 251 name HUGHES_FB
> >
> > ip local policy route-map LocalPolicy
> >
> > ip access-list extended Ping-HUGHES-VJOFN
> > permit icmp host 192.168.0.3 host 204.107.90.128
> > ip access-list extended Ping-HUGHES-WCGRTR
> > permit icmp host 192.168.0.3 host 64.200.58.69
> > ip access-list extended Ping-SEABREEZE-VJOFN
> > permit icmp host 192.168.75.49 host 204.107.90.128
> > ip access-list extended Ping-SEABREEZE-WCGRTR
> > permit icmp host 192.168.75.49 host 64.200.58.69
> >
> > route-map LocalPolicy permit 10
> > match ip address Ping-SEABREEZE-VJOFN
> > set ip next-hop 192.168.75.1
> > !
> > route-map LocalPolicy permit 11
> > match ip address Ping-SEABREEZE-WCGRTR
> > set ip next-hop 192.168.75.1
> > !
> > route-map LocalPolicy permit 20
> > match ip address Ping-HUGHES-VJOFN
> > set ip next-hop 192.168.0.1
> > !
> > route-map LocalPolicy permit 21
> > match ip address Ping-HUGHES-WCGRTR
> > set ip next-hop 192.168.0.1
> >
> >
> > Thanks, Tuc
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list