Objective: The PBR policy will be removed facing Uplink-Router once it detected that the server is unreachable.
Policy-based routing (PBR) is a method used to make routing decisions based on policies.
Scenario: Server1 providing web caching to customers for faster web page loading. Since there is route-map in place to route their http/https traffic to the next hop which is Server1, what if this server suddenly goes down?, the expected behaviour is the customer won’t be able to access websites.
Pre-setup:
1. Configure ACL for http/https
Router1#
ip access-list extended ACL-WEBpermit tcp any any eq wwwpermit tcp any any eq 443
2. Configure the route-map to match the ACL for http/https and set next-hop to the Server1 that provides the web caching services
Router1#
route-map ROUTE-MAP-PBR permit 10match ip address ACL-WEBset ip next-hop 192.168.1.11
3. Configure the IP and apply the PBR in this interface as it is facing the customers. (Assumption: L3 routing is configured between Router1 and Uplink-Router e.g. IGP or BGP)
Router1#
interface fa0/0description Connection to Uplink-Routerip address 172.20.10.2 255.255.255.252ip policy route-map ROUTE-MAP-PBRload-interval 30
4. Configure the SVI to become the Server’s Gateway IP
Router1#
vlan 100name Server Farm Vlaninterface Vlan100description Server Gatewayip address 192.168.1.1 255.255.255.0ip verify unicast source reachable-via anyload-interval 30
5. Configure L2 for interface facing Server-Switch
Router1#
interface fa1/0description Server-Switchswitchportswitchport access vlan 100switchport mode accessload-interval 30spanning-tree portfast
Solution: Setup IP SLA to track the Server1 network reachability. If server is down, event manager will kicks in as it tracks the IP SLA (track 1)
A. Configure IP SLA:
Router1#
ip sla schedule 1 life forever start-time nowtrack 1 ip sla 1 reachabilityip sla 1icmp-echo 192.168.1.11 source-ip 192.168.1.1threshold 500timeout 500frequency 5
where:
For IP SLAs operations, the following configuration guideline is recommended:
(frequency seconds ) > (timeout milliseconds ) > (threshold milliseconds )
B. Configure Event manager:
Router1#
event manager session cli username “admin”event manager applet PBR-REMOVEdescription REMOVE PBR IN EVENT OF SERVER DOWNevent track 1 state downtrigger occurs 1action 1.0 cli command “enable”action 1.1 cli command “configure terminal”action 1.2 cli command “interface fa0/0”action 1.3 cli command “no ip policy route-map ROUTE-MAP-PBR”action 1.4 cli command “exit”action 1.5 syslog msg “Server Unreachable. PBR removed”
What does this do?
It is like a script:
login as username “admin” (local account) that is authorized to run all of the CLI commands. EEM does not require authentication, so need to add password. Execute the following:
configure terminal
interface fa0/0
no ip policy route-map ROUTE-MAP-PBR
exit
After this is done, it will send a log saying “Server Unreachable. PBR removed“
Any keyword will do, then can use to trigger NMS server to alerts once received that log
Enjoy!
Be First to Comment