On Internet interface
1. enabled path monitoring on Outside1
Result in CLI:
interface GigabitEthernet0/0
nameif Outside1
security-level 0
ip address 192.0.2.11 255.255.255.0
policy-route path-monitoring 9.9.9.9
!
interface GigabitEthernet0/1
nameif Outside2
security-level 0
ip address 198.51.100.40 255.255.255.0
policy-route path-monitoring 1.1.1.1
!
interface GigabitEthernet0/0
nameif Outside1
security-level 0
ip address 192.0.2.11 255.255.255.0
policy-route path-monitoring 9.9.9.9
!
interface GigabitEthernet0/1
nameif Outside2
security-level 0
ip address 198.51.100.40 255.255.255.0
policy-route path-monitoring 1.1.1.1
!
Path monitoring works with PBR together, without PBR, Path monitoring status change doesn't change routing.
for example, before configure PBR, if ISP1 has outage, Path monitoring on Outside1 fails, but the indirect circuit doesn't bring down Outside1 interface, FTD doesn't remove the ISP1 default route, traffic is still sending to the failed ISP1.
3. Add PBR
Test:
When ISP1 has outage, traffic is sending to Outside2
FTD74-NA# show path-monitoring
Interface: Outside2 (GigabitEthernet0/1)
Remote peer: 1.1.1.1
Remote peer reachable: Yes
RTT average: 2499 microsecond(s)
Jitter: 1099 microsecond(s)
Packet loss: 0%
MOS: 4.40
Last updated: 21 second(s) ago
Interface: Outside1 (GigabitEthernet0/0)
Remote peer: 9.9.9.9
Remote peer reachable: No
Statistics should be available in ~27 second(s)
When ISP1 restored
FTD74-NA# show path-monitoring
Interface: Outside2 (GigabitEthernet0/1)
Remote peer: 1.1.1.1
Remote peer reachable: Yes
RTT average: 2337 microsecond(s)
Jitter: 213 microsecond(s)
Packet loss: 0%
MOS: 4.40
Last updated: 4 second(s) ago
Interface: Outside1 (GigabitEthernet0/0)
Remote peer: 9.9.9.9
Remote peer reachable: Yes
RTT average: 2105 microsecond(s)
Jitter: 261 microsecond(s)
Packet loss: 47%
MOS: 0.0
Last updated: 4 second(s) ago
FTD74-NA# show policy-route
Interface Route map
GigabitEthernet0/2 FMC_GENERATED_PBR_1758898757264
FTD74-NA#
FTD74-NA#
FTD74-NA# sh route-map FMC_GENERATED_PBR_1758898757264
route-map FMC_GENERATED_PBR_1758898757264, permit, sequence 5
Match clauses:
ip address (access-lists): All-Traffic
Set clauses:
adaptive-interface rtt Outside1 (1929) Outside2 (2251)
FTD74-NA#
Comments
Post a Comment