Monday, 16 February 2015

Monitoring a Static route and Default route

One of the problems with static routes is that there is no inherent mechanism for determining if the route is up or down. They remain in the routing table even if the next hop gateway becomes unavailable. Static routes are only removed from the routing table if the associated interface on the ASA goes down.

The static route tracking feature provides a method for tracking the availability of a static route and installing a backup route if the primary route should fail. This allows you to, for example, define a default route to an ISP gateway and a backup default route to a secondary ISP in case the primary ISP becomes unavailable.
The ASA does this by associating a static route with a monitoring target that you define. It monitors the target using ICMP echo requests. If an echo reply is not received within a specified time period, the object is considered down and the associated route is removed from the routing table. A previously configured backup route is used in place of the removed route.
When selecting a monitoring target, you need to make sure it can respond to ICMP echo requests. The target can be any network object that you choose, but you should consider using:
the ISP gateway (for dual ISP support) address
the next hop gateway address (if you are concerned about the availability of the gateway)
a server on the target network, such as a AAA server, that the ASA needs to communicate with
a persistent network object on the destination network (a desktop or notebook computer that may be shut down at night is not a good choice)
You can configure static route tracking for statically defined routes or default routes obtained through DHCP or PPPoE. You can only enable PPPoE clients on multiple interface with route tracking.
To configure static route tracking, perform the following steps:

Detailed Steps


Command

Purpose

Step 1 



sla monitor sla_id














Example:











hostname(config)# sla monitor sla_id
















Configure the tracked object monitoring parameters by defining the monitoring process.





If you are configuring a new monitoring process, you enter SLA monitor configuration mode.





If you are changing the monitoring parameters for an unscheduled monitoring process that already has a type defined, you automatically enter SLA protocol configuration mode.








Step 2 










type echo protocol ipIcmpEcho target_ip 




interface if_name





















Example:











hostname(config-sla-monitor)# type echo 
protocol ipIcmpEcho target_ip interface 
if_name








Specify the monitoring protocol.





If you are changing the monitoring parameters for an unscheduled monitoring process that already has a type defined, you automatically enter SLA protocol configuration mode and cannot change this setting.





The target_ip is the IP address of the network object whose availability the tracking process monitors. While this object is available, the tracking process route is installed in the routing table. When this object becomes unavailable, the tracking process removed the route and the backup route is used in its place.








Step 3 










sla monitor schedule sla_id [life {forever 



| seconds}] [start-time {hh:mm[:ss] [month 




day | day month] | pending | now | after 




hh:mm:ss}] [ageout seconds] [recurring]





















Example:











hostname(config)# sla monitor schedule 




sla_id [life {forever | seconds}] 



[start-time {hh:mm[:ss] [month day | day 




month] | pending | now | after hh:mm:ss}] 



[ageout seconds] [recurring]








Schedule the monitoring process.





Typically, you will use sla monitor schedulesla_id life forever start-time now for the monitoring schedule, and allow the monitoring configuration determine how often the testing occurs.





However, you can schedule this monitoring process to begin in the future and to only occur at specified times.








Step 4 






track track_id rtr sla_id reachability

















Example:









hostname(config)# track track_id rtr 
sla_id reachability








Associate a tracked static route with the SLA monitoring process.





The track_id is a tracking number you assign with this command. The sla_id is the ID number of the SLA process.








Step 5 





Do one of the following to define the static route to be installed in the routing table while the tracked object is reachable.

These options allow you to track a static route, or default route obtained through DHCP or PPPOE.













route if_name dest_ip mask gateway_ip 



[admin_distance] track track_id





















Example:











hostname(config)# route if_name dest_ip 



mask gateway_ip [admin_distance] track 
track_id








This option tracks a static route.





You cannot use the tunneled option with theroute command with static route tracking.











hostname(config)# interface phy_if











hostname(config-if)# dhcp client route 



track track_id











hostname(config-if)# ip addresss dhcp 



setroute











hostname(config-if)# exit
















This option tracks a default route obtained through DHCP,





Remember that you must use the setrouteargument with the ip address dhcp command to obtain the default route using DHCP.











hostname(config)# interface phy_if











hostname(config-if)# pppoe client route 



track track_id











hostname(config-if)# ip addresss pppoe 



setroute











hostname(config-if)# exit








This option tracks a default route obtained through PPPoE.





You must use the setroute argument with the ip address pppoe command to obtain the default route using PPPoE.















Configuration Examples for Static or Default Routes







Step 1 Create a static route:




hostname(config)# route inside 10.1.1.0 255.255.255.0 10.1.2.45 1
















In this step, a static route is created that sends all traffic destined for 10.1.1.0/24 to the router (10.1.2.45) connected to the inside interface.



Step 2 Define three equal cost static routes that directs traffic to three different gateways on the outside interface, and adds a default route for tunneled traffic. The ASA distributes the traffic among the specified gateways.




hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.2.1











hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.2.2











hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.2.3











hostname(config)# route outside 0 0 192.168.2.4 tunneled














Unencrypted traffic received by the ASA for which there is no static or learned route is distributed among the gateways with the IP addresses 192.168.2.1, 192.168.2.2, 192.168.2.3. Encrypted traffic receive by the ASA for which there is no static or learned route is passed to the gateway with the IP address 192.168.2.4.





Feature History for Static and Default Routes





Table 19-1 lists the release history for this feature.









Table 19-1 Feature History for Static and Default Routes







Feature Name





Releases





Feature Information








route command





7.0





The route command is used to enter a static or default route for the specified interface.




















Posted by



at




























Location:
Patiala, Punjab, India











No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)