How to Configure ISP Failover With Default Routes Using IP SLA Tracking

For a high-availability network, enterprise companies typically maintain connections with multiple internet service providers (ISPs) to ensure redundant internet connectivity. Among these ISPs, one is usually preferred over the others, often due to higher bandwidth or other factors. This preferred ISP serves as the primary link, while the connection from the second ISP acts as a secondary link, ready to take over in case of primary link failure.

The edge router of the enterprise is connected to the active ISP, and the ISP router is linked to the internet. It is the role of the edge router to detect faults in the connection to the active ISP and switch over to the failover ISP when necessary. While the edge router can detect faults in the link connecting it to the ISP router, it may not detect faults in the link between the active ISP and the internet by default.

For the edge router to be able to capture link failures between the ISP router and the internet, we need to configure a default route to the internet on the edge router and then track the interface connecting the ISP router to the internet using IP SLA tracking. With this configuration, the edge router will be alerted when there is a link failure between the ISP and the internet, and it will automatically switch to the failover ISP.

In this post, I will show you how to configure ISP failover with default routes using IP SLA tracking using a sample network topology.

Network Topology

The network topology we will be using in this post is shown below. As you can see, it consists of two ISP routers, one Edge router (R1), and two host devices. The two ISP routers are connected to the cloud symbol, representing the internet. Additionally, the two host devices are connected to the Edge router through a switch.

In this demonstration, we will configure default routes to the internet on each ISP router. Furthermore, we will configure a default route to the internet on the Edge router. We will also track link failures of the primary link using IP SLA. Since private IP addresses are configured on parts of the network, we will configure NAT appropriately.

network topology for ISP failover

How to Configure ISP Failover With Default Routes Using IP SLA Tracking

Here are the steps to configure ISP Failover with a Dafault router for the network topology shown above:

Step 1: Configure the interfaces of the routers.

ISP1

ISP1(config)#interface ethernet0/0
ISP1(config-if)#ip address 10.254.4.70 255.255.255.0
ISP1(config-if)#no shutdown 
ISP1(config-if)#exit

ISP1(config)#interface ethernet0/1
ISP1(config-if)#ip address 172.16.100.1 255.255.255.0
ISP1(config-if)#no shutdown
ISP1(config-if)#exit

ISP2

ISP2(config)#interface ethernet0/0
ISP2(config-if)#ip address 10.254.4.71 255.255.255.0
ISP2(config-if)#no shutdown
ISP2(config-if)#exit

ISP2(config)#interface ethernet0/1
ISP2(config-if)#ip address 172.16.200.1 255.255.255.0
ISP2(config-if)#no shutdown
ISP2(config-if)#exit 

Router 1(Edge Router)

R1(config)#interface ethernet0/0
R1(config-if)#ip address 172.16.100.2 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit

R1(config)#interface ethernet0/1
R1(config-if)#ip address 172.16.200.2 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit

R1(config)#interface ethernet0/2
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown 
R1(config-if)#exit

Step 2 :Configure the Default Routes

ISP1

ISP1(config)#ip route 0.0.0.0 0.0.0.0 10.254.4.254

ISP2

ISP2(config)#ip route 0.0.0.0 0.0.0.0 10.254.4.254

Step 3: Test Connectivity to the Internet

ISP1

ISP1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

ISP2

ISP2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms

Step 4: Configure  PAT on the ISP Routers

ISP1

ISP1(config)#access-list 1 permit 172.16.100.0 0.0.0.255
ISP1(config)#ip nat inside source list 1 interface ethernet0/0 overload

ISP1(config)#interface ethernet0/0
ISP1(config-if)#ip nat outside 
ISP1(config-if)#exit

ISP1(config)#interface ethernet0/1
ISP1(config-if)#ip nat inside 
ISP1(config-if)#exit

ISP2

ISP2(config)#access-list 1 permit 172.16.200.0 0.0.0.255 
ISP2(config)#ip nat inside source list 1 interface ethernet0/0 overload

ISP2(config)#interface ethernet0/0
ISP2(config-if)#ip nat outside 
ISP2(config-if)#exit

ISP2(config)#interface ethernet0/1
ISP2(config-if)#ip nat inside 
ISP2(config-if)#exit

Step 5: Configure IP SLA Tracking on the Edge Router

R1(config)#ip sla 1 
R1(config-ip-sla)#icmp-echo 172.16.100.1 source-ip 172.16.100.2
R1(config-ip-sla-echo)#timeout 5000
R1(config-ip-sla-echo)#threshold 5000
R1(config-ip-sla-echo)#frequency 60
R1(config-ip-sla-echo)#exit

R1(config)#ip sla schedule 1 life forever start-time now

R1(config)#track 8 ip sla 1 reachability 
R1(config-track)#exit

Step 6: Configure a floating static route on the Edge router

R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.100.1 track 8
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.200.1 10

A floating static route is a backup route configured with a higher administrative distance than the primary route. In the above configuration, the second command has an administrative distance (AD) of 10, as opposed to the first, which has an AD of 1.

Step 7: Configure Policy-Based Routing (PBR) on R1

R1(config)#ip access-list extended 101
R1(config-ext-nacl)#permit ip 192.168.12.0 0.0.0.255 any
R1(config-ext-nacl)#exit

R1(config)#route-map NAT_ISP1 permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#match interface ethernet0/0
R1(config-route-map)#exit

R1(config)#route-map NAT_ISP2 permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#match interface ethernet0/1
R1(config-route-map)#exit

R1(config)#interface ethernet0/0
R1(config-if)#ip nat outside 
R1(config-if)#exit

R1(config)#interface ethernet0/1
R1(config-if)#ip nat outside 
R1(config-if)#exit

R1(config)#interface ethernet0/2
R1(config-if)#ip nat inside 
R1(config-if)#exit

R1(config)#ip nat inside source route-map NAT_ISP1 interface ethernet0/0 overload
R1(config)#ip nat inside source route-map NAT_ISP2 interface ethernet0/1 overload
  1. ip access-list extended 101: This command creates an extended access control list (ACL) numbered 101. In this specific case, it permits traffic sourced from the subnet 192.168.12.0/24 to any destination.
  2. route-map NAT_ISP1 permit 10: This command creates a route-map named NAT_ISP1 with sequence number 10. Route-maps are used to manipulate routing information based on specified criteria. In this case, it’s used to match traffic from ACL 101 and interface ethernet0/0.
  3. match ip address 101: This sub-command within the route-map matches the traffic specified by ACL 101.
  4. match interface ethernet0/0: This sub-command within the route-map matches traffic arriving on interface ethernet0/0.
  5. route-map NAT_ISP2 permit 10: Similarly, this command creates another route-map named NAT_ISP2 with sequence number 10. It also matches traffic from ACL 101 but on interface ethernet0/1.
  6. ip nat inside source route-map NAT_ISP1 interface ethernet0/0 overload: This command specifies that traffic matching the criteria defined in route-map NAT_ISP1 should be translated using NAT and then forwarded out of interface ethernet0/0. The ‘overload’ keyword indicates that the router should use Port Address Translation (PAT) for multiple internal addresses to share a single public IP address.
  7. ip nat inside source route-map NAT_ISP2 interface ethernet0/1 overload: Similarly, this command specifies that traffic matching the criteria defined in route-map NAT_ISP2 should be translated using NAT and then forwarded out of interface ethernet0/1

Step 8: Configure The host devices

PC1

PC1(config)#no ip routing

PC1(config)#interface ethernet0/0
PC1(config-if)#ip address 192.168.12.254 255.255.255.0
PC1(config-if)#no shutdown 
PC1(config-if)#exit

PC1(config)#ip default-gateway 192.168.12.1

PC2

PC2(config)#no ip routing 

PC2(config)#interface ethernet0/0
PC2(config-if)#ip address 192.168.12.253 255.255.255.0
PC2(config-if)#no shutdown 
PC2(config-if)#exit

PC2(config)#ip default-gateway 192.168.12.1

Step 9: Verify the configuration.

You can verify that the IP SLA tracking is working by shutting down the interface of the active ISP router to see if the edge router will detect and switch over to the secondary ISP router.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top