Internet Connectivity Failover Scenario with Track

Rashmi Bhardwaj | Blog,Config & Troubleshoot,Routing & Switching
Advertisements

In this post we will understand one way of configuring internet failover at enterprise customer sites.

Below is the topology diagram that we use to understand this behavior:

Details:

  • Assume R2 & R3 are customer CPE routers at site A with R3 having the local internet breakout.
  • R4 represents customer datacenter site which also has an internet breakout which will be used in case the local internet breakout fails.
  • In this topology we are running HSRP between R2 and R3 with R2 acting as the active router, so all traffic from the LAN is routed towards R2.
  • R2 now has a static default route pointing to R3’s IP 9.9.23.3 as the next-hop.
  • R3 further has a default route pointing to R5’s IP 9.9.35.5 as the next-hop.
  • We have IP-SLA 1 configured on R2 to monitor the reachability of IP 9.9.35.5.
  • The static default route towards R3 is now bound with track 1 and if the track 1 is down the static default route becomes invalid and R2 learns the default route via BGP from R1 now which earlier was in RIB failure due to higher admin distance.
  • Now once R2 has got the route via BGP from R1 the traffic to internet will follow path R2 > R1 > R4 > R5.
  • R5 is also tracking the reachability to R3 and if it R3 becomes unreachable due to some issue between R3 and R5 then R5 will invalidate the reverse route to customer LAN via R3 and will take path via R4.

Note: For simplicity in lab we are using static routing mostly but that may not be the case in real world scenarios.

Advertisements

For testing we will ping 8.8.8.8 from R2’S loopback 2.2.2.2 which will simulate the LAN in our topology.

Configurations:

R1:

interface FastEthernet0/0

ip address 9.9.14.1 255.255.255.0

!

interface FastEthernet1/0

ip address 9.9.12.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 9.9.14.4

ip route 2.2.2.2 255.255.255.255 9.9.12.2

router bgp 100

bgp log-neighbor-changes

network 0.0.0.0

neighbor 9.9.12.2 remote-as 200

R2:

track 2 ip sla 2

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

ip address 9.9.12.2 255.255.255.0

!

interface FastEthernet1/0

ip address 9.9.23.2 255.255.255.0

!

router bgp 200

bgp log-neighbor-changes

neighbor 9.9.12.1 remote-as 100

!

ip route 9.9.35.5 255.255.255.255 9.9.23.3

ip route 0.0.0.0 0.0.0.0 9.9.23.3 track 2

!

ip sla 2

icmp-echo 9.9.35.5 source-ip 2.2.2.2

ip sla schedule 2 life forever start-time now

R3:

interface FastEthernet0/0

ip address 9.9.23.3 255.255.255.0

!

interface FastEthernet1/0

ip address 9.9.35.3 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 9.9.35.5

ip route 2.2.2.2 255.255.255.255 9.9.23.2

R4:

interface FastEthernet0/0

ip address 9.9.14.4 255.255.255.0

!

interface FastEthernet1/0

ip address 9.9.45.4 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 9.9.45.5

ip route 2.2.2.2 255.255.255.255 9.9.14.1

R5:

interface Loopback0

ip address 8.8.8.8 255.255.255.255

!

interface FastEthernet0/0

ip address 9.9.45.5 255.255.255.0

 !

interface FastEthernet1/0

ip address 9.9.35.5 255.255.255.0

!

ip route 2.2.2.2 255.255.255.255 9.9.35.3 track 1

ip route 2.2.2.2 255.255.255.255 9.9.45.4 10

!

ip sla 1

icmp-echo 9.9.35.3

ip sla schedule 1 life forever start-time now

 

Verification:

Currently we see traffic from R2 towards internet 8.8.8.8 will take path via R2 > R3 > R5.

R2#traceroute 8.8.8.8 source 2.2.2.2

Type escape sequence to abort.

Tracing the route to 8.8.8.8

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.23.3 [AS 100] 12 msec 24 msec 16 msec

2 9.9.35.5 [AS 100] 52 msec 16 msec 40 msec

The track 12 configured is also seen to be up as below:

R2#sh track 12

Track 12

IP route 0.0.0.0 0.0.0.0 reachability

Reachability is Up (static)

   2 changes, last change 00:19:04

First-hop interface is FastEthernet1/0

Tracked by:

   STATIC-IP-ROUTING 0

We also see the default route in routing table is learnt statically

R2#sh ip route | i 0.0.0.0

Gateway of last resort is 9.9.23.3 to network 0.0.0.0

S*   0.0.0.0/0 [1/0] via 9.9.23.3

The default route via BGP is seen in RIB failure:

R2#sh ip bgp rib-failure

Network           Next Hop                     RIB-failure   RIB-NH Matches

0.0.0.0           9.9.12.1           Higher admin distance             n/a

R5 has reverse route to R2 via R3 as of now:

R5# sh ip route | i 2.2.2.2

S       2.2.2.2 [1/0] via 9.9.35.3

Next we will shut the port on R3 facing the internet and we see the route via BGP becomes valid and also on R5 the route to 2.2.2.2 becomes valid via R4.

B*   0.0.0.0/0 [200/0] via 9.9.12

R3(config-if)#sh

We see R2 now learns default route via BGP:

R2#sh ip route | i 0.0.0.0

Gateway of last resort is 9.9.12.1 to network 0.0.0.0

B*   0.0.0.0/0 [200/0] via 9.9.12.1, 00:00:10

R2#sh track 2

Track 2

IP SLA 2 state

State is Down

   5 changes, last change 00:00:16

Latest operation return code: Timeout

Tracked by:

   STATIC-IP-ROUTING 0

Also on R5 the reverse route is available via R4 now:

R5#sh ip route | i 2.2.2.2

S       2.2.2.2 [10/0] via 9.9.45.4

R5#sh track 1

Track 1

IP SLA 1 state

State is Down

   4 changes, last change 00:00:54

Latest operation return code: Timeout

Tracked by:

   STATIC-IP-ROUTING 0

Tracing the path to Internet now from R2:

R2#traceroute 8.8.8.8 source 2.2.2.2

Type escape sequence to abort.

Tracing the route to 8.8.8.8

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.12.1 [AS 100] 24 msec 24 msec 12 msec

2 9.9.14.4 [AS 100] 16 msec 24 msec 16 msec

3 9.9.45.5 [AS 100] 44 msec 16 msec 40 msec

Hence we see the failover of the internet path has happened to secondary path and now when we un shut the port on R3 we see the traffic will flow over the primary path again as below:

R2#traceroute 8.8.8.8 source 2.2.2.2

Type escape sequence to abort.

Tracing the route to 8.8.8.8

VRF info: (vrf in name/id, vrf out name/id)

1 9.9.23.3 [AS 100] 16 msec 8 msec 16 msec

2 9.9.35.5 [AS 100] 8 msec 20 msec 12 msec

R2#sh track 2

Track 2

IP SLA 2 state

State is Up

   12 changes, last change 00:01:03

Latest operation return code: OK

Latest RTT (millisecs) 48

Tracked by:

   STATIC-IP-ROUTING 0

ABOUT THE AUTHOR


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart