Monday, February 23, 2015

Cisco Object-Tracking: Select A Better "icmp-echo X.X.X.X"

So I guess, sometimes, you learn that maybe some IP addresses wont be as reliable as you would like.  Im talking about the good ole DNS servers out there that you think might last a while with good reliability.  I always thought that 4.2.2.1 and 4.2.2.2 would be some good destinations for a good technology: object-tracking.
Object-tracking is really cool.  I really like the results it gives.  Now, if you dont know what object-tracking is, its Cisco's way of doing things like dual-ISP without a routing protocol.   If ISP1 goes down, the Cisco router knows it and automatically changes the static default route to point to ISP2.  That, generically, is how it works.  It gets deep and very configurable, but you get the idea.
Now, with that said, I have to tell you about an experience I had.  My good ole reliable 4.2.2.1 became not so reliable for the past few weeks.  This caused my customer to get some very unstable results.  See below, what I saw when I consoled into the Cisco 2900 router:


Dec 18 17:50:43.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:50:53.559: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:51:48.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:03.627: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:18.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:33.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:52:48.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:52:58.695: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down
Dec 18 17:55:13.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Down->Up
Dec 18 17:55:28.899: %TRACKING-5-STATE: 10 ip sla 1 reachability Up->Down

Notice that its UP/DOWN state changes every few seconds.  Well, the network didnt like this back and forth like this, and it caused all kinds of slowness issues, etc for the customer.  Needless to say, not good.
So when I saw my SLA 1, which was the one going down, as seen above, then I had to see what the destination was.  See below the config.  Yes, its good ole 4.2.2.1.

track 10 ip sla 1 reachability
 delay down 2 up 2
track 20 ip sla 2 reachability
 delay down 2 up 2

ip route 0.0.0.0 0.0.0.0 192.168.0.2 3 track 10
ip route 0.0.0.0 0.0.0.0 5.5.5.193 5 track 20
ip route 4.2.2.1 255.255.255.255 192.168.0.2 permanent
ip route 4.2.2.2 255.255.255.255 5.5.5.193 permanent

ip sla 1
 icmp-echo 4.2.2.1 source-ip 192.168.0.5
 frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 4.2.2.2 source-ip 5.5.5.194
 frequency 5
ip sla schedule 2 life forever start-time now

So, I changed it to the next hop just beyond ISP1, which is really what I should have done in the first place.  I guess I shouldn't trust those two DNS servers anymore.  Lesson learned.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.