Cisco static backup route

I need to implement a static backup route and would like to know 2 things:

1.  If I create 2 routes and it makes it through all routers on the primary route BUT the host is down, I presume that it was successful and it will not try the backup route.  Am I correct?
ip route 10.0.0.0 255.255.255.0 172.20.0.1  
ip route 10.0.0.0 255.255.255.0 172.30.0.1

2.  I have seen reference to AD and Metric.  I understand the lower AD sets the primary route, whereas higher AD is backup route.  Is the 'Metric' a way of setting the primary/backup routes as AD does?  Example if route 1 has a metric 1 will it always use this first as opposed to metric 2 for the backup route?
B1izzardAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The_KirschiCommented:
Yes, you are right with both of your presumptions:

The backup route should only be used if the next hop (172.20.0.1 in this case) is not available.

I am not sure what you mean by AD but Metric does exactly what you describe, it prioritizes the routes.
0
John MeggersNetwork ArchitectCommented:
AD is the "believability" of the route.  Metric is the cost.  If AD is the same (e.g., because the protocol (OSPF, EIGRP, etc.) is the same) then metric will be used.  

The problem with static routes is they don't go away unless there's a mechanism to get rid of them.  Take a look at route tracking for what you're trying to do.  http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

0
surbabu140977Commented:
right, so you should be using

ip route 10.0.0.0 255.255.255.0 172.20.0.1 10  
ip route 10.0.0.0 255.255.255.0 172.30.0.1  20

As you can see, "10" metric will be used first and if that is down, the "20" route will be used.

But practically it's a bad design, because interface does not necessarily goes in a "down" state when link has issues. So your backup route might never work.

You will need to configure IP SLA which will keep track of your destination and will push the traffic to backup route, once it's down.

Would suggest, run EIGRP and configure ip sla and the backup will work automatically. EIGRP config is very easy for newbies. You will get hundreds of sample configuration if you type "configure eigrp" or "configure ip sla" in google.

Best,


Best,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

B1izzardAuthor Commented:
Can your clarify 'The problem with static routes is they don't go away unless there's a mechanism to get rid of them.'  I want to keep them which is why I don't understand.
0
KlinkeyeCommented:
He means that the link state (up or down) may never change but the traffic still may not be able to get through on your primary route. In this case, the secondary route will never come into play because the router still believes the main route is still alive because the link state is still up.
0
B1izzardAuthor Commented:
Reliability will be critical.  If static backups are unreliable I will look into IP SLA.
0
surbabu140977Commented:
Reliability, please be rest assured there will be NONE. The static backup routes never really work like theory. You have to get ip sla and/or routing protocol.

Best,
0
B1izzardAuthor Commented:
After researching here is what I've come up with from an example.  Any problems here?

ip sla monitor 20
  type echo protocol ipIcmpEcho 10.0.0.1
  timeout 1000
  frequency 3
  threshold 2
ip sla monitor schedule 20 life forever start-time now
track 20 rtr 1 reachability
ip access-list 101 permit icmp any host 10.0.0.1 echo
route-map ROUTE-POLICY permit 20
  match ip address 101
  set ip next-hop 10.0.0.1
  set interface null 0
ip local policy route-map ROUTE-POLICY
ip route 10.0.0.0 255.255.255.0 172.20.0.1 track 20
ip route 10.0.0.0 255.255.255.0 172.30.0.1 200

What is the 'rtr 1' all about?
Do I need to have a 'route map' commands or can I do without it?  If required, what is the 'set interface null 0' for?
0
B1izzardAuthor Commented:
I went ahead and added it without the route-maps.  Here is what I get:

Cisco2811#sh ip sla monitor stati
Round trip time (RTT)   Index 10
        Latest RTT: 1 ms
Latest operation start time: *18:32:00.952 UTC Tue Apr 5 2011
Latest operation return code: OK
Number of successes: 5
Number of failures: 0
Operation time to live: Forever

So it appear this is working....
0
surbabu140977Commented:
Rtr1 is the name associated with track 1 which is tracking 10.0.0.1. You can have track2 rtr2 and so on.

The config should be a working one now with one drawback. If your primary is down only then this backup will swith over to.

What happens when your primary is not down hard but taking errors? That's why you will need routing protocols which can judge reliability of the link.
0
B1izzardAuthor Commented:
I might have to use OSPF as there are a few Watchguards in the mix.  I am assuming this will work ok as well, but correct me if I'm wrong.
0
surbabu140977Commented:
Then you won't need statics. OSPF will select it automatically for you. Or else you have to redistribute for no reason.
0
B1izzardAuthor Commented:
After spending some time on this, I cannot get this to work.  I have attached a jpg to show you what I am trying to accomplish.  

I am trying to ping from Router A to laptop 172.30.0.2 on the left (specifically the secondary IP of 10.0.0.254).  When I pull the cable connecting Router C to Router B, I want it to failover so that now Router D kicks in and the echo reply is coming from 10.0.0.254 on the laptop to the right with IP 172.31.0.2.  

Also, I would like it to failback to the primary when it comes back online (Router C comes back online and Router D goes from primary back to secondary).  Here is the config from Router B (see jpg):

Router#sh run
Building configuration...

Current configuration : 1693 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
ip sla monitor 1
 type echo protocol ipIcmpEcho 10.0.0.254
 timeout 1000
 threshold 2
 frequency 3
ip sla monitor schedule 1 life forever start-time now
!
!
!
!
!
!
track 123 rtr 1 reachability
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.0.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 switchport access vlan 20
!
interface FastEthernet0/1/1
 switchport access vlan 30

interface Vlan1
 no ip address
!
interface Vlan20
 ip address 172.17.0.1 255.255.255.0
!
interface Vlan30
 ip address 172.18.0.1 255.255.255.0
!
ip local policy route-map MY-LOCAL-POLICY
ip classless
ip route 10.0.0.0 255.255.255.0 172.17.0.2 track 123
ip route 10.0.0.0 255.255.255.0 172.18.0.2 254
ip route 172.30.0.0 255.255.255.0 172.17.0.2
ip route 172.31.0.0 255.255.255.0 172.18.0.2
!
no ip http server
no ip http secure-server
!
access-list 101 permit icmp any host 10.0.0.254 echo
route-map MY-LOCAL-POLICY permit 10
 match ip address 101
 set interface Null0
 set ip next-hop 172.17.0.2
 Lab network
0
B1izzardAuthor Commented:
No response.  I will close anyway
0
B1izzardAuthor Commented:
Thx.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.