[c-nsp] PBR advice

[Nick Cutting]

You should think about maybe using local policy routing for an IP sla that checks the availability, that plugs into the through traffic (normal) policy routing for the availability.  Policy route each tracked IP out the correct upstream next hop.

You don't want locally sourced IP SLA traffic using the normal routing table after a failure, unless what your are testing for in the IP SLA is only reachable via one of the providers.

Track IP SLA, local policy routed
Normal PBR using the availability of the policy routed Track

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hefin James [ahj]
Sent: Thursday, November 3, 2016 12:33 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PBR advice

We are just about to get an additional routed internet link that we intend to setup as active/active with failover with our current link, and split the traffic using PBR. 
We will be terminating the links internally (after firewalling, etc) in a VSS chassis which will see 2 default routes of equal cost.

I've setup a lab that I can test PBR that uses the 'set ip default next-hop' settings so that local routing continues to work as currently set. 

However, the problem arises when if we get a failure which isn't local (Say 2 routers away).
I can track the availability of 2 IP address that's deep inside our providers network, but I can only apply tracking to 'set ip next-hop' and not 'set ip default next-hop verify-availability' 

Is there any other way of doing this or am I stuck with using 'set ip next-hop verify-availability' and have an ACL that excludes all locally routed traffic?

Thanks,
Hefin
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/