.NODE

Using Backup Interfaces

Problem

You want to configure a router to dial only if it sees a physical failure on the primary WAN interface.

Solution

Cisco routers can watch the physical signals on an interface and trigger a backup interface if the primary link fails. The router will automatically drop the call after the primary circuit comes back up:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/0
Router1(config-if)#backup delay 0 300
Router1(config-if)#backup interface BRI0/0
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#down-when-looped
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 10.1.1.10 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 50 
Router1(config-subif)#exit
Router1(config)#interface BRI0/0
Router1(config-if)#ip address 10.1.99.55 255.255.255.0
Router1(config-if)#encapsulation ppp
Router1(config-if)#dialer idle-timeout 300
Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212
Router1(config-if)#dialer load-threshold 50 either
Router1(config-if)#dialer-group 1
Router1(config-if)#isdn switch-type basic-ni
Router1(config-if)#isdn spid1 800555123400 5551234
Router1(config-if)#isdn spid2 800555123500 5551235
Router1(config-if)#ppp authentication chap
Router1(config-if)#ppp multilink
Router1(config-if)#exit
Router1(config)#dialer-list 1 protocol ip permit
Router1(config)#end
Router1#

 

Discussion

In this example, the primary WAN interface is a Frame Relay connection. Please see Chapter 10 for more information about Frame Relay configuration. However, this would work just as well on just about any kind of interface. The main reason why we used Frame Relay is to show that you have to put the backup commands on the physical interface, not on any subinterfaces or virtual interfaces. If this router loses physical signaling on the serial interface, it will automatically bring up the dial backup. The key to this configuration method is the backup command, which you associate with the primary interface:

Router1(config)#interface Serial0/0
Router1(config-if)#backup delay 0 300
Router1(config-if)#backup interface BRI0/0

In this case, you can see that the backup interface for this serial port is the ISDN interface, BRI0/0. We also included a backup delay command, which specifies two times. The first parameter tells the router how long it should wait before bringing up the backup after it loses signals on this primary interface. In this case, we don't want to wait. If there is a failure, we want the backup to activate immediately. However, in some cases, you might want to delay slightly to save money on backup charges in case the primary comes back again right away. So, if you wanted to wait 15 seconds before dialing, you could configure it like this:

Router1(config-if)#backup delay 15 300

The second number tells the router how long to wait after the primary recovers before dropping the dial connection. In Frame Relay in particular, it can take a minute or more after you see physical signals before there is end-to-end connectivity. So it is important to keep the backup link active until everything has stabilized. Also, sometimes a link will bounce up and down if there are electrical problems. Specifying a sensible delay before dropping the backup link ensures helps with link stability.

We have also included the down-when-looped command on the primary interface:

Router1(config)#interface Serial0/0
Router1(config-if)#down-when-looped

The dial backup will only trigger if this interface line protocol is in a down state. Normally, when you put a circuit into a loopback state for testing, the router considers the interface to be in an up state, but looped. However, in this diagnostic state the circuit will not pass any data. So, by configuring down-when-looped, we ensure that the backup will trigger if somebody runs a loopback test (perhaps unintentionally) on the primary circuit.

In general, we don't recommend using the backup interface method for dial backup. There are many types of WAN problems in which you will lose IP connectivity, but you don't lose physical signaling on the interface. For example, in the Frame Relay case again, there could be a problem in the cloud that causes you to lose your virtual circuit. Or you might be connected to a faulty network termination device that keeps signals active even though it doesn't have a real connection. The floating static method of Recipes 13.1 and 13.2 is much more robust than the backup interface method.

There is another important disadvantage to using the backup interface method. The router keeps backup interfaces disabled until it needs to dial. This causes two problems.

First, it means that you have to wait longer to dial because the router has to first establish physical connectivity with the backup network. In the case of ISDN, this can take 1015 seconds.

The second problem is that, with ISDN interfaces, you lose the ability to see the state of the ISDN connection. Normally, if an ISDN interface is connected but not dialed, you can use the show isdn status command to verify that it is talking to the carrier's switch correctly, as we discussed in Recipe 13.1. However, since the backup interface is disabled with the method shown in the current recipe, you can't easily verify that your backup circuit is working without failing the primary circuit.

There is actually an interesting way to get around this last problem, though. Instead of making your backup interface be a physical interface like an ISDN port, as we did in this example, you could make the backup interface be a dialer interface, as we discussed in Recipe 13.2. In this case, the dialer interface will remain down when the primary is working, but the ISDN interface will still be up. And this means that you will be able to use the various show isdn commands, as you can with the other methods.

There is one interesting extra option to the backup interface configuration that can be useful in some situations. In addition to triggering the backup circuit when the primary circuit fails, you can configure the router to trigger the backup circuit when the load on the primary circuit gets heavy. This is a form of bandwidth on demand:

Router1(config)#interface Serial0/0
Router1(config-if)#backup load 75 25

This command trigger the dial backup when the load on the primary interface rises about 75 percent, and deactivates it when the load drops below 25 percent.

Unlike the dialer load-threshold command discussed in Recipe 13.1, the arguments of backup load command are percentages and not fractions over 255.

Note, however, that to be really useful as additional bandwidth, you have to make sure that the routing over this new connection makes sense. In particular, it doesn't really help much unless the routing protocol sees the two paths as equal and shares the load between them. This will generally require some careful metric tuning in your routing protocol or use of the unequal cost load-sharing features available in some routing protocols. It also may require that the dial backup circuit terminates on the same router as the primary circuit to ensure that two-way load sharing works properly.

See Also

Chapter 10; Recipe 13.1

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index

show all menu





Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net