In this post we will understand one way of configuring internet failover at enterprise customer sites.
Below is the topology diagram that we use to understand this behavior:
Details:
- Assume R2 & R3 are customer CPE routers at site A with R3 having the local internet breakout.
- R4 represents customer datacenter site which also has an internet breakout which will be used in case the local internet breakout fails.
- In this topology we are running HSRP between R2 and R3 with R2 acting as the active router, so all traffic from the LAN is routed towards R2.
- R2 now has a static default route pointing to R3’s IP 9.9.23.3 as the next-hop.
- R3 further has a default route pointing to R5’s IP 9.9.35.5 as the next-hop.
- We have IP-SLA 1 configured on R2 to monitor the reachability of IP 9.9.35.5.
- The static default route towards R3 is now bound with track 1 and if the track 1 is down the static default route becomes invalid and R2 learns the default route via BGP from R1 now which earlier was in RIB failure due to higher admin distance.
- Now once R2 has got the route via BGP from R1 the traffic to internet will follow path R2 > R1 > R4 > R5.
- R5 is also tracking the reachability to R3 and if it R3 becomes unreachable due to some issue between R3 and R5 then R5 will invalidate the reverse route to customer LAN via R3 and will take path via R4.
Note: For simplicity in lab we are using static routing mostly but that may not be the case in real world scenarios.
For testing we will ping 8.8.8.8 from R2’S loopback 2.2.2.2 which will simulate the LAN in our topology.
–
Configurations:
R1:
ip address 9.9.14.1 255.255.255.0 ! interface FastEthernet1/0 ip address 9.9.12.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 9.9.14.4 ip route 2.2.2.2 255.255.255.255 9.9.12.2 router bgp 100 bgp log-neighbor-changes network 0.0.0.0 neighbor 9.9.12.2 remote-as 200
R2:
! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet0/0 ip address 9.9.12.2 255.255.255.0 ! interface FastEthernet1/0 ip address 9.9.23.2 255.255.255.0 ! router bgp 200 bgp log-neighbor-changes neighbor 9.9.12.1 remote-as 100 ! ip route 9.9.35.5 255.255.255.255 9.9.23.3 ip route 0.0.0.0 0.0.0.0 9.9.23.3 track 2 ! ip sla 2 icmp-echo 9.9.35.5 source-ip 2.2.2.2 ip sla schedule 2 life forever start-time now
R3:
ip address 9.9.23.3 255.255.255.0 ! interface FastEthernet1/0 ip address 9.9.35.3 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 9.9.35.5 ip route 2.2.2.2 255.255.255.255 9.9.23.2
R4:
ip address 9.9.14.4 255.255.255.0 ! interface FastEthernet1/0 ip address 9.9.45.4 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 9.9.45.5 ip route 2.2.2.2 255.255.255.255 9.9.14.1
R5:
ip address 8.8.8.8 255.255.255.255 ! interface FastEthernet0/0 ip address 9.9.45.5 255.255.255.0 ! interface FastEthernet1/0 ip address 9.9.35.5 255.255.255.0 ! ip route 2.2.2.2 255.255.255.255 9.9.35.3 track 1 ip route 2.2.2.2 255.255.255.255 9.9.45.4 10 ! ip sla 1 icmp-echo 9.9.35.3 ip sla schedule 1 life forever start-time now
–
Verification:
Currently we see traffic from R2 towards internet 8.8.8.8 will take path via R2 > R3 > R5.
R2#traceroute 8.8.8.8 source 2.2.2.2
Tracing the route to 8.8.8.8 VRF info: (vrf in name/id, vrf out name/id) 1 9.9.23.3 [AS 100] 12 msec 24 msec 16 msec 2 9.9.35.5 [AS 100] 52 msec 16 msec 40 msec
The track 12 configured is also seen to be up as below:
R2#sh track 12
IP route 0.0.0.0 0.0.0.0 reachability Reachability is Up (static) 2 changes, last change 00:19:04 First-hop interface is FastEthernet1/0 Tracked by: STATIC-IP-ROUTING 0
We also see the default route in routing table is learnt statically
R2#sh ip route | i 0.0.0.0
S* 0.0.0.0/0 [1/0] via 9.9.23.3
The default route via BGP is seen in RIB failure:
R2#sh ip bgp rib-failure
0.0.0.0 9.9.12.1 Higher admin distance n/a R5 has reverse route to R2 via R3 as of now: S 2.2.2.2 [1/0] via 9.9.35.3 Next we will shut the port on R3 facing the internet and we see the route via BGP becomes valid and also on R5 the route to 2.2.2.2 becomes valid via R4. R3(config-if)#sh We see R2 now learns default route via BGP: R2#sh ip route | i 0.0.0.0 B* 0.0.0.0/0 [200/0] via 9.9.12.1, 00:00:10 R2#sh track 2 IP SLA 2 state State is Down 5 changes, last change 00:00:16 Latest operation return code: Timeout Tracked by: STATIC-IP-ROUTING 0 Also on R5 the reverse route is available via R4 now: R5#sh ip route | i 2.2.2.2 R5#sh track 1 Track 1 IP SLA 1 state State is Down 4 changes, last change 00:00:54 Latest operation return code: Timeout Tracked by: STATIC-IP-ROUTING 0 Tracing the path to Internet now from R2: R2#traceroute 8.8.8.8 source 2.2.2.2 Tracing the route to 8.8.8.8 VRF info: (vrf in name/id, vrf out name/id) 1 9.9.12.1 [AS 100] 24 msec 24 msec 12 msec 2 9.9.14.4 [AS 100] 16 msec 24 msec 16 msec 3 9.9.45.5 [AS 100] 44 msec 16 msec 40 msec Hence we see the failover of the internet path has happened to secondary path and now when we un shut the port on R3 we see the traffic will flow over the primary path again as below: R2#traceroute 8.8.8.8 source 2.2.2.2 Tracing the route to 8.8.8.8 VRF info: (vrf in name/id, vrf out name/id) 1 9.9.23.3 [AS 100] 16 msec 8 msec 16 msec 2 9.9.35.5 [AS 100] 8 msec 20 msec 12 msec R2#sh track 2 IP SLA 2 state State is Up 12 changes, last change 00:01:03 Latest operation return code: OK Latest RTT (millisecs) 48 Tracked by: STATIC-IP-ROUTING 0 I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.” I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband. I am a strong believer of the fact that “learning is a constant process of discovering yourself.”ABOUT THE AUTHOR
– Rashmi Bhardwaj (Author/Editor)
