For a high-availability network, enterprise companies typically maintain connections with multiple internet service providers (ISPs) to ensure redundant internet connectivity. Among these ISPs, one is usually preferred over the others, often due to higher bandwidth or other factors. This preferred ISP serves as the primary link, while the connection from the second ISP acts as a secondary link, ready to take over in case of primary link failure.
The edge router of the enterprise is connected to the active ISP, and the ISP router is linked to the internet. It is the role of the edge router to detect faults in the connection to the active ISP and switch over to the failover ISP when necessary. While the edge router can detect faults in the link connecting it to the ISP router, it may not detect faults in the link between the active ISP and the internet by default.
For the edge router to be able to capture link failures between the ISP router and the internet, we need to configure a default route to the internet on the edge router and then track the interface connecting the ISP router to the internet using IP SLA tracking. With this configuration, the edge router will be alerted when there is a link failure between the ISP and the internet, and it will automatically switch to the failover ISP.
In this post, I will show you how to configure ISP failover with default routes using IP SLA tracking using a sample network topology.
Network Topology
The network topology we will be using in this post is shown below. As you can see, it consists of two ISP routers, one Edge router (R1), and two host devices. The two ISP routers are connected to the cloud symbol, representing the internet. Additionally, the two host devices are connected to the Edge router through a switch.
In this demonstration, we will configure default routes to the internet on each ISP router. Furthermore, we will configure a default route to the internet on the Edge router. We will also track link failures of the primary link using IP SLA. Since private IP addresses are configured on parts of the network, we will configure NAT appropriately.
How to Configure ISP Failover With Default Routes Using IP SLA Tracking
Here are the steps to configure ISP Failover with a Dafault router for the network topology shown above:
Step 1: Configure the interfaces of the routers.
ISP1
ISP1(config)#interface ethernet0/0
ISP1(config-if)#ip address 10.254.4.70 255.255.255.0
ISP1(config-if)#no shutdown
ISP1(config-if)#exit
ISP1(config)#interface ethernet0/1
ISP1(config-if)#ip address 172.16.100.1 255.255.255.0
ISP1(config-if)#no shutdown
ISP1(config-if)#exit
ISP2
ISP2(config)#interface ethernet0/0
ISP2(config-if)#ip address 10.254.4.71 255.255.255.0
ISP2(config-if)#no shutdown
ISP2(config-if)#exit
ISP2(config)#interface ethernet0/1
ISP2(config-if)#ip address 172.16.200.1 255.255.255.0
ISP2(config-if)#no shutdown
ISP2(config-if)#exit
Router 1(Edge Router)
R1(config)#interface ethernet0/0
R1(config-if)#ip address 172.16.100.2 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet0/1
R1(config-if)#ip address 172.16.200.2 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface ethernet0/2
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
Step 2 :Configure the Default Routes
ISP1
ISP1(config)#ip route 0.0.0.0 0.0.0.0 10.254.4.254
ISP2
ISP2(config)#ip route 0.0.0.0 0.0.0.0 10.254.4.254
Step 3: Test Connectivity to the Internet
ISP1
ISP1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
ISP2
ISP2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
Step 4: ConfigureĀ PAT on the ISP Routers
ISP1
ISP1(config)#access-list 1 permit 172.16.100.0 0.0.0.255
ISP1(config)#ip nat inside source list 1 interface ethernet0/0 overload
ISP1(config)#interface ethernet0/0
ISP1(config-if)#ip nat outside
ISP1(config-if)#exit
ISP1(config)#interface ethernet0/1
ISP1(config-if)#ip nat inside
ISP1(config-if)#exit
ISP2
ISP2(config)#access-list 1 permit 172.16.200.0 0.0.0.255
ISP2(config)#ip nat inside source list 1 interface ethernet0/0 overload
ISP2(config)#interface ethernet0/0
ISP2(config-if)#ip nat outside
ISP2(config-if)#exit
ISP2(config)#interface ethernet0/1
ISP2(config-if)#ip nat inside
ISP2(config-if)#exit
Step 5: Configure IP SLA Tracking on the Edge Router
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 172.16.100.1 source-ip 172.16.100.2
R1(config-ip-sla-echo)#timeout 5000
R1(config-ip-sla-echo)#threshold 5000
R1(config-ip-sla-echo)#frequency 60
R1(config-ip-sla-echo)#exit
R1(config)#ip sla schedule 1 life forever start-time now
R1(config)#track 8 ip sla 1 reachability
R1(config-track)#exit
Step 6: Configure a floating static route on the Edge router
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.100.1 track 8
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.200.1 10
A floating static route is a backup route configured with a higher administrative distance than the primary route. In the above configuration, the second command has an administrative distance (AD) of 10, as opposed to the first, which has an AD of 1.
Step 7: Configure Policy-Based Routing (PBR) on R1
R1(config)#ip access-list extended 101
R1(config-ext-nacl)#permit ip 192.168.12.0 0.0.0.255 any
R1(config-ext-nacl)#exit
R1(config)#route-map NAT_ISP1 permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#match interface ethernet0/0
R1(config-route-map)#exit
R1(config)#route-map NAT_ISP2 permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#match interface ethernet0/1
R1(config-route-map)#exit
R1(config)#interface ethernet0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#interface ethernet0/1
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#interface ethernet0/2
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip nat inside source route-map NAT_ISP1 interface ethernet0/0 overload
R1(config)#ip nat inside source route-map NAT_ISP2 interface ethernet0/1 overload
ip access-list extended 101
: This command creates an extended access control list (ACL) numbered 101. In this specific case, it permits traffic sourced from the subnet 192.168.12.0/24 to any destination.route-map NAT_ISP1 permit 10
: This command creates a route-map named NAT_ISP1 with sequence number 10. Route-maps are used to manipulate routing information based on specified criteria. In this case, it’s used to match traffic from ACL 101 and interface ethernet0/0.match ip address 101
: This sub-command within the route-map matches the traffic specified by ACL 101.match interface ethernet0/0
: This sub-command within the route-map matches traffic arriving on interface ethernet0/0.route-map NAT_ISP2 permit 10
: Similarly, this command creates another route-map named NAT_ISP2 with sequence number 10. It also matches traffic from ACL 101 but on interface ethernet0/1.ip nat inside source route-map NAT_ISP1 interface ethernet0/0 overload
: This command specifies that traffic matching the criteria defined in route-map NAT_ISP1 should be translated using NAT and then forwarded out of interface ethernet0/0. The ‘overload’ keyword indicates that the router should use Port Address Translation (PAT) for multiple internal addresses to share a single public IP address.ip nat inside source route-map NAT_ISP2 interface ethernet0/1 overload
: Similarly, this command specifies that traffic matching the criteria defined in route-map NAT_ISP2 should be translated using NAT and then forwarded out of interface ethernet0/1
Step 8: Configure The host devices
PC1
PC1(config)#no ip routing
PC1(config)#interface ethernet0/0
PC1(config-if)#ip address 192.168.12.254 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.12.1
PC2
PC2(config)#no ip routing
PC2(config)#interface ethernet0/0
PC2(config-if)#ip address 192.168.12.253 255.255.255.0
PC2(config-if)#no shutdown
PC2(config-if)#exit
PC2(config)#ip default-gateway 192.168.12.1
Step 9: Verify the configuration.
You can verify that the IP SLA tracking is working by shutting down the interface of the active ISP router to see if the edge router will detect and switch over to the secondary ISP router.
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below