Hi list.
I'd like to setup my default routes to the Interwebz to be conditional on
reachability of something on the Interwebz. I got two different ISPs (no
BGP). I'm trying to figure out what would be a reliable object to track?
Meaning, it's probably not reasonable to track my ISPs default gateway,
since it does not protect me from someone on the ISP side screwing up. I'm
thinking of tracking something like google.com, but am not sure if after I
resolve google.com for the first time, it will be simply tracking an
arbitrary server (or some load balancer).
I wanted to see what experienced folks think is a reliable tracking target.
Any comments are much appreciated.
thank you,
Publicly advertised DNS server IPs should be good, such as google's 8.8.8.8
and 8.8.4.4.
Make sure you source your icmp-echos from the address on the interface
facing your primary ISP, otherwise your routing table will oscillate
continually until your primary ISP comes back up. Here's how I did it
with a cable ISP (note my event manager stuff uses no email body to get
around the bug in previous versions of IOS, this may no longer be
necessary):
ip sla 1
icmp-echo <random root dns server> source-interface <internet-facing
timeout 3000
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo <random root dns server> source-interface <internet-facing
timeout 3000
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo <random root dns server> source-interface <internet-facing
timeout 3000
frequency 10
ip sla schedule 3 life forever start-time now
track 1 rtr 1 reachability
delay down 30 up 30
track 2 rtr 2 reachability
delay down 30 up 30
track 3 rtr 3 reachability
delay down 30 up 30
track 4 list boolean or
object 1
object 2
object 3
interface <internet-facing interface>
ip dhcp client route track 4
ip address dhcp
ip nat outside
end
ip dhcp-client default-router distance 5
ip route 0.0.0.0 0.0.0.0 somewhereelse 10
event manager applet ISPDown
event syslog pattern "%TRACKING-5-STATE: 4 list boolean or Up->Down"
action ISPDown.1 mail server "<cellprovidersmx>" to
"<mynumber>@<mycellprovider>" from "routers@<mydomain>" subject "ISP
Service Down"
event manager applet ISPUp
event syslog pattern "%TRACKING-5-STATE: 4 list boolean or Down->Up"
action ISPUp.1 mail server "<cellprovidersmx>" to
"<mynumber>@<mycellprovider>" from "routers@<mydomain>" subject "ISP
Service Up"
I'd rather send him to something more open like kernel.org; anything but Google's DNS. Google's DNS is a little too nefarious for my taste.
Level 3's 4.2.2.1 and 4.2.2.2 are excellent options for tracking.
Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
Would it be more reasonable to track a root DNS server that is available via
anycast?? Something like 192.33.4.12?
Not sure how accurate this is:
http://en.wikipedia.org/wiki/Root_nameserver
<tinfoil hat off>
nefarious? as a route object to track for selection of a default route? really?
</tinfoil hat off>
I think watching something 'very stable' like.... 198.6.0.0/16 may be
useful, but in the end "pick some route that's long lived and not in
just your upstream's control', that you see via both upstreams." seems
like the best option.
-chris
I think that a better word than "nefarious" would be "smart" -- Google's DNS may be doing its own optimizations which may conflict with your "route that's long lived" constraint.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
I think that "good" is all relative to what you are most likely to be
able to reach from wherever your location happens to be!
Google's... Level 3's..... Root DNS servers (anycast).... Pick something.
Scott
Curtis Maurand wrote:
To be absolutely safe, choose 4-5 of the ideas, track all of them and use a composite track object to combine them 
You can find a lot more details (including the oscillating routing problem) here:
http://www.nil.com/ipcorner/SmallSiteMultiHoming/
http://wiki.nil.com/Small_site_multihoming
Good luck!
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info