I am having issues allowing pings on my secondary ISP interface. I have a dual ISP set up with my main connection a 10gbit connection with ISP1 and a backup 1gbit with ISP2. I am currently using path monitoring for internet failover and I also have a few PBF rules for some traffic to leave through ISP2. I was asked by ISP2 to allow ICMP for their subnet so they can monitor the connection. So I set up a second management profile that only allowed ping from their subnet and applied it to that interface. They still can seem to get a response when they ping it. Is there something else that I am missing?
I literally just configured this. I have the default virtual router and then a separate virtual router for each ISP (hub and spoke). With this method, you can prevent the dedicated ISP virtual routers having a zero route to the other ISP. Therefore path monitoring will have the desired effect to flush the zero route for that specific ISP. You need to create a loopback on each virtual router. Then create static routes (hub and spoke) to each ISP router (requires loopback). You can then configure eBGP on those links, along with redistribute. The method I used was local pref on the internal (default) virtual router to designate primary and secondary ISP. The failover is tuned to 3 seconds and then hold time of 2 minutes for fail back. PDF with screenshot can be found here, although this is not a how-to guide, it will give you some of the main concepts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!