Objective: The PBR policy will be removed facing Uplink-Router once it detected that the server is unreachable.
Policy-based routing (PBR) is a method used to make routing decisions based on policies.
Scenario: Server1 providing web caching to customers for faster web page loading. Since there is route-map in place to route their http/https traffic to the next hop which is Server1, what if this server suddenly goes down?, the expected behaviour is the customer won't be able to access websites.
Pre-setup:
1. Configure ACL for http/https
Router1#
ip access-list extended ACL-WEB
permit tcp any any eq www
permit tcp any any eq 443
2. Configure the route-map to match the ACL for http/https and set next-hop to the Server1 that provides the web caching services
Router1#
route-map ROUTE-MAP-PBR permit 10
match ip address ACL-WEB
set ip next-hop 192.168.1.11
3. Configure the IP and apply the PBR in this interface as it is facing the customers. (Assumption: L3 routing is configured between Router1 and Uplink-Router e.g. IGP or BGP)
Router1#
interface fa0/0
description Connection to Uplink-Router
ip address 172.20.10.2 255.255.255.252
ip policy route-map ROUTE-MAP-PBR
load-interval 30
4. Configure the SVI to become the Server's Gateway IP
Router1#
vlan 100
name Server Farm Vlan
interface Vlan100
description Server Gateway
ip address 192.168.1.1 255.255.255.0
ip verify unicast source reachable-via any
load-interval 30
5. Configure L2 for interface facing Server-Switch
Router1#
interface fa1/0
description Server-Switch
switchport
switchport access vlan 100
switchport mode access
load-interval 30
spanning-tree portfast
Solution: Setup IP SLA to track the Server1 network reachability. If server is down, event manager will kicks in as it tracks the IP SLA (track 1)
A. Configure IP SLA:
Router1#
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 192.168.1.11 source-ip 192.168.1.1
threshold 500
timeout 500
frequency 5
where:
For IP SLAs operations, the following configuration guideline is recommended:
(frequency seconds ) > (timeout milliseconds ) > (threshold milliseconds )
B. Configure Event manager:
Router1#
event manager session cli username "admin"
event manager applet PBR-REMOVE
description REMOVE PBR IN EVENT OF SERVER DOWN
event track 1 state down
trigger occurs 1
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface fa0/0"
action 1.3 cli command "no ip policy route-map ROUTE-MAP-PBR"
action 1.4 cli command "exit"
action 1.5 syslog msg "Server Unreachable. PBR removed"
What does this do?
It is like a script:
login as username "admin" (local account) that is authorized to run all of the CLI commands. EEM does not require authentication, so need to add password. Execute the following:
configure terminal
interface fa0/0
no ip policy route-map ROUTE-MAP-PBR
exit
After this is done, it will send a log saying "Server Unreachable. PBR removed"
Any keyword will do, then can use to trigger NMS server to alerts once received that log
Enjoy!
No comments:
Post a Comment