Difference between revisions of "Enabling An Interface Using IP SLA And EEM"
(Created page with "I've been playing a lot with running HSRP for both IPv4 and IPv6. One thing I hadn't figured out was how to move my Hurricane Electric IPv6 tunnel from my primary router to t...") |
|||
| Line 22: | Line 22: | ||
ip sla 66 | ip sla 66 | ||
icmp-echo 10.10.10.253 | icmp-echo 10.10.10.253 | ||
| + | +timeout 500 | ||
ip sla schedule 66 life forever start-time now | ip sla schedule 66 life forever start-time now | ||
track 66 ip sla 66 reachability | track 66 ip sla 66 reachability | ||
| − | delay down | + | delay down 3 up 10 |
</PRE> | </PRE> | ||
| − | Finally, create your EEM scripts. The first script will no-shut the tunnel6 interface. This will in turn trigger a DDNSupdate, which will move the tunnel. The second script shuts down the tunnel6 interface | + | Finally, create your EEM scripts. The first script will no-shut the tunnel6 interface. This will in turn trigger a DDNSupdate, which will move the tunnel. The second script shuts down the tunnel6 interface. |
<PRE> | <PRE> | ||
event manager applet MOVE_IPv6_WHEN_PRIMARY_IS_DOWN | event manager applet MOVE_IPv6_WHEN_PRIMARY_IS_DOWN | ||
| Line 44: | Line 45: | ||
action 1.4 cli command "shutdown" | action 1.4 cli command "shutdown" | ||
</PRE> | </PRE> | ||
| + | The key is that the primary router has likely already done its own DDNS update, and moved the tunnel and taken over as the HSRP active router. From my experience, I see a single ping drop when switching back to the primary. | ||
Revision as of 23:29, 15 April 2015
I've been playing a lot with running HSRP for both IPv4 and IPv6. One thing I hadn't figured out was how to move my Hurricane Electric IPv6 tunnel from my primary router to the backup if the primary has an issue. I finally got it working using IP SLA, Embedded Event Manager (EEM) and DynDNS.
First step: create a DDNS update method. Hurricane Electric has a handy feature where you can use DynDNS updates to move your tunnel to a new IP. It's handy if you have a DHCP-enabled internet connection. This should be identical on both the primary and backup routers.
ip ddns update method HURRICANEELECTRIC-TUNNEL HTTP add http://yourusername:yourkey@ipv4.tunnelbroker.net/nic/update?hostname=yourhostnumber interval maximum 0 0 15 0 interval minimum 0 0 10 0
Next, create the tunnel interface on the backup router. Not going into too much depth, as it's all listed on Hurricane Electric's site. The important part here is that the interface is shut down and the DDNS update method is applied to the tunnel interface, not your router's WAN interface. It also needs an IPv4 address (something bogus), otherwise the DDNS update method will never be used.
interface tun6 shutdown ip address 10.10.2.1 255.255.255.254 ip ddns update HURRICANEELECTRIC-TUNNEL
Now create your IP SLA policy and the track object. This pings the LAN interface of the primary router.
ip sla 66 icmp-echo 10.10.10.253 +timeout 500 ip sla schedule 66 life forever start-time now track 66 ip sla 66 reachability delay down 3 up 10
Finally, create your EEM scripts. The first script will no-shut the tunnel6 interface. This will in turn trigger a DDNSupdate, which will move the tunnel. The second script shuts down the tunnel6 interface.
event manager applet MOVE_IPv6_WHEN_PRIMARY_IS_DOWN event track 66 state down action 1.0 syslog msg "PING TO PRIMARY FAILED. MOVING IPv6." action 1.1 cli command "enable" action 1.2 cli command "config t" action 1.3 cli command "interface tun6" action 1.4 cli command "no shutdown" event manager applet RELEASE_IPv6_WHEN_PRIMARY_IS_UP event track 66 state up action 1.0 syslog msg "PING TO PRIMARY SUCCEEDED. MOVING IPv6 BACK." action 1.1 cli command "enable" action 1.2 cli command "config t" action 1.3 cli command "interface tun6" action 1.4 cli command "shutdown"
The key is that the primary router has likely already done its own DDNS update, and moved the tunnel and taken over as the HSRP active router. From my experience, I see a single ping drop when switching back to the primary.