Scenario:
You are looking at a small network with a HQ and Branch router. At the HQ there is a webserver located and many users from the branch office are accessing this webserver. Between HQ and Branch there are two links. A fast cheap FastEthernet connection and a slow and very expensive serial link. You want to make sure the serial link will only be used when the FastEthernet fails. You don’t trust the layer 1 and 2 information of the interface so you want to make sure you use layer 3 information to check if the webserver is reachable.
Goal:
- All IPv4 addresses have been preconfigured for you.
- Configure router Branch with a static route to reach the webserver through the FastEthernet link.
- Configure router Branch with another static route to reach the webserver through the serial link. Make sure this static route is only used when the FastEthernet static route disapears.
- Configure IP SLA on router Branch to ping the IP address of the webserver. Once it starts it should never stop.
- If you don’t receive a ping for 5 seconds from the webserver router Branch should remove the static route for the FastEthernet link from the routing table.
- If everything goes ok all traffic will now be sent through the serial link.
IOS:
c3640-jk9s-mz.124-16.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Do you have the solution on this one by any chance just to verify against how you would do it? Thanks.
Not yet but i’ll be adding it soon.
Is this a one way fail-over? What if the primary link becomes available again(Fast ethernet), will it override the serial link(backup link)?
Hi Rene
Excellent Lab on IP SLA, i really like it.
can you tell me where are all the places i can use this apart from static route.
thanks in advance
Your welcome. You can use it with protocols that support object tracking like HSRP, GLBP or VRRP. Take a look at these articles to get an impression:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fthsrptk.html
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot.html
Another excellent lab Rene!
An "educational" debug command for this lab:
debug ip routing
(on the Branch router)
You can see the change in the routing table when the pinging to the webserver fails
Hi all and thanks for the lab 😉
I’m wondering what will happen if we configure IP SLA to send ICMP ECHO to 192.168.23.3 with source address of router’s Branch fa0/0, and both links fail. Let say the configuration of static routes is like that:
ip route 192.168.23.0 255.255.255.0 192.168.12.2 50
ip route 192.168.23.0 255.255.255.0 192.168.21.2 track 1
When interface f0/0 on HQ fails, the track fails and route through 192.168.21.2 is removed from the routing table. The Branch router can reach webserver using ip route with AD of 50.
But if the second link also fails (for example interface s1/0 on HQ fails) then this second route is also removed from routing table because 192.168.12.2 is unreachable. Router branch has no route to reach 192.168.23.3.
What about situation when interface fa0/0 on HQ is up again and secondary link is still down? The route through interface fa0/0 on Branch will be put into routing table only when track 1 is up. For track 1 to be up we need to somehow ping Webserver, but router Branch has no route to reach it.
It means in that situation primary link will be up and working but it will be not used until secondary link is up. When secondary link is up, the route with AD of 50 will appear in routing table. Router branch will send icmp echo with source address of 192.168.21.1 and destination address of 192.168.23.3 using this route (through interface s1/0). Webserver will respond, and icmp echo-reply will take different patch on it’s way back (through fastethernet link beetween HQ and Branch). When icmp echo-reply is received the track changes it’s state to up and route to 192.168.23.3 through fastethernet link will replace the route through serial link. All icmp echos will take fastethernet link from now on.
Correct me if i’m wrong, but i tested it after completing the lab and it works as i wrote.
Any ideas to solve this problem? I think we should configure IP SLA to check reachability of directly connected devices, so we don’t need to have any routes configured on router. Interface state up/up and working link is enough to ping it.
Regards
Hi Rene,
I love your books. I practice this lab and works beatifull but what about if I had OSP running on the serial link and the other link an IP ROUTE?
I tried playing using OSPF and at the end of the static route increase the number to 190 to make it a floating route but it did not happen. How to failover when having a OSPF on the serial link and static route on F0/0? Please advise
Hi Rene,
Can you show how you would setup fail-back once the primary circuit is back up again? Also, how would you avoid flapping if it is intermittently up/down
Thanks
Al