On our main MPLS network at work we do nothing but static routes to send out all our traffic. Which sometimes is nice, but sometimes not having the control is not so nice. We have a backup frame relay network at the moment that sits idle unless hsrp kicks in and makes the frame relay routers the main exit point of the network. I have hsrp monitoring the multilink interfaces of the MPLS routers at our corporate office and our spoke offices. Now my issue has always been if something were to go down in the isp cloud and not affect the interface status hsrp would never kick in to forward the packets out of the backup router. Why would it right? It would see the multilink interface still showing up/up. Also since there is no dynamic routing protocol to take the route out of the routing table it seemed I was stuck just monitoring the multilink interface.

So I got the bright idea to create multiple tunnel interfaces with our hub router and all the spokes. I was thinking hey I finally put some of my CCIE studies to good use here! So I configured 6 tunnel links and was cheerfully setting hsrp to monitor the tunnel interface on the spoke routers. No matter if the link went down on our end or in the ISP cloud the tunnel would drop and hsrp would send the traffic out the backup network.

As long as the main router doesn’t know to send traffic out of the backup network the tunnel interface should stay down. Since all the spokes iniate all the remote traffic and traffic will be sent out the path from which it came this should not be an issue really.


Well this idea is not going to work the way I have it configured. I noticed the tunnel interfaces I was creating were coming right up to a up/up state. So I configured a quick test tunnel on a spoke router with the destination address set to a non-exsistant ip address on our network.

Tunnel2 unassigned YES manual up up

As you can see it is still showing up/up even though the destination doesn’t exsist. So the tunnel thinks it can get out no matter what the destination ip address is. Then I found this on the Doc CD:

“It is not possible to use the HSRP configuration to track the GRE tunnel interface. However, the tunnel interface never goes down and the track never triggers failover.”

Looks like I am going to have to read into standby tracking object “#”. Just wondering if I can create a tracking group to the end ip address of the tunnel…

***Update part 2***

Well I am able to use an enhance object tracker to accomplish this

track 1 ip route reachability
standby 1 track 1 decrement 50

What I did was create the tunnel interfaces on both ends

Enable EIGRP and enable the process on the tunnel ip addresses

Then I created a loopback interface and advertised that into EIGRP

Now I can track the route so if the main interface would drop the tunnel would still show up/up but would drop its EIGRP adjacency which would drop the route.

The question is do I want to do all this? I can always just track the multilink interface and if something ever went down in the isp cloud I would just vpn in and down the interface manually.

Enhanced Object Tracking

***Last Update***

I just got an email from Mike Litka which helped a ton and will make this easier.

“…Once keepalives are enabled on the interface they will report down if the other end is unreachable.

int t0

Let me know if that helps..."

Jun 10 17:35:51.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

Good show!

Completed Items

  • Internetwork Expert cod day3 (well almost)
  • Finished the OSPFv2 chapter in Routing TCP/IP
  • I am not weighing myself after my weekend lol 🙂

Goals for last week

  • Get through Day 3 of the cod
  • OSPF Chapter of Jeff Doyle’s Routing TCP/Volume I
  • Work through the core sections of the workbook I labs
  • Drop 2 pounds?

I still have a little of Route Redistribution yet to finish in the COD. I will follow that up with reading the chapter in Routing TCP/IP as well. The past weekend was a little tough, I had a friends birthday feast Saturday night and yesterday was my one year wedding aniversary so I really didn’t get much done. The wife is only so forgiving, if I told her I had to study yesterday and we could not do anything I would of been stabbed. Oh well :). We also have some baby basic classes to go to this week(not my idea) so I am not making out a set schedule because I know it is going to be hard to follow this week.

Since I work with ASA boxes every day this was an interesting read. This could very well save you a ton of grief one day if you work with them as well.

“As engineers, we don’t always document things as well as we should OR someone you work with is always “too busy” to document their work. This little trick will show you how to recover pre-shared keys on a Cisco Pix or ASA firewall.”

Full post here with video

I good post, boredom I think hits all of us eventually!

“Random tip of the day – When you’re at a restaurant with your wife and she asks you if there’s anything on her face, “nothing worth mentioning” is not the right answer.

I seem to be going through phases. Last week I oscillated between panic and calm, now I’ve moved into boredom. I just wish this stupid test was over. I remember this feeling from college; I would always prepare responsibly for finals, and the last few days were just annoying since I’d gotten as prepared as I could be. I’m not quite as prepared as I can be, but I’m almost there.

I did IE Volume 2 Lab 4 on Friday. It had a couple of interesting looking things when I skimmed it, and I figured I’d see how I fared on a level 6 difficulty lab. I guess it’s good news that I was bored. I finished in about 6.25 hours, but I could tell I was going really slowly the entire way. I just couldn’t muster the energy to care. It was interesting to see that some things I was scared of before (like mutation maps) were just something I looked up to be sure, but did 90% from memory…”

Read more

I only have 10 people that come here anyhow 😛

Jeremy over on Packet life has posted his new Multicast cheat sheet. Along with his other cheat sheets, it is a good reference and worth checking out.

Also he has posted his notes on his readings so far of Routing TCP/IP Volume I if you would like to read those as well.