Requirement:Route Monitoring enables the Mobility Access Switch to monitor the L3 uplink status using ping probe. Route monitoring is deployed on the outer most uplink of branch office where default routes or static routes are installed. Ping probe destined to a server IP address is sent on the uplink interface which is under monitoring. Based on the status of ping reply, probe status of the interface is updated to up or down. Interface probe status is changed from up to down, when there are consecutive unacknowledged pings. Similarly, interface probe status is changed from down to up when there is an acknowledged ping. When the probe status of the interface is down, the Mobility Access Switch removes the network routes from the routing table. When the probe status of the interface is up network routes are added back. However, the directly connected routes and the dynamic routes (that are managed by the respective protocols) are not affected by the probe status. For example OSPF routes are not deleted when the probe status goes down.
This feature is useful for branch deployments where a branch office Mobility Access Switch has two WAN uplinks (primary and standby). When the Mobility Access Switch detects an L3 failure in an established VPN over a primary uplink, it removes the network routes from the routing table and establishes the VPN tunnel through the configured standby uplink. The Mobility Access Switch detects when the primary uplink comes back up and re-establishes the VPN tunnel through the same.
Solution:Note: By default Route Monitoring is disabled on the Mobility Access Switch.
Enabling Route Monitoring
You can enable Route Monitoring on the Mobility Access Switch using the following steps in the CLI:
1. Configure a probe profile.
2. Apply the profile to the uplink VLAN interface.
Important Points to Remember
l You can associate only one probe-profile per VLAN interface.
l You can associate the same probe-profile for multiple VLAN interfaces.
l You can configure up to four probe-profiles on the Mobility Access Switch.
l You can configure up to two host IP addresses in a probe-profile. When there are multiple hosts, probe status of the interface is changed to up if ping succeeds to at least one of the configured hosts.
l Only one instance of pkt-lost-cnt and pkt-send-freq is allowed in a probe-profile.
l In the following scenarios, the probe status is marked as down and is independent of the packet lost count:
- IP address is not assigned for the interface where the probe is applied. The probe statistics is cleared in this case.
- Protocol is down for the interface. The probe statistics is cleared in this case.
- Route is not present for the probe destination.
- MAC is not resolved for the route next-hop.
Configuration:Configuring the Probe profile:
Wecan use the following CLI commands to create and configure the probe profile:
Use the following CLI command to create a probe profile:
(host) (config) #probe-profile <profile-name>
Execute the following command to configure the destination server IP address to be probed using ping:
(host) (probe profile "<profile-name>") #destination <ip-address>
To configure the minimum number of ping responses to keep the probe status up, execute the following command:
(host) (probe profile "<profile-name>") #pkt-found-cnt <pkt-found-cnt>
The default value is 6 and the allowed range is 2-32.
To configure the minimum number of packet loss in the ping to mark the interface probe status as down:
(host) (probe profile "<profile-name>") #pkt-lost-cnt <pkt-lost-cnt>
The default value is 6 and the allowed range is 2-32.
To configure the frequency at which you want to send the ping packets, execute the following command:
(host) (probe profile "<profile-name>") #pkt-send-freq <pkt-send-freq>
The default value is 5 seconds and the allowed range is 1-32 seconds.
To configure the protocol used for the probe operation, execute the following command:
(host) (probe profile "<profile-name>") #protocol icmp
This release provides support only for ping probe and hence the only option available to choose is ICMP.
Execute the following commands to apply the probe profile to the uplink interface:
(host) (config) # interface vlan <vlan>
(host) (vlan "<vlan>") # probe-profile <profile-name>
Configuring metric is optional.
Sample Configuration:
(host) (config) #probe-profile L3Monitoring
(host) (probe profile "L3Monitoring") #destination 10.1.10.1
(host) (probe profile "L3Monitoring") #pkt-found-cnt 16
(host) (probe profile "L3Monitoring") #pkt-lost-cnt 16
(host) (probe profile "L3Monitoring") #pkt-send-freq 11
(host) (probe profile "L3Monitoring") #protocol icmp
(host) (config) # interface vlan 1
(host) (vlan “1") # probe-profile L3Monitoring
Starting from ArubaOS 7.4.0.3, the output of the show probe command displays a new column, Flags. The Flags column indicates the causes due to which the probe status of the interface is down. The cause can be
one of the following:
l IP is your own-ip
l Protocol is down for the interface
l IP not assigned for the interface
l MAC is not resolved for the route next-hop
l Route is not present for the probe destination
l URL is not resolved
Note: If the URL is not resolved, the probe status of the interface remains as Up to ensure that the routes remain in the routing table to reach the DNS server. However, the Sent and Received columns display N/A to indicate that no packets are forwarded.
VerificationVerifying Route Monitoring Configuration:
Use the following command to view the configuration on a probe-profile:
(host) #show probe-profile L3Monitoring
probe profile "L3Monitoring"
----------------------------------
Parameter Value
--------- -----
Destination IP 10.1.10.1
Packet Lost Count 16
Packet Found Count 16
Packet Send Frequency (Secs) 11
Protocol icmp
Use the following command to view the list of probe-profiles configured and their references:
(host) #show probe-profile
probe profile List
------------------
Name References Profile Status
---- ---------- --------------
default 0 N/A
L3Monitoring 1 N/A
test 0 N/A
Total:3
Viewing Probe Status of Interfaces
Use the following show commands to check the probe status of the interfaces where the probe profile is attached.
(host) #show probe
IPV4 PROBE Table
----------------
Vlan Server Protocol Port Probe-State Sent Received
----- ------ -------- ---- ----------- ---- --------
vlan1 10.1.10.1 ICMP N/A Up 1045 1034
Total Probe host entries: 1
(host) #show ip interface brief
Flags: S - Secondary IP address
Probe: U - Up, D - Down, U/O - Up & Own IP, N/A - Not Applicable
Interface IP Address / IP Netmask Admin Protocol Probe Flags
vlan 1 10.16.4.1 /255.255.255.0 Up Up U
vlan 400 18.18.8.9 /255.255.255.0 Up Down N/A
(host) #show ip interface vlan 1
vlan 1 is Up, protocol is Up
Internet address is 10.16.4.1 /255.255.255.0
Address is statically configured
MTU is 1500
Metric 10
Probe Name: L3Monitoring, Probe Status: Up
(host) #show interface vlan 1
VLAN1 is administratively Up, Line protocol is Up
Hardware is CPU Interface, Address is 00:0b:86:6b:39:80
Description: Management Interface
Internet address is 10.16.4.1, Netmask is 255.255.255.0
IPV6 link-local address is fe80::b:8600:16b:3980
Global Unicast address(es):
Routing interface is enabled, Forwarding mode is enabled
Directed broadcast is disabled, BCMC Optimization disabled
Encapsulation 802, Loopback not set
Interface index: 50331649
MTU 1500 bytes
Metric 10
Probe Name: L3Monitoring, Probe Status: Up
Viewing Route Monitoring Logs:
To view the logs related to route monitoring such as route not present and MAC not resolved, enable the probe
flag using the following commands:
(host) (config) #traceoptions
(host) (traceoptions) #routing flags probe
When there is no route present the probe status goes down and displays the following log:
No nexthop via <vlanid> for probe destination <destip>
If probe status is down due to Mac address not resolved, the following log is displayed:
Mac address is not resolved for nexthop
The following sample displays the output of the show probe command:
(host) #show probe
IPV4 PROBE Table
----------------
Vlan Server Protocol Port Probe-State Sent Received Flags
----- ------ -------- ---- ----------- ---- -------- -----
vlan1 10.16.44.110 ICMP N/A Own-IP N/A N/A IP is your own-ip
vlan1 10.16.52.8 ICMP N/A Up 2 1 N/A
vlan1 www.google.com ICMP N/A Up 1 0 N/A
vlan50 10.16.52.8 ICMP N/A Down N/A N/A Protocol is down for the
interface
Total Probe host entries: 4