[c-nsp] Floating static routes, Etherchannel, and HSRP

Brandon Bennett bennetb at gmail.com
Wed Oct 11 18:46:54 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Afsheen Bigdeli wrote:
> All,
> 
> 
> I have a pair of Cisco 3750 stacks (IOS 12.2(25)SEB4), connected to each 
> other via an Etherchannel trunk, with two separate uplinks to my ISP. 
> Both are, independently, able to reach the outside world. I've also set 
> up an HSRP interface on the stack(s), such that 10.10.10.1 is my standby 
> IP, .2 is the first stack, and .3 is the second stack. Our servers are 
> able to use .1 as their default gateway, and everything works as I would 
> expect it to up to this point.
> 
> What I had been planning to do is configure a static route on each 
> switch stack, pointing to the stack on the other side of the 
> Etherchannel, with a higher administrative distance than the default 
> route. This way, on a given switch, if/when the default route to the 
> outside is withdrawn from the routing table, traffic will pass across 
> the Etherchannel and to the secondary stack, where it will then be 
> routed to the outside.
> 
> However, the route isn't being installed in the routing table.
> 
> HSRP config is barebones:
> 
> stack 1's vlan interface:
> 
> interface Vlan999
>   description sanitized
>   ip address 10.10.10.2 255.255.255.0
>   standby 1 ip 10.10.10.1
>   standby 1 priority 110
> 
> and on stack 2:
> interface Vlan999
>   description sanitized
>   ip address 10.10.10.3 255.255.255.0
>   standby 1 ip 10.10.10.1
> 
> 
> HSRP failover for the interface works without a hitch, and I can ping / 
> traceroute from the vlan 999 interface on one switch to the other 
> without issue. On both switches, the interface is up/up.
> 
> The static route is configured as such:
> 
> ip route 0.0.0.0 0.0.0.0 my.next.hop.address
> 
> And I'm trying to add:
> 
> ip route 0.0.0.0 0.0.0.0 next.hop.on.other.side.of.etherchannel 100
> 
> 
> Even when I break the HSRP config and make these two standalone 
> interfaces, the route isn't installed.
> 
> The Etherchannel is a dot1q trunk, and the VLAN is allowed on the trunk 
>   on both ends of the stack. And, as I said, I can ping / traceroute to 
> the 10.10.10.3 interface from 10.10.10.2 (which lives on the primary 
> switch stack, on the other side of the Etherchannel) without issue, and 
> vice versa.
> 
> Any insight would be appreciated here, as I'm stumped.
> 

Try this

ip route 0.0.0.0 0.0.0.0 <interface name> my.next.hop.address
ip route 0.0.0.0 0.0.0.0 Etherchannel X
next.hop.on.other.side.of.etherchannel

This will add interface tracking to the route.   If you want something
more robust use IP SLA tracking with the static route.

~Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRS10XvVBsuifoW1NAQLcnQgAmbGP3/89ML+Pss+/PsBfqJCT/Y+qjWCZ
FP+SbFp5Z0YdF9ku5hyNnShCohHWeYWCcCki6waRV5QRZ71jPGpdWoyEqYwjQVQ1
5nQpjocsOzJYrzMNbC8Nm6BV+7g3TEPv1qurqFsZGk/mROthELTZ5mXZNVNdmNYU
AEdf1hgOJPUCkTEqhmgh3/UkmckaE0dbzvsz0cWLGkpDL3SRUnil6av7KngMBYxe
t9xc3Ouz+iVbwL2TLaoq3I2fvUVt+1HnQ9SOVAhSBQ/AnPbgekAMtMlCQGbO+k9L
DGM3FREJqbqlAbiXM6cUtGvhoJKSk1jJRtMpQTj0hHZr4NpbGtpCiw==
=IR4V
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list