本文发表在 rolia.net 枫下论坛If the router connects to the ISP’s layer 3 interface directly, no need to monitor; if they connect to each other via switch, I have revised the configuration as below and tested. It works as we expect!
******************************
R1 simulates the customer’s router, loopback 0 is the internal interface while F0/0 and F0/1
are connecting two ISPs. I deleted some configuration not related to this case.
Both interfaces connect to the ISPs via a switch, not directly.
*******************************
R1#show run
ip subnet-zero
ip cef
!
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.0.2 source-ipaddr 192.168.0.1
timeout 1000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
!
interface Loopback0
ip address 192.168.100.1 255.255.255.255
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
description TO INTERNET VIA BELL AS PRIMARY
ip address 192.168.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
description TO INTERNET VIA ROGERS AS SECONDARY
ip address 192.168.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100
ip route 0.0.0.0 0.0.0.0 192.168.1.2 254
!
ip http server
no ip http secure-server
ip nat inside source route-map BELL interface FastEthernet0/0 overload
ip nat inside source route-map ROGERS interface FastEthernet0/1 overload
!
route-map BELL permit 10
match interface FastEthernet0/0
!
route-map ROGERS permit 10
match interface FastEthernet0/1
!
End
******************************
R2 simulates the ISPs’ routers, loopback 0 is the Internet address, interface while F0/0 and F0/1
are different ISPs and connecting to the same customer. I deleted some configuration not related to this case.
*******************************
R2#show run
ip subnet-zero
ip cef
!
interface Loopback0
ip address 192.168.200.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.252
speed 100
full-duplex
!
End
***************************
Check the R1’s IP route (to 0.0.0.0/0), IP route track, and if IP NAT works well/translations
when the primary next-hop is reachable.
***************************
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.2 to network 0.0.0.0
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 192.168.0.2
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/97/120 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.0.1:8 192.168.100.1:8 192.168.200.1:8 192.168.200.1:8
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [up]
*******************************
Shut the primary next-hop in R2. As R1 connects to a switch, the interface will still be up. The IP Route Track should work for it.
*******************************
R2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#shut
R2(config-if)#
*Mar 1 00:37:01.511: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state
to administratively down
*Mar 1 00:37:02.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to down
R2(config-if)#
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [down]
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [254/0] via 192.168.1.2
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/118/168 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.1.1:9 192.168.100.1:9 192.168.200.1:9 192.168.200.1:9
***********************************
No shut the primary next-hop in R2, the R1’s primary IP route comes back and works.
***********************************
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:38:57.711: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:38:58.711: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to up
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.2 to network 0.0.0.0
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
192.168.100.0/32 is subnetted, 1 subnets
C 192.168.100.1 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 192.168.0.2
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.0.2 track 100 state is [up]
R1#ping
Protocol [ip]:
Target IP address: 192.168.200.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.100.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/88/132 ms
R1#show ip nat tran
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.1:3 192.168.0.1:3 192.168.0.2:3 192.168.0.2:3
icmp 192.168.0.1:10 192.168.100.1:10 192.168.200.1:10 192.168.200.1:10
R1#更多精彩文章及讨论,请光临枫下论坛 rolia.net