Configuring IP SLA to Ensure High Internet Connection Availability

This knowledge base explains how to ensure the high availability of the Internet connection using two links, one is a primary link and the second is a backup. By implementing IP SLA technique using TCP protocol requests, we can ensure that if the primary link goes down, the router automatically switches to the secondary link with a minimum of down time. Upon its recovery, the router places again the primary link route immediately in the routing table.

We take the example of two internet connections, the primary link is an ADSL connection, and the second is a 4G connection.

Configuration steps:

Under the global configuration mode of the router, we create an IP SLA 1 with track using HTTP requests to google.com as shown below:

ip sla 1
 tcp-connect www.google.com 80
 timeout 6000
 frequency 7
!
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability

HTTP requests must be generated from the output interface connected to the ADSL link (Dialer 0) which is the primary link. The tcp-connect command does not have the option of setting the source interface for http traffic generated by the router, except that the source IP address is available which is dynamic (provided by the ISP dynamically). To remedy this problem, we will identify http traffic with an ACL and associate it with a route-map that will define the Dialer 0 as an output interface, as the configuration bellow:

!
ip access-list extended ACL-SLA
 permit tcp any any eq www
!

Configure the route-map that match the ACL and set the output interface as Dialer 0:

route-map PBR-SLA permit 10
 match ip address ACL-SLA
 set interface Dialer0

Apply the route-map localy on the router under the global configuration:

!
ip local policy route-map PBR-SLA
!

Configure two default routes, the first one uses Dialer0 as an output interface and is associated to track 1 object and the second uses Fastethernet 0/1 as an output interface with an administrative distance set to 3 as it is a second default route:

!
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 192.168.1.1 3
!

Finally, we have to configure two NAT entries using two route maps that define the source IP addresses to be translated:

access-list 10 permit any
!
route-map ADSL permit 10
 match ip address 10
 match interface Dialer0
!
route-map 4G permit 10
 match ip address 10
 match interface FastEthernet0/1
!
ip nat translation timeout 5
ip nat inside source route-map 4G interface FastEthernet0/1 overload
ip nat inside source route-map ADSL interface Dialer0 overload

It is highly recommended to reduce the timeout of the NAT translation table entries to a value that is lower than the timeout of IP SLA in order to prevent translating local addresses to public addresses of the link that is not being used. For example, if the primary link fails, which is the ADSL connection in our case, the public IP address of the interface Dialer 0 is still being used because the timeout is set to its default value which is higher than the timeout of the configured IP SLA.