This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Dual ISP setup on 1 virtual router kb issue

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dual ISP setup on 1 virtual router kb issue

TommieVanHove
L3 Networker

‎01-13-2025 12:05 AM

Hello.

so I need to setup a dual ISP setup and found below kb.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO

I know there is also one using different virtual routers but for this specific setup it seems this one is a slightly better match.

however 1 thing in the kb bothers me and in the past when I did this setup I did it slightly different but I'm not sure if it's the best option.

It's in regards to the route monitoring config.
the kb states that you should/can configure the default gateway of the isp as the next hop to monitor. this is fine if the ISP device( router/whatever) onsite goes down or there  is an issue with the interface.
however if the onsite device is fine but the further connection to internet is impacted it won't fail over.
the router is still responding to the ping, so no issue, all network traffic will time out due to the router's next hop  being unreachable.
(I suspect

How I "fixed" this in a previous setup was by defining a host route to a specific server over each isp ( in my case both isp also hosted local dns servers that responded to ping.
so I configured a hostroute to each dns server to always go over 1 isp and then use those for the path monitoring.

pro:
I monitor an actual connection that needs to get on the internet and back.  not just the next hop.

con:
If anyone uses those dns servers for actual dns they will be impacted if one link is down as those routes don't failover.

if those dns servers of one ISP have an issue it will trigger a false failover.
it's not pretty with those /32 routes.

Is there a better way to do this? or is this the way (despite the con's

0 Likes Likes
1 REPLY 1

ozheng
L4 Transporter

‎01-13-2025 06:23 PM

Hello @TommieVanHove ,

 

If you can perform a BGP peering with you, I think you don't need to do the route monitoring.

 

Olivier

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

0 Likes Likes
  • 414 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks