Objective: The PBR policy will be removed facing Uplink-Router once it detected that the server is unreachable.
Policy-based routing (PBR) is a method used to make routing decisions based on policies.
Scenario: Server1 providing web caching to customers for faster web page loading. Since there is route-map in place to route their http/https traffic to the next hop which is Server1, what if this server suddenly goes down?, the expected behaviour is the customer won’t be able to access websites.
1. Configure ACL for http/https
ip access-list extended ACL-WEBpermit tcp any any eq wwwpermit tcp any any eq 443
2. Configure the route-map to match the ACL for http/https and set next-hop to the Server1 that provides the web caching services
route-map ROUTE-MAP-PBR permit 10match ip address ACL-WEBset ip next-hop 192.168.1.11
3. Configure the IP and apply the PBR in this interface as it is facing the customers. (Assumption: L3 routing is configured between Router1 and Uplink-Router e.g. IGP or BGP)
interface fa0/0description Connection to Uplink-Routerip address 172.20.10.2 255.255.255.252ip policy route-map ROUTE-MAP-PBRload-interval 30
4. Configure the SVI to become the Server’s Gateway IP
vlan 100name Server Farm Vlaninterface Vlan100description Server Gatewayip address 192.168.1.1 255.255.255.0ip verify unicast source reachable-via anyload-interval 30
5. Configure L2 for interface facing Server-Switch
interface fa1/0description Server-Switchswitchportswitchport access vlan 100switchport mode accessload-interval 30spanning-tree portfast
Solution: Setup IP SLA to track the Server1 network reachability. If server is down, event manager will kicks in as it tracks the IP SLA (track 1)
A. Configure IP SLA:
ip sla schedule 1 life forever start-time nowtrack 1 ip sla 1 reachabilityip sla 1icmp-echo 192.168.1.11 source-ip 192.168.1.1threshold 500timeout 500frequency 5
For IP SLAs operations, the following configuration guideline is recommended:
(frequency seconds ) > (timeout milliseconds ) > (threshold milliseconds )
B. Configure Event manager:
event manager session cli username “admin”event manager applet PBR-REMOVEdescription REMOVE PBR IN EVENT OF SERVER DOWNevent track 1 state downtrigger occurs 1action 1.0 cli command “enable”action 1.1 cli command “configure terminal”action 1.2 cli command “interface fa0/0”action 1.3 cli command “no ip policy route-map ROUTE-MAP-PBR”action 1.4 cli command “exit”action 1.5 syslog msg “Server Unreachable. PBR removed”
What does this do?
It is like a script:
login as username “admin” (local account) that is authorized to run all of the CLI commands. EEM does not require authentication, so need to add password. Execute the following:
no ip policy route-map ROUTE-MAP-PBR
After this is done, it will send a log saying “Server Unreachable. PBR removed“
Any keyword will do, then can use to trigger NMS server to alerts once received that log