Static Route Removal

L2 Linker

Static Route Removal

Default route via ISP-A (primary) has not yet recovered, even though the monitored IP address (DNS server of ISP-A) is already rechable via the interface connected to ISP-A router. (tested via ping source x.x.x.x host y.y.y.y)

 

I have seen the logs from previous months that the firewall has detected path failure and was able to recover. So I assume the setup is correct?

Any other troubleshooting that I can do? Or any other things to double check on my setup?

L2 Linker

Re: Static Route Removal

Update on this.

Current routing table is still via ISP-B.
Upon using traceroute source x.x.x.x host y.y.y.y, I saw that the DNS Server of ISP-A is being reached via ISP-B.

Do I need to put a specific static route pointing to DNS Server of ISP-A via ISP-A gateway?

L4 Transporter

Re: Static Route Removal

Do you have separate interfaces connected to ISP-A and B?

How are your static routes configured? Sounds like path monitoring. What are you using for source interfaces on each route?

What is the metric configuration on each route?

L3 Networker

Re: Static Route Removal

if you are monitoring ISP A , then yes, the route for the tracking of that DNS(A) would have to be forced through ISP A only using the static routes.

 

~HTH 

L7 Applicator

Re: Static Route Removal

Hello,

You can also specify the interface. Hopefully each ISP has their own?

 

Regards,

L2 Linker

Re: Static Route Removal

Hi All,

 

Here's my setup.

ISPA (eth1/1) and LAN interfaces on one VR1

ISPB (eth1/2) on another VR2

 

VR1 Routes:

-Default route  (defaul admin distance, metric 10) w/ path monitoring (Monitored IP - DNS of ISP-A, source eth1/1, other settings default)

-Backup default route to next VR (default admin distance, metric 20)

-Specific /32 route of DNS of ISP-A to force it via ISP-A Gateway.

-Tunnel Routes


VR2 Routes:
-Defaul route pointing to ISPB gateway

-Return routes to LAN segments (via next VR1)

L2 Linker

Re: Static Route Removal

I just added the specific /32 route going to DNS os ISP-A via the ISP-A Gateway.

ping source eth1/1 (ISP-A port) host DNS of ISPA, fails now. 

L2 Linker

Re: Static Route Removal

Update:

Stand-alone test worked fine.
Can reach the internet and the DNS of ISPA (monitored IP in path monitoring of default route)

 

So I guess the problem is on the PA? Anything that I need to double check?
Checking from previous logs, firewall was able to detect path failure and was also able to recover.

L7 Applicator

Re: Static Route Removal

Hello,

Do you have any dynamic routing between the VR's? Perhaps that is how it learned the routes? But sounds like you have it solved with the static /32 routes. I also use them to be super specific on certain destinations for monitring and dynamic routing.

 

Regards,

L2 Linker

Re: Static Route Removal

Hi @Otakar.Klier,

 

No Dynamic Routes between VR's.

Adding the specific /32 static route did not resolve the problem.

 

Path Monitoring status is stil down.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!