You heard it, after this quick lab, got NAT and PAT to go over and the next week or so will be reading and labbing my butt off until exam day on 4/28.
With that being said, this lab will piggy back on what we’ve learned, only this is a more practical real-world scenario that I see a LOT on fail-overs setup for ASA’s and Routers alike, setting ip sla tracking on static routes.
Now, static routes will not automatically detect when they go invalid, and remove themselves from the route table like a dynamic protocol, so you must set sla to track or “poll” the destination IP to make sure its still up and alive – and if it is determined not to be it is pulled from the route table.
So for this configuration, usually there is your preferred static route to your ISP (R3), and then a static route configured with a higher weight to it that can take over if the preferred static route becomes unavailable configured.
For this we need to configure the following things:
- Add two static routes, a preferred, and a secondary with a higher metric
- The IP SLA
- The IP SLA Schedule
- The IP SLA Tracking
- Attach the tracking to the IP route
Now I will be doing this from R4 going to R1 as the destination, so lets first add our static routes to the router:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 172.12.23.0 255.255.255.0 172.12.123.3
R1(config)#ip route 172.12.23.0 255.255.255.0 172.12.123.2 50
First part configured, and now to verify connectivity:
R1(config)#do sh ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.12.23.0/24 [1/0] via 172.12.123.3
C 172.12.123.0/24 is directly connected, Serial0/0/0
L 172.12.123.1/32 is directly connected, Serial0/0/0
R1(config)#
R1(config)#do ping 172.12.23.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.23.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
R1(config)#
So we are cooking with the GASOLINA now baby! Now on a side note, the only way I’ve found to see ALL routes is in the running config, or how I personally do it for static routes is “sh run | i ip route” so you only get static routes from the running config:
R1#sh run | i ip route
ip route 172.12.23.0 255.255.255.0 172.12.123.3
ip route 172.12.23.0 255.255.255.0 172.12.123.2 50
R1#
Much faster way to find them. Alright now to move onto step 2, configuring the IP SLA:
R1(config)#ip sla 5
R1(config-ip-sla)#icmp-echo ?
Hostname or A.B.C.D Destination IP address or hostname, broadcast disallowed
R1(config-ip-sla)#icmp-echo 172.12.123.3 ?
source-interface Source Interface (ingress icmp packet interface)
source-ip Source Address
<cr>
R1(config-ip-sla)#icmp-echo 172.12.123.3
R1(config-ip-sla-echo)#frequency ?
<1-604800> Frequency in seconds (default 60)
R1(config-ip-sla-echo)#frequency 10
R1(config-ip-sla-echo)#^Z
R1#
*Apr 19 00:00:29.087: %SYS-5-CONFIG_I: Configured from console by console
R1#
So now we should have it pinging R3 every 10 seconds, but of course next is the schedule:
R1(config)#ip sla schedule 5 life forever start-time now
So now the service the SLA is running, moving onto creating the track for it:
R1(config)#track ?
<1-500> Tracked object
resolution Tracking resolution parameters
timer Polling interval timers
R1(config)#track 1 ?
interface Select an interface to track
ip IP protocol
list Group objects in a list
stub-object Stub tracking object
R1(config)#track 1 ip ?
route IP route
sla IP Service Level Agreement
R1(config)#track 1 ip sla ?
<1-2147483647> Entry number
R1(config)#track 1 ip sla 5 ?
reachability Reachability
state Return code state
<cr>
R1(config)#track 1 ip sla 5 reachability ?
<cr>
R1(config)#track 1 ip sla 5 reachability
R1(config-track)#
This meaning that when we add this track, which references that SLA entry 5, it will use pings to determine reachability.
So the final stage is to remove the preferred route, and add “track 1” to the end of it:
R1(config)#no ip route 172.12.23.0 255.255.255.0 172.12.123.3
R1(config)#ip route 172.12.23.0 255.255.255.0 172.12.123.3 track 1
R1(config)#do sh ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.12.23.0/24 [1/0] via 172.12.123.3
C 172.12.123.0/24 is directly connected, Serial0/0/0
L 172.12.123.1/32 is directly connected, Serial0/0/0
So now that we finally have everything configured so all is well, and here is a verification command as well for IP SLA Tracks:
R1(config)#do sh track
Track 1
IP SLA 5 reachability
Reachability is Up
1 change, last change 00:02:20
Latest operation return code: OK
Latest RTT (millisecs) 44
Tracked by:
STATIC-IP-ROUTING 0
Everything looks good to go, so lets break some stuff and see if we maintain connectivity!
R3(config)#int s0/2
R3(config-if)#shut
R3(config-if)#
ASR#6
[Resuming connection 6 to r5 … ]
*Apr 19 00:08:48.455: %SYS-5-CONFIG_I: Configured from console by console[OK]
R1#sh ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 172.12.23.0/24 [50/0] via 172.12.123.2
C 172.12.123.0/24 is directly connected, Serial0/0/0
L 172.12.123.1/32 is directly connected, Serial0/0/0
R1#
Lets take a look again at our verification of tracks:
R1#sh track
Track 1
IP SLA 5 reachability
Reachability is Down
2 changes, last change 00:08:11
Latest operation return code: Timeout
Tracked by:
STATIC-IP-ROUTING 0
R1#
Now the static route with the metric of 50 is injected into the route table before I even got back to it (polling every 10 seconds for reachability), so lets see about connectivity:
R1#ping 172.12.23.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.23.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 64/65/68 ms
R1#ping 172.12.23.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.23.4, timeout is 2 seconds:
!!!!!
Missed that first ping but it caught on after that. So that is it for IP SLA Track configuration, it is very straight forward, just a few commands to remember:
- Make preferred route and backup route with higher metric
- Create IP SLA “icmp-echo x.x.x.x” with “frequency #” command
- Create schedule with “ip sla schedule # life (x) start-time (x)”
- Create track with “track # ip sla # reachability
- Remove preferred route and replace it with track # at the end
- You now have a fail-over route for your network, congratulations!
Important pointers, do not get the SLA entry # mixed up with the Track # on a question or while configuring, as they are 2 separate things.
With that I have NAT and PAT to cover and the video series is over, then it is a week and a half of frenzied reading and labbing all over again which I will continue to post until my test day on 4/28 🙂
The DEVNET GRIND! 