Cisco 881G - Configuring Dynamic Failover On a Backup 3G Cellular Link09 Jan 2012
What’s the scenario? We have a small LAN using private IP addresses which need to be translated on both the external links. The primary link is an Ethernet drop so it’s very unlikely to change its state to down so that the router can detect the link failure and make the changes in its RIB. In order to detect a failure on the primary link we have to implement a mechanism which takes an external point as reference and measures different parameters. For instance in my scenario we will send ICMP packets to an external IP address - 220.127.116.11, the Google public DNS server, and measure the RTT. As long as the RTT value is within certain limits the default route will be set on the primary link. If it exceeds that value then the default route set on the primary link will be dropped out of the routing table and a secondary default route - the one from the backup link, which has a higher administrative distance will take its place.
We have to make sure that the ICMP packets sent for checking the RTT will be sent only from the primary link. Otherwise when the backup link becomes active it checks the RTT and gets a proper value and it install the primary default route thus resulting in a loop of default routes.
Enough with the words, now let’s get to the config lines:
First of all, let’s configure the cellular interface so that it can connect to the 3G network:
Configuring the cellular interface
We must ensure that the SIM card is not locked with a PIN code - Cellular 0 is the interface:
We need to create a gsm profile with the settings associated with your data account:
Next we need to create a chat script which sends commands to the 3G modem to connect to the remote system. The chat script is called CellScript with a timeout value of 30 seconds. Please note that the script may be different depending on the carrier.
Associate the created chat script to the 3G modem line, for the 881G is line 3:
Next we should create a Dialer interface:
The next step required is to configure the Cellular interface
Create a dialer list which allows IP packets for the interfaces in dialer group 2:
Add a default route and you should have a working 3G data link:
Configuring NAT with multiple pools
OK, now that we have set the 3G backup data link I assume that you know how to configure the primary Ethernet link so we can pass to the next section: how to get Network Address Translation work on both interfaces. First we need to set an access list which identifies our private addresses - in my case: 10.0.0.0/28
Next we’ll create route maps which identify both the private ip addresses by the ACL created above and the external interface:
Last we have to set the NAT direction on the interfaces we are interested in:
Now that we have the route maps set we need the create the NAT translation rules. On both of the interfaces I will set NAT overload as I have a single IP address assigned by the ISP:
Configuring dynamic failover with Cisco IP SLAs
The address translation is complete too. In the next section we will implement the dynamic failover mechanism using Cisco IP Service Level Agreements ( SLAs ). The Cisco IOS IP SLA is a powerful tool which can help improve your networks services. It allows you to monitor traffic parameters like round-trip delay, one-way delay, one-way jitter, packet loss, TCP connection time, DNS lookup time and many others. Let’s get to the config line and show how we should implement the SLAs.
To review the above config lines: The routers pings 18.104.22.168 with ICMP REQUEST packets having the source address of Fa4 and if an ICMP REPLY packet isn’t received within 150ms the IP SLA operation is considered to have failed. This process is repeated once every 2 seconds. We set this process to start now and occur forever.
Now what happens if the IP SLA operation fails? In the following lines we’ll tell the router what to do in that case:
We need to create a track object to monitor the status of the IP SLA we have created:
The track object informs the static route if a state change of the IP SLA occurs.
Next we will associate the primary default route with the tracker.
and assign a higher administrative distance to the secondary default route:
And that should be all. You should now have a dynamic failover route without having to enable dynamic routing protocols. Pretty cool :)