Enabling An Interface Using IP SLA And EEM

From Baranoski.ca
Jump to navigation Jump to search

I've been playing a lot with running HSRP for both IPv4 and IPv6. One thing I hadn't figured out was how to move my Hurricane Electric IPv6 tunnel from my primary router to the backup if the primary has an issue. I finally got it working using IP SLA, Embedded Event Manager (EEM) and DynDNS.

First step: create a DDNS update method. Hurricane Electric has a handy feature where you can use DynDNS updates to move your tunnel to a new IP. It's handy if you have a DHCP-enabled internet connection. This should be identical on both the primary and backup routers. 

ip ddns update method HURRICANEELECTRIC-TUNNEL
 HTTP
  add http://yourusername:yourkey@ipv4.tunnelbroker.net/nic/update?hostname=yourhostnumber
 interval maximum 0 0 15 0
 interval minimum 0 0 10 0

Next, create the tunnel interface on the backup router. Not going into too much depth, as it's all listed on Hurricane Electric's site. The important part here is that the interface is shut down and the DDNS update method is applied to the tunnel interface, not your router's WAN interface. It also needs an IPv4 address (something bogus), otherwise the DDNS update method will never be used. 

interface tun6
 shutdown
 ip address 10.10.2.1 255.255.255.254
 ip ddns update HURRICANEELECTRIC-TUNNEL

Now create your IP SLA policy and the track object. This pings the LAN interface of the primary router. 

ip sla 66
 icmp-echo 10.10.10.253
 timeout 50
ip sla schedule 66 life forever start-time now
track 66 ip sla 66 reachability
 delay up 10

Finally, create your EEM scripts. The first script will no-shut the tunnel6 interface. This will in turn trigger a DDNS update, which will move the tunnel. The second script shuts down the tunnel6 interface. 

event manager applet MOVE_IPv6_WHEN_PRIMARY_IS_DOWN
 event track 66 state down
 action 1.0 syslog msg "PING TO PRIMARY FAILED.  MOVING IPv6."
 action 1.1 cli command "enable"
 action 1.2 cli command "config t"
 action 1.3 cli command "interface tun6"
 action 1.4 cli command "no shutdown"
event manager applet RELEASE_IPv6_WHEN_PRIMARY_IS_UP
 event track 66 state up
 action 1.0 syslog msg "PING TO PRIMARY SUCCEEDED.  MOVING IPv6 BACK."
 action 1.1 cli command "enable"
 action 1.2 cli command "config t"
 action 1.3 cli command "interface tun6"
 action 1.4 cli command "shutdown"

The key is that the primary router has likely already done its own DDNS update, and moved the tunnel and taken over as the HSRP active router. From my experience, I see a single ping drop when switching back to the primary.

Retrieved from "https://baranoski.ca/index.php?title=Enabling_An_Interface_Using_IP_SLA_And_EEM&oldid=247"