RE: Static routes with tracking

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Jan 22 2007 - 13:09:15 ART

• Next message: jatinder.p.singh@bt.com: "CCIE Voice LAB"
• Previous message: Alexei Monastyrnyi: "Re: IpExpert Phrasing"
• Maybe in reply to: mathew Fer: "Static routes with tracking"
• Next in thread: Mathew: "Re: Static routes with tracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        Policy routing applied to an interface is for inbound traffic.
AFAIK GRE tunnels are not an exception to this. Are you sure keepalives
are on the tunnel though? If the other side isn't running GRE the
tunnel shouldn't be up/up.

HTH,

Brian McGahan, CCIE #8593 (R&S/SP)
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

-----Original Message-----
From: Mathew [mailto:mathewfer@gmail.com]
Sent: Sunday, January 21, 2007 2:04 PM
To: Brian McGahan
Cc: ccielab@groupstudy.com
Subject: Re: Static routes with tracking

Hi Brian,

First, thanks for your reply.

I am trying to achieve an alternative to what you described with 2
dialer interfaces & backup command. That also worked for me.

I am just trying to do the same without the 2nd dialer & backup command.
For me it worked but I am just asking your opinion on a configuration
like this.

I was trying to tell that before GRE encapsulation, policy routing
takes place as expected & traffic is sent to null 0 - local black hole
- similar to my original configuration with tracking.

I just want your comment with this alternative configuration. I am
thinking whether we have any issues with this GRE as it is configured
only at this local router (kind of a self-tunnel) and it is only used
to change it status UP or DOWN depending on the reachability of
1.1.1.1.

Thanks your comments.

mathew

On 1/22/07, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
> What are you trying to accomplish with this?
>
>
> Brian McGahan, CCIE #8593 (R&S/SP)
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
> -----Original Message-----
> From: Mathew [mailto:mathewfer@gmail.com]
> Sent: Saturday, January 20, 2007 7:27 AM
> To: Brian McGahan
> Cc: ccielab@groupstudy.com
> Subject: Re: Static routes with tracking
>
> Hi Brian/GS,
>
> Thank you for your excellent reply.
>
> After I post it, I too came up with the below & that does not use 2
> dialer interfaces & backup command. Also it worked with only the
> tunnel config only on the local router. I mean there is no
> remote/other end of the GRE config.
>
> Do you see any issues or inconsistencies etc with this config?
>
> With this, there is no output for "debug tunnel" which shows GRE
> encapsulation does not take place. It gives the below for "debug ip
> policy".
>
> 000466: *Mar 1 18:18:25 S11: IP: s=7.3.3.3 (Tunnel1), d=1.1.1.1, len
> 1224, policy match
> 000467: *Mar 1 18:18:25 S11: IP: route map DROP, item 1, permit
> 000468: *Mar 1 18:18:25 S11: IP: s=7.3.3.3 (Tunnel1), d=1.1.1.1
> (Null0), len 1224, policy routed
> 000469: *Mar 1 18:18:25 SYD: IP: Tunnel1 to Null0 1.1.1.1
>
> !
> interface Loopback1111
> ip address 7.3.3.3 255.255.255.255
> !
> interface Tunnel1
> Description -- Fake tunnel UP/UP when 1.1.1.1 is reachable
> ip address 2.2.2.1 255.255.255.252 <-------- I had to configuire this
> IP address.
> ip policy route-map DROP
> tunnel source Loopback1111
> tunnel destination 1.1.1.1
> !
> interface Dialer1
> .
> !
> route-map DROP permit 1
> set interface Null0
> !
> ip route 0.0.0.0 0.0.0.0 Tunnel1
> ip route 0.0.0.0 0.0.0.0 Dialer1 250
> !
>
> Thank you for your reply.
>
> mathew
>
> On 1/20/07, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
> > You could create multiple dialer interfaces, one that is for
> > backup and one that is just for testing the circuit. For older
IOSes
> > you can get an IP SLA like tracking of the end to end circuit status
> by
> > using a GRE tunnel. Configure a tunnel between two endpoints and
add
> > the "keepalive" command on it. Put the "backup interface dialer2"
> > command on the tunnel, or whatever interface you want to use as
> backup,
> > then if there is not end-to-end IP transit in the tunnel path it
will
> > trigger the backup link once the tunnel keepalive expires. This is
> > useful for situations like DSL where your local link to the DSL
modem
> or
> > DSLAM does not indicate the end-to-end circuit status, where an
> > end-to-end GRE tunnel would.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593 (R&S/SP)
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > mathew Fer
> > Sent: Friday, January 19, 2007 12:13 AM
> > To: ccielab@groupstudy.com
> > Subject: Static routes with tracking
> >
> > Hi GS / Brians,
> >
> > I have tested the below configuration successfully with IOS ver
12.4.
> > The default static route to null 0 is active when IP 1.1.1.1 is
> > reachable
> > via BGP so that any routes that are not matched in BGP routes
> (specific
> > routes) are dropped with null 0, without sending the traffic to WAN.
> >
> > When the WAN is down, 1.1.1.1 is not learned by BGP so the default
> route
> > to
> > Null 0 is removed from the routing table & install the default to
> dialer
> > 1
> > which kick in the ISDN dial out with Dialer configuration (with
> > intresting
> > traffic defined in the configuration) to other end router.
> >
> > My question is that what are other possible ways to do the same with
> an
> > IOS
> > ver 12.1 which does not have the support of Enhanced Tracking.
> >
> > One of the requirement here is to keep the dialer to use for testing
> > (with a
> > ping to 192.168.1.1) under normal condition (WAN UP). This prevent
us
> > using
> > the command "backup interface dialer 1" in the configurations.
> >
> > !
> > interface FastEthernet0/0
> > .
> > !
> > interface Serial0/0
> > no ip address
> > encapsulation frame-relay
> > !
> > interface Serial0/0.1 point-to-point
> > ip address 6.1.1.2 255.255.255.252
> > no cdp enable
> > frame-relay interface-dlci 100
> > !
> > interface BRI0/0
> > .
> > dialer pool-member 1
> > !
> > interface Dialer1
> > ip address 192.168.1.2 255.255.255.0
> > dialer pool 1
> > dialer string 4444
> > dialer-group 1
> > .
> > !
> > track 2 ip route 1.1.1.1 255.255.255.255 reachability
> > !
> > ip route 0.0.0.0 0.0.0.0 null 0 track 2
> > ip route 0.0.0.0 0.0.0.0 Dialer 1 220
> > !
> > ip route 192.168.1.1 255.255.255.255 Dialer 1 <---- Dial out for
> testing
> > !
> > router bgp 1
> > .
> > .
> > !
> > access-list 105 permit ip 10.2.1.0 0.0.0.255 any
> > access-list 105 permit ip any host 192.168.1.1
> > !
> > dialer-list 1 protocol ip list 105
> > !
> >
> > Thank you for the reply.
> >
> > mathew
> >
> >
>

• Next message: jatinder.p.singh@bt.com: "CCIE Voice LAB"
• Previous message: Alexei Monastyrnyi: "Re: IpExpert Phrasing"
• Maybe in reply to: mathew Fer: "Static routes with tracking"
• Next in thread: Mathew: "Re: Static routes with tracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART