Untitled document

& Switching v5 Workbook -

Advanced Technology Labs - IP

CCIE Routing

CCIE R&S v5

Routing

Reliable Static Routing with Enhanced Object Tracking

A Note On Section Initial Configuration Files: You must load the

initial configuration files for the section, named Basic IP Addressing,

which can be found in

CCIE R&S v5 Topology Diagrams & Initial

Configurations

. Reference the Advanced Technology Labs With

Addressing Diagram to complete this task.

Task

Configure R1 with IPv4 static route for R4’s Loopback0 prefix through the DMVPN

cloud.

Configure R5 with IPv4 static routes for R1’s and R4’s Loopback0 prefixes through

the DMVPN cloud.

Configure R4 with a primary IPv4 static route for R1’s Loopback0 prefix via its

VLAN146 Ethernet connection.

use SLA and Object Tracking to ensure the route is valid as long as ICMP

connectivity exists between R1 and R4’s Ethernet connection.

configure R4 to verify connectivity each 5 seconds.

ensure R1 replies within 2 seconds.

Configure R4 with a backup IPv4 static route for R1’s Loopback0 prefix through the

DMVPN cloud using administrative distance of 2.

Configuration

R1:

ip route 150.1.4.4 255.255.255.255 155.1.0.4

R4:

ip sla 1

icmp-echo 155.1.146.1 source-interface GigabitEthernet1.146

threshold 2000

timeout 2000

frequency 5

ip sla schedule 1 life forever start-time now

!

track 1 ip sla 1 state

!

ip route 150.1.1.1 255.255.255.255 155.1.146.1 track 1

ip route 150.1.1.1 255.255.255.255 155.1.0.1 2

R5:

ip route 150.1.1.1 255.255.255.255 155.1.0.1

ip route 150.1.4.4 255.255.255.255 155.1.0.4

Verification

Although R1 and R4 are on the same Layer 2 segment in VLAN 146, their physical

Ethernet interfaces are not on the same Layer 1 network; there is no back-to-back

Ethernet cable between the two routers, connectivity is achieved through a

switching infrastructure. This means that the Layer 1 link status of R1’s connection

to VLAN 146 is independent of R4’s Layer 1 link status, and vice-versa. From a

static routing redundancy design point of view, the possible problem with this

scenario is that routers have no way of detecting the other peer link failure, which

may result in traffic being blackholed and silently dropped in the transit path.

To visualize this, before implementing the tracking functionality for the static route

let’s shutdown R1’s Ethernet interface, which will still keep the primary route in the

routing table, however IPv4 connectivity will fail:

R1#ping 150.1.4.4 source 150.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 150.1.4.4, timeout is 2 seconds:

Packet sent with a source address of 150.1.1.1 !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms

!R1(config)#interface gigabitEthernet1.146

R1(config-subif)#shutdown

!R4#show ip route 150.1.1.1

Routing entry for150.1.1.1/32

Known via "static", distance 1, metric 0

Routing Descriptor Blocks: *155.1.146.1

Route metric is 0, traffic share count is 1

!R1#ping 150.1.4.4 source 150.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 150.1.4.4, timeout is 2 seconds:

Packet sent with a source address of 150.1.1.1 .....

To fix the problem, we need to actively monitor IPv4 connectivity between R1 and

R4 on the Ethernet segment and mark the primary static route as invalid for being

installed in the routing table when connectivity fails. For this scope, IP Service Level

Agreement (SLA) and Enhanced Object Tracking features is used. First, R4 is

configured with a SLA instance that actively monitors IPv4 connnectivity with R1

over the Ethernet link by sending ICMP Echo Request packets each 5 seconds.

SLA will consider connectivity to be functional through the Return Code of OK as

long as ICMP Echo Reply is received within the configured 2 seconds timeout

window; otherwise the Return Code will be Timeout:

R4#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.R4(config)#ip sla 1

R4(config-sla-monitor)#icmp-echo 155.1.146.1 source-interface GigabitEthernet1.146

R4(config-sla-monitor-echo)#frequency 5

R4(config-sla-monitor-echo)#timeout 2000

R4(config-sla-monitor-echo)#exit

R4(config)#ip sla schedule 1 life forever start-time now

!R4#show ip sla configuration 1

IP SLAs Infrastructure Engine-III

Entry number: 1

Owner:

Tag: Operation timeout (milliseconds): 2000

Type of operation to perform: icmp-echo

Target address/Source interface: 155.1.146.1/GigabitEthernet1.146

Type Of Service parameter: 0x0

Request size (ARR data portion): 28

Verify data: No

Vrf Name:

Schedule:Operation frequency (seconds): 5 (not considered if randomly scheduled)

Next Scheduled Start Time: Start Time already passed

Group Scheduled : FALSE

Randomly Scheduled : FALSE

Life (seconds): Forever

Entry Ageout (seconds): never

Recurring (Starting Everyday): FALSE

Status of entry (SNMP RowStatus): Active

Threshold (milliseconds): 2000

Distribution Statistics:

Number of statistic hours kept: 2

Number of statistic distribution buckets kept: 1

Statistic distribution interval (milliseconds): 20

Enhanced History:

History Statistics:

Number of history Lives kept: 0

Number of history Buckets kept: 15

History Filter Type: None

!R4#show ip sla statistics

IPSLAs Latest Operation Statistics

IPSLA operation id: 1

Latest RTT: 1 milliseconds

Latest operation start time: 15:59:53 UTC Sat May 3 2014Latest operation return code: OK

Number of successes: 2

Number of failures: 0

Operation time to live: Forever

Next, a Enhanced Object Tracking is created that monitors the IP SLA instance

Return Code. If SLA Return Code is OK, the tracking state is UP, while if the SLA

Return Code has any other value, the tracking state is DOWN:

R4#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.R4(config)#track 1 ip sla 1 state

!R4#show track

Track 1IP SLA 1 state

State is Up

2 changes, last change 00:00:26

Latest operation return code: OK

Latest RTT (millisecs) 2

Next the primary static route is configured with the tracking object attached as a

condition. This will instruct the router to consider the route as valid for being entered

in the routing table as long as the tracking state is UP. Also note that tracking now

shows it is attached to static routing:

R4(config)#ip route 150.1.1.1 255.255.255.255 155.1.146.1 track 1

!R4#show track

Track 1

IP SLA 1 state

State is Up

2 changes, last change 00:02:02

Latest operation return code: OK

Latest RTT (millisecs) 1

Tracked by:Static IP Routing 0

!R4#show ip route static | b Gateway

Gateway of last resort is not set

150.1.0.0/32 is subnetted, 1 subnetsS150.1.1.1 [1/0] via 155.1.146.1

We simulate the same network failure, however due to tracking being configured for

the primary route, once R4 will detect loss of IPv4 connectivity with R1, it will mark

the primary route as invalid and inject the backup route in the routing table:

R4#traceroute 150.1.1.1 source 150.1.4.4

Type escape sequence to abort.

Tracing the route to 150.1.1.1

1 155.1.146.1 36 msec * 36 msec

!R4#debug track state

track state debugging enabled

!R4#debug ip routing

IP routing debugging is on

!R1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface gigabitEthernet1.146

R1(config-subif)#shutdown

!R4#

Track: 1 Change #3 rtr 1, state Up->Down

%TRACK-6-STATE: 1 ip sla 1 state Up -> Downtrack-sta (1) ip sla 1 state Up -> Down

RT: del 150.1.1.1 via 155.1.146.1, static metric [1/0]RT: delete subnet route to 150.1.1.1/32

RT: updating static 150.1.1.1/32 (0x0) :

via 155.1.0.1 0 1048578

RT: add 150.1.1.1/32 via 155.1.0.1, static metric [2/0]

RT: updating static 150.1.1.1/32 (0x0) :

via 155.1.0.1 0 1048578

!R4#traceroute 150.1.1.1 source 150.1.4.4

Type escape sequence to abort.

Tracing the route to 150.1.1.1

1 155.1.0.5 28 msec 28 msec 28 msec

2 155.1.0.1 56 msec * 56 msec

!R4#show ip route 150.1.1.1

Routing entry for150.1.1.1/32

Known via "static", distance 2, metric 0

Routing Descriptor Blocks: *155.1.0.1

Route metric is 0, traffic share count is 1

Verify the SLA and tracking states:

R4#show ip sla statistics 1

IPSLAs Latest Operation Statistics

IPSLA operation id: 1

Latest RTT: NoConnection/Busy/Timeout

Latest operation start time: 16:36:54 UTC Sat May 3 2014Latest operation return code: Timeout

Number of successes: 82

Number of failures: 70

Operation time to live: Forever

!R4#show track

Track 1

IP SLA 1 stateState is Down

3 changes, last change 00:05:39Latest operation return code: Timeout

Tracked by:

Static IP Routing 0

When we re-activate R1’s VLAN 146 Ethernet connection, the SLA instance reports

itself as back up, the tracking instance reports itself as back up, and the static route

with the lower administrative distance is re-installed in the routing table:

R1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface gigabitEthernet1.146

R1(config-if)#no shutdown

!

!R4#

track-sta (1) Change #4 ip sla 1, state Down->Up

%TRACK-6-STATE: 1 ip sla 1 state Down -> Uptrack-sta (1) ip sla 1 state Down -> Up

RT: updating static 150.1.1.1/32 (0x0) :

via 155.1.0.1 0 1048578

RT: updating static 150.1.1.1/32 (0x0) :

via 155.1.146.1 0 1048578

RT: closer admin distance for 150.1.1.1, flushing 1 routes

RT: add 150.1.1.1/32 via 155.1.146.1, static metric [1/0]

RT: updating static 150.1.1.1/32 (0x0) :

via 155.1.0.1 0 1048578

RT: rib update return code: 17

!R4#traceroute 150.1.1.1 source 150.1.4.4

Type escape sequence to abort.

Tracing the route to 150.1.1.1

1 155.1.146.1 40 msec * 36 msec