?
Solved

Internet failover routing

Posted on 2011-10-19
22
Medium Priority
?
489 Views
Last Modified: 2012-05-12
I have AT&T MPLS network connected from Main office (A) to 2 branch offices (B,C). Location A and B having local gateway for internet. I want to route internet access automaticaly to A gateway when Branch office B internet is down.

   Which protocol will be right to achieve this?. Will appreciate if can provide any  sample routing  examples.
0
Comment
Question by:sumod_jacob
  • 12
  • 10
22 Comments
 
LVL 6

Expert Comment

by:morpheios
ID: 36997897
Hello what kind of routers do you use?

For example in CIsco routers you need define "ip sla monitor" and "track 1 rtr 1 reachability" and then add two routes one of then use "track".

Good example:
http://www.ciscopress.com/articles/article.asp?p=1613547&seqNum=3


0
 
LVL 6

Expert Comment

by:morpheios
ID: 36997908
0
 

Author Comment

by:sumod_jacob
ID: 36999482
SIte A
MPLS Router =CISCO 2821
Internet ATT MIS Router =3825

Site B
MPLS Router =CISCO 2821
Internet ATT MIS Router =1841

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:morpheios
ID: 36999491
Perfect! I have 2821 too and "sla" its work fine.
0
 

Author Comment

by:sumod_jacob
ID: 37001697
Since it is MPLS Network,  any changes required to do in service providers (ATT) router?
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37001963
No changes needed only in your branch router. Not in ISP. Look in article. If it wiil be problen post your router configs here and I will make changes.

In two words:
1. In branch B ypu define "sla" wich will test internet connection
2. define track in B linked with sla
3 write static routes in B:
ip route branch_a_network  branch_a_mask MPLS_toA_gateway
ip route 0.0.0.0 0.0.0.0 MPLS_toA_gateway metric 100
ip route 0.0.0.0 0.0.0.0 ISP_B_gateway track 1 metric 10
4. in A router allow internet acces from Branch B network in his ACL


ip route 0.0.0.0 0.0.0.0 MPLS_toA_gateway metric 100 has priorety lower than route 0.0.0.0 0.0.0.0 ISP_B_gateway track 1 metric 10 but works alway when track work only if SLA condition is TRUE.
0
 

Author Comment

by:sumod_jacob
ID: 37017593
My scenario is slightly different, not both ISPs are connected to same router.

Site A Internet
4507 Catalyst > ASA 5520 > ATT MIS Router(3825)

Site A MPLS to Branch B
4507 Catalyst > 2821 MPLS Router

Site B Internet
3750 Catalyst > ASA 5510 > ATT MIS Router(1841)

Site B MPLS to Branch A
3750 Catalyst > 2821 MPLS Router

Here Core switch is doing the routing for both traffic. i see can't do IP SLA command in this switch.
EIGRP and BGP used for routing now.

0
 
LVL 6

Expert Comment

by:morpheios
ID: 37017897
Yes for this scenario you must enaple SLA on Catalyst swith not in router.

3750 munual
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swipsla.html

4507 manual (if you need in futore use B internet fron office A)
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swipsla.html

Simple config SLA on 3750 to test internet via "ASA 5510 > ATT MIS Router(1841)" if test succces route 0.0.0.0 0.0.0.0 to it. Other case route 0.0.0.0 0.0.0.0 to 2821 MPLS Router.
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37017900
0
 

Author Comment

by:sumod_jacob
ID: 37024120
I believe IP SLA required atleast IOS Ver 12.4T?. Unfortunately my Switch IOS is ver 12.2. Anyway can enable IP SLA in this version?.

SITE -A
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M),
Version 12.2(37)SG, RELEASE SOFTWARE (fc1)

SITE -B
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2)
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37024193
No. Minimal version for SLA 12.2(46)SE http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/release/notes/OL18263.html

In older version there is similar technology SAA http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd301d.html

You can use it some as SLA.



      

0
 

Author Comment

by:sumod_jacob
ID: 37025724
O my GOD , my boss want this to be enabled in Site-A instead in Site-B now.

 When i see RTR is not supporting in 4507 core Switch. I saw below link, CISCO stating that SAA won't support in 4500, but others said they have done it. Don't know. I tried in my 4500 switch it doesn't recognise the command. But 3750 (Site B) it does work for me.

http://www.gossamer-threads.com/lists/cisco/nsp/76550 

Is there any way to work this without upgrating IOS? seems i am in hot seat now.
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37027644
Bad news :(

Tcl scripting languge introduced only in 12.3

Last idea: check internet status on some server and use IP RCMD to configure 4507 route table http://www.cisco.com/en/US/docs/ios/12_3/configfun/command/reference/cfr_1g04.html#wp1030124

Why you afraid to update routers firmware?
0
 

Author Comment

by:sumod_jacob
ID: 37028656

updation required in the Core switch 4507.. you are right i am scared to do that and want to avoid if possible. BTW... what is the impact if i upgrade to 12.4T? will this affect any of the configuration?

 I increased point to 500..
0
 

Author Comment

by:sumod_jacob
ID: 37028903
Is there any other protocol can use to achieve this fail over?.
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37029331
If your ISP can configure EIGRP on ATT MIS Router(3825) then your Catalyst 4507 can get route by EIGRP protocol.

Static route will  always send to MPLS with low priority. When EIGRP available dinamic route with high priority will work.

4507 with this firmware not use any other flexible routing protocols.


Consider upgrade:
Yes its right this big upgrade anytime require configuration adaptation.
You may search for configuration kewords in guide http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html and look is syntax changed.

And you alway may rollback firmware upgrade. Dont forget backup old configuration and old firmware.
0
 

Author Comment

by:sumod_jacob
ID: 37032582
You mean IP SLA should enable in ATT MIS router(3825) or just configure EIGRP in this router without IP SLA?.

  I have EIGRP already configured in Coreswitch for routing to MPLS

Traffic flow should be as follow
4507R Coreswitch (Site A)> MPLS 2821 (Siet A) Router > MPLS 2821 (Site B) Router > 3750 Coreswitch (Site B) > ASA 5510 (Site B) >ATT MIS Router 1841 (Site B)
0
 
LVL 6

Expert Comment

by:morpheios
ID: 37032710
Not IP SLA, but EIGRP on ATT MIS Router(3825).

You define in 4507 expensive cost route to internet via  MPLS 2821 (Siet A) Router. But when Internet will available ATT MIS Router(3825) provide via EIGRP low-cost route to itself.

By default wiil work static route 4507R Coreswitch (Site A)> MPLS 2821 (Siet A) Router > MPLS 2821 (Site B) Router > 3750 Coreswitch (Site B) > ASA 5510 (Site B) >ATT MIS Router 1841 (Site B)
But when Internet in good condition EIGRP from ATT MIS Router(3825) must add high priority route 4507 Catalyst > ATT MIS Router(3825)

0
 
LVL 6

Expert Comment

by:morpheios
ID: 37032736
I have one more idea: can your  ASA 5520 use backup route? May be you may setup it to use ASA 5510 as gateway if direct connection is failed?

I have no ASA expirience - and cant say is it possible or not.
0
 

Author Comment

by:sumod_jacob
ID: 37035808
If only EIGRP configured on ATT MIS Router(3825), how does this monitor the internet access and reroute when its down?
0
 
LVL 6

Accepted Solution

by:
morpheios earned 2000 total points
ID: 37036139
By default 4507 will work static route 4507R Coreswitch (Site A)> MPLS 2821 (Siet A) Router > MPLS 2821 (Site B) Router > 3750 Coreswitch (Site B) > ASA 5510 (Site B) >ATT MIS Router 1841 (Site B)
But when Internet in good condition EIGRP from ATT MIS Router(3825) must add high priority route 4507 Catalyst > ATT MIS Router(3825) to routing table,

Now I think ASA idea is better

I read some cisco manual according ASA its seem to be good idea. Configure sla monitor on ASA and setup backup route  back to 4507R Coreswitch (Site A)> MPLS 2821 (Siet A) Router > MPLS 2821 (Site B) Router > 3750 Coreswitch (Site B) > ASA 5510 (Site B) >ATT MIS Router 1841 (Site B)

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

route outside 0.0.0.0 0.0.0.0 "ATT MIS Router(3825)" 1 track 1
route backup 0.0.0.0 0.0.0.0 "4507R Coreswitch (Site A)"

sla monitor 123
 type echo protocol ipIcmpEcho "Internet_resource" interface outside
 num-packets 3
 frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability

May be create new VLAN on ASA5520 and 4507 for back route
0
 

Author Comment

by:sumod_jacob
ID: 37040168
Below is the site-A Coreswitch and ASA 5520 routing tables...

4507R Coreswitch Routing (Site-A)

router eigrp 615
 redistribute static metric 1000000 100 255 1 1500 route-map REDIST_STATIC_ROUTES
 passive-interface default
 no passive-interface Vlan9
 no passive-interface Vlan90
 no passive-interface Vlan100
 no passive-interface Vlan101
 no passive-interface GigabitEthernet6/48
 network 10.1.0.0 0.0.255.255
 network 192.168.0.0 0.0.7.255
 no auto-summary
!
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp tacacs
ip route 10.1.5.0 255.255.255.192 10.1.16.44
ip route 10.1.5.64 255.255.255.192 10.1.16.44
ip route 10.1.40.0 255.255.255.0 10.1.9.5
ip route 172.16.254.0 255.255.255.0 10.1.9.10
no ip http server
no ip http secure-server
!
ip flow ingress infer-fields
ip flow ingress layer2-switched
ip flow-export source Vlan90
ip flow-export version 5
!
ip route-cache flow infer-fields
!
ip access-list standard PROTECT_VTY
 permit 192.168.0.0 0.0.7.255
 permit 10.1.0.0 0.0.255.255
 permit 10.2.0.0 0.0.255.255
 permit 172.16.254.0 0.0.0.255
 permit 172.17.254.0 0.0.0.255
 permit 10.3.0.0 0.0.255.255
ip access-list standard REDIST_STATIC_ROUTES
 permit 172.16.254.0 0.0.0.255
 permit 10.1.40.0 0.0.0.255
!
ip access-list extended Guest_Wireess
ip access-list extended Net_Control
 remark Access-list used to identify telnet and ssh traffic used for device mana
gement
 permit tcp any any eq 22
 permit tcp any eq 22 any
 permit tcp any any eq telnet
 permit tcp any eq telnet any
ip access-list extended VoIP
 remark Access-list used to identify VoIP bearer traffic
 deny   udp any any fragments
 permit udp any range 16384 32767 any range 16384 32767
ip access-list extended VoIP_Signaling
 remark Access-list used to identify VoIP signaling traffic
 permit tcp any any range 2000 2002
 permit tcp any range 2000 2002 any
 permit tcp any any eq 1720
 permit tcp any eq 1720 any
 permit tcp any range 11000 11999 any range 11000 11999
 permit udp any any eq 2427
 permit udp any eq 2427 any
 permit tcp any any eq 2748
 permit tcp any eq 2748 any
 permit tcp any any range 1099 1129
 permit tcp any range 1099 1129 any
!
access-list hardware entries scattered
!
route-map REDIST_STATIC_ROUTES permit 10
 match ip address REDIST_STATIC_ROUTES


ASA 5520 (Site-A)

access-list outside_access_in extended permit tcp any host 12.39.xxx.xx object-g
roup Web_TCP_Ports
access-list outside_access_in extended permit tcp any host 12.39.xxx.xx object-g
roup Web_TCP_Ports
access-list DEFAULT_ONLY standard permit host 0.0.0.0

route-map REDISTRIBUTE_DEFAULT permit 10
 match ip address DEFAULT_ONLY
!
!
router eigrp 615
 no auto-summary
 network 10.1.9.0 255.255.255.0
 network 172.16.200.0 255.255.255.0
 passive-interface default
 no passive-interface inside
 redistribute static route-map REDISTRIBUTE_DEFAULT
!
route outside 0.0.0.0 0.0.0.0 12.39.245.1 1 track 1
route inside 10.1.0.0 255.255.0.0 10.1.9.1 1
route web&sp_dmz 10.1.40.0 255.255.255.0 172.16.200.5 1
route inside 10.2.0.0 255.255.0.0 10.1.9.1 1
route inside 172.17.254.0 255.255.255.0 10.1.9.1 1
route outside 192.58.128.30 255.255.255.255 12.39.245.1 1
route inside 192.168.0.0 255.255.248.0 10.1.9.1 1
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question