Last week we needed to make our network as redundant as possible. We have two different circuits coming from two different ISP’s, one is our main circuit, the other is used only for backup purposes. While we could manually change routes in case one of our circuits or routers failed, we wanted to automate the process so no human intervention was needed. I accomplished this by turning on OSPF on all the internal routers and did PBR (Policy-based routing) for all default routes. This allows OSPF to handle all routes and backup routes within the Autonomous System, and the routing policy handles the static routing. This created a redundant network. Here is how I configured it:
FYI – All networks are /24 networks – they all have 255.255.255.0 netmask.
We do router Internal1. I will not go over assigning ip addresses to interfaces. I will only concentrate on the OSPF set up and the PBR. The same configuration applies to all the routers, except that the path of the default route will change depending on where you are on the network.
Setting up OSPF
INTERNAL1(config)#router OSPF 1 – To enter in to router OSPF configuration mode.
INTERNAL1(config-router)#network 10.10.10.0 0.0.0.255 area 0 - To advertise the 10 network.
INTERNAL1(config-router)#network 4.4.4.0 0.0.0.0.255 area 0 - To advertise the 4 network.
INTERNAL1(config-router)#exit - To go back to configuration mode.
Setting up PBR
INTERNAL1(config)#ip sla monitor 10 - To create an SLA monitor, 10 is just an arbitrary # to identify the monitor.
INTERNAL1(config-sla-monitor)# type echo protocol ipIcmpEcho 4.4.4.4 – The router will monitor pings to the next hop router.
INTERNAL1(config-sla-monitor-echo)# frequency 3 – The SLA repeats every 3 seconds.
INTERNAL1(config-sla-monitor-echo)# exit – To return to configuration mode.
INTERNAL1(config)# ip sla monitor schedule 10 start-time now life forever – We schedule the SLA monitor to start now and run forever.
INTERNAL1(config-router)#exit - To go back to configuration mode.
INTERNAL1(config)#track 10 rtr 10 reachability – This will create tracking object 10 using SLA 10.
INTERNAL1(config)#ip route 0.0.0.0 0.0.0.0 4.4.4.4 track 1 – To create a default route using the tracking object we just created.
INTERNAL1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2 10 – This is the backup default route with a metric of 10.
Now the router will ping Edge1 and if it is up it will route via Edge 1, otherwise all traffic will route via INTERNAL2.
The same principles can be applied to all the other routers. We do not run OSPF on the interfaces in the EDGE routers that connect to the isp’s.
One thing to keep in mind is that if you have any dedicated ip’s terminating at any device on your network, none of that stuff will work. For example, if you are using a public ip from ISP1 for your email server, once the route to from that network goes down and the back up route kicks in, your email server will no longer work. In order to create a completely redundant network, you must run eBGP on both edge routers and advertise the same block of ip’s on both circuits, also you need to create a iBGP peering session between the two edge routers. That will be the next step on this process, and I will write about that once I have successfully completed the project.
