How to detect next hop is down on Ethernet link?

[ggulik]

I have a 3620 router with two connections to the Internet provided over ethernet. Often times when the next hop is down or unresponsive the router doesn't detect the outtage and re-route through the other connection because the physical ethernet link stays up.

I've been unsuccessful in finding a way to have the router automatically detect that the next hop is not really there any more.

I previously used an inexpensive Nexland router which would automatically ping the next hop and if it failed to meet a threshold that link would be marked down and all traffic automatically re-routed. I would go back to the Nexland except that it has plenty of other deficiencies.

I'm hoping there is a way to do this that I'm missing and appreciate any advice you can offer.

 

[tschouten]

I would say use routing protocols like EIGRP or OSPF. Create a floating static route design. If you aren't sure what I am talking about here, let us know. There are plenty of people in here who will help you work through the design.

 

[ggulik]

I do know about OSPF and EIGRP but unfortunately I most likely won't be able to use the routing protocols in this case.

The two routers I connect to are ISPs. I know that one won't do it because they refuse even the most basic requests and the other probably doesn't know what EIGRP or OSPF is.

I will ask but I have a feeling that I'm going to have to find a solution that doesn't involve asking for help from the ISPs.

 

[tschouten]

Wait, I must have mis-read what you posted. You are saying you are using a 3620, the connections you are refering to go to two different ISP's.

1).What routing protocol are you using on your router?

2).Have you concidered using BGP?

 

[tschouten]

The only other option I can think of is on your router perform a floating gateway of last resort.


ip route 0.0.0.0 0.0.0.0 64.28.0.1
ip route 0.0.0.0 0.0.0.0 68.24.0.3 240

This way if one route comes back as a bad route it will timeout and the other will be used until the main one comoes back online.

 

[tschouten]

Of course doing the above means you are not advertising access to your company properly through the ISP's. Hence the need for BGP. This way when one route fails the other route knows how to reach your company.

 

[ggulik]

Several comments. First of all I do not have my own address block. All I do have are 1 static IP address from either ISP. My organization is too small to warrant a BGP block and all the overhead associated with that. I've done BGP in the past and that's the last thing I need to do right now. I also guarantee that neither of the ISPs would agree to it anyway.

In addition, since I have only 1 IP address I'm running NAT on both connections. That part is actually working just fine.

Someone also posted this suggestion:
ip route 0.0.0.0 0.0.0.0 64.28.0.1
ip route 0.0.0.0 0.0.0.0 68.24.0.3 240

That's basically what I've been doing since I installed this 3620 a few days ago. However it doesn't work. When my primary ISP was doing maintenance last night the first route never went away so traffic never got re-routed to the backup ISP. The reason for this is that because of the way the service is provided the ethernet will pretty much ALWAYS be up even when the connection to the ISP is down. Therefor the Cisco does not see the connection as down.

The way my previous router handled this was to ping the next hop on both connections periodically and when X number of pings didn't return that connection was marked down and that route removed. This was crude but worked, most of the time.

What I was hoping to accomplish on the Cisco is something at least as reliable as that method.

I have sent support at both ISPs an E-mail requesting that a routing protocol be put in place. I'm no expecting a positive response from either however.

I would really rather not be forced to go back to the old Nexland router because it has plenty of it's own faults.

 

[tschouten]

____________________________________________________________
Following is the sequence for floating static routes:

1. The primary interface learns a primary route to a remote network (using a static route or a dynamic routing protocol). The administrative distance of this learned route is less than the floating static, thus the learned route is used.

2. The primary interface becomes inoperable, although line protocol may remain up. Loss of routing updates eventually removes the learned primary route from the routing table.

!!!Note: When the primary route is a static route, the primary interface line protocol must go down for the floating static route to be used.!!! (This is where your problem lies using this method, you are using a static route instead of dynamic so you are right your interface will have to go down for it work correctly).

3.The floating static route is used since it is now the route with the lowest administrative distance.
____________________________________________________________


As for the overhead of BGP, besides the initial configuration there really is not that much overhead. I've run 1600 series using BGP, iBGP with no problems. However, geting ISP's to commit to BGP is sometimes a pain; I completely understand.

HSRP wouldn't work in this instance either. So you can throw that idea out the window.

Are you using some sort of DSL or cable modem connection? Is this why you have it connected via the ethernet interface? If so, I would suggest looking into the UBR models from cisco. This way you could use HSRP and or floating routes. What I'm trying to say is what are the ethernet interfaces connected to device wise?

 

[ports]

Hi,
if i have understood ur requirement which is,

1. U have a set of IP's from the respective ISP, let say,
X.X.X.X IP' from ISP I
Y.Y.Y.Y IP's from ISP II.

2. u would be having,
a) Ethernet port for LAN connection, (Let's say Port e0/0)
b) another ethernet ISP-I connection (e0/1)
c) one more ethernet for ISP-II (e0/2)

Try this,
1. Configure ur LAN with Private IP, (10.0.0.0 or 172.(16-32).0.0 or 192.168.10.0)

2. Use NAT on the all the ethernet ports such, that if packets use the interface through ISP-I ...then NAT to ISP-I allotted IP's
or else if ISP-II, then NAT all the IP's to the allotted IP's by ISP-II

for example
Interface E0/0
Ip nat inside

Interface E0/1
ip nat outside
"USE THE POOL OF IP'S ALLOTED BY ISP-I"

Interface E0/2
ip nat outside
"USE THE POOL OF IP'S ALLOTED BY ISP-I"

ALSO USE THE FLOATING STATIC ROUTE WITH THE ABOVE CONFIG

I hope i am clear on the config
If u need the exact config for the above, i will send it to ya.
Let me know. This should work.

Regards,
FG.

 

[ggulik]

The connections to the Internet are DSL-like. In case it matters at all the primary connection is a 4Mbit wireless connection using Canopy technology. The secondary (mostly just for backup) is through Sprint Broadband.

I really don't care too much about load balanced or fault tollerant inbound traffic as my primary has only gone down once where it wasn't a scheduled downtime and the website is VERY low volume and non-critical. I really only care about getting outbound E-mail to work and web surfing to keep working. Inbound E-mail is handled just fine with a secondary MX.

Here is exactly (relavant portions only) what I have so far:

-----------------------
interface Ethernet0/0
description AWB.us
ip address 66.243.130.189 255.255.255.0
ip nat outside
ip route-cache policy
ip policy route-map AWB
half-duplex

interface Ethernet0/1
description Sprint BBD
mac-address 0000.c572.74b6 ! The IP address IS static
bandwidth 2000
ip address dhcp hostname ISBC6285C
ip nat outside
ip route-cache policy
ip policy route-map SprintBBD
full-duplex

interface FastEthernet1/0
description Local Ethernet
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto

ip nat inside source route-map AWB interface Ethernet0/0 overload
ip nat inside source route-map SprintBBD interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.1.2 80 66.243.130.189 80 extendable
ip nat inside source static tcp 192.168.1.2 80 66.87.153.124 80 extendable
.
.
.

ip route 0.0.0.0 0.0.0.0 66.243.130.189 name AWB.us
ip route 0.0.0.0 0.0.0.0 66.87.153.123 20 name SprintBBD

access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any

route-map AWB permit 10
match ip address 2
match interface Ethernet0/0
set ip next-hop 66.243.130.1
!
route-map SprintBBD permit 10
match ip address 2
match interface Ethernet0/1
set ip next-hop 66.87.153.123
-----------------------

I will check into the UBR routers.
Is there any way to make this work with what I have???

 

[tschouten]

The route-map is why the design is not working. If you set it to perform NAT by creating a pool instead of route-mapping, then the design PORTS and I described earlier should work for you. To be honest, I assumed (my fault for that) that the design of your NAT was using a POOL method.

In order for the design you have now to work you would need to set up two different access-lists for matching and break apart how your lan accesses your ISP's. Pointing one block of addresses out one interface and the other block pointing out of the other interface with you route-map policy.

Then, create multiple floating static routes similar to this:

ip route 192.168.1.0 0.0.0.248 66.243.130.189 name AWB.us
ip route 192.168.1.0 0.0.0.128 66.87.153.123 name SprintBBD
ip route 192.168.1.0 0.0.0.248 66.87.153.123 20 name SprintBBD
ip route 192.168.1.0 0.0.0.128 66.243.130.189 20 name AWB.us


If I managed to sound really confusing I apologize for that.

 

[ggulik]

In order for the design you have now to work you would need to set up two different access-lists for matching and break apart how your lan accesses your ISP's. Pointing one block of addresses out one interface and the other block pointing out of the other interface with you route-map policy.

Ok, so does that mean that instead of using access list 2 for both route maps I should set up a second identical access list for one of the route maps?

What do you mean by break apart how your lan accesses your ISP's ????

Also, can you explain how the multiple static routes with different masks will solve the problem at hand? I don't see how that would make a difference.

 

[bobabes]

I was wondering if you ever solved this issue, I have a scenario that matches exactly what you required?

 

[bobabes]

ggulik if you still using TekTips I have your solution. Cisco introduced exactly what your looking for in IOS release 12.3(4)T, it is called [PBR Support for Multiple Tracking Options]. It allows you to ping a next hop and if it doesn't answer set the next hop to interface X. It uses tracking objects and you can use ICMP-Ping,UDP-Ping or HTTP for reachability.I am including the link for you or anyone else for that matter.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e95.html

Bobby