Track Static Routes for Service VPNs

Table 1. Feature History

Feature Name

Release Information

Description

Static Route Tracker for Service VPNs for Cisco vEdge Devices

Cisco SD-WAN Release 20.4.1

Cisco vManage Release 20.4.1

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

TCP/UDP Endpoint Tracker and Dual Endpoint Static Route Tracker for Cisco vEdge devices

Cisco SD-WAN Release 20.7.1

Cisco vManage Release 20.7.1

This feature enables you to configure the TCP/UDP static route endpoint trackers. Using this feature you can also configure IPv4, TCP/UDP dual endpoint static-route tracker groups for service VPNs to enhance the reliability of probes.

Information About Static Route Tracking

Static-route tracking for service VPNs enables you to track the availability of the configured endpoint address to determine if the static route can be included in the routing table of a device. This is applicable when a site uses a static route in a service VPN to advertise its route over Overlay Management Protocol (OMP). The static route tracker periodically sends ICMP ping probes to the configured endpoint. If the tracker does not receive a response, the static route is not included in the routing table and is not advertised to OMP. You can configure an alternative next-hop address or a static route with a higher administrative distance to provide a backup path. This path is advertised over OMP.


Note

From Cisco SD-WAN Release 20.7.1, you can configure TCP/UDP individual endpoint trackers and configure a tracker group with dual endpoints (using two trackers), and associate the trackers and tracker group to a static route. Dual endpoints help in avoiding false negatives that might be introduced because of the unavailability of the routes.

Restrictions for IPv4 Static Route Tracking

  • Only one endpoint tracker is supported per static route per next-hop address.

  • IPv6 static routes are not supported.

  • You cannot link the same endpoint-tracker to static routes in different VPNs. Endpoint-tracker is identified by a name and can be used for multiple static routes in a single VPN.

Workflow to Configure IPv4 Static Route Tracking

  1. Configure an endpoint tracker using the System template.

  2. Configure a static route using the VPN template.

  3. Apply the tracker to the next-hop address.

Create a Static Route Tracker

Use the System Template to create a tracker for static routes.

  1. From Cisco vManage menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco System template for the device.


    Note

    For information about creating a System template, see Create System Template.

  4. Click Tracker. Click New Endpoint Tracker to configure the tracker parameters.

    Table 2. Tracker Parameters

    Field

    Description

    Name

    Name of the tracker. The name can be up to 128 alphanumeric characters.

    Threshold

    Wait time for the probe to return a response before declaring that the configured endpoint is down. Range is from 100 to 1000 milliseconds. Default is 300 milliseconds.

    Interval

    Time interval between probes to determine the status of the configured endpoint. Default is 60 seconds (1 minute).

    Range is from 10 to 600 seconds.

    Multiplier

    Number of times probes are sent before declaring that the endpoint is down. Range is from 1 to 10. Default is 3.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco SD-WAN Release 20.7.1, you can configure a tracker group with dual endpoints on Cisco vEdge devices and associate this tracker group to a static route.

    Endpoint Type

    Choose endpoint type IP Address.

    End-Point Type: IP Address

    IP address of the static route end point. This is the destination on the internet to which the router sends probes to determine the status of the route.

  5. Click Add.

  6. Click Save.

  7. To create a tracker group, click New Endpoint Tracker.

    From the Tracker Type drop-down list, choose tracker-group and configure the tracker group parameters.


    Note

    Ensure that you have created two trackers to form a tracker group.
    Table 3. Tracker Group Parameters

    Fields

    Description

    Name

    Name of the tracker group.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco SD-WAN Release 20.7.1, you can configure a tracker group with dual endpoints on Cisco vEdge devices and associate this tracker group to a static route.

    Tracker Elements

    This field is displayed only if you chose Tracker-group as the tracker type. Add the existing interface tracker names (separated by a space). When you add this tracker to the template, the tracker group is associated with these individual trackers, and you can then associate the tracker group to a static route.

    Tracker Boolean

    From the drop-down list, choose Global. This field is displayed only if you chose tracker-group as the Tracker Type. By default, the OR option is selected. Choose AND or OR.

    OR ensures that the static route status is reported as active if either one of the associated trackers of the tracker group report that the route is active.

    If you select AND, the static route status is reported as active if both the associated trackers of the tracker group report that the route is active.

  8. Click Add.

  9. Click Save.


    Note

    Complete all the mandatory actions before you save the template.

Configure a Next Hop Static Route with Tracker

Use the VPN template to associate a tracker to a static route next hop.


Note

You can apply only one tracker per static route next hop.

  1. From the Cisco vManage menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco VPN Template for the device.


    Note

    For information about creating a VPN template, see Create VPN Template.

  4. Enter Template Name and Description as required.

  5. In Basic Configuration, by default, VPN is set to 0. Set a VPN value within (1–511, 513–65530) range for service VPNs, for service-side data traffic on Cisco IOS XE SD-WAN devices.


    Note

    You can configure static route tracker only on service VPNs.

  6. Click IPv4 Route.

  7. Click New IPv4 Route.

  8. In the IPv4 Prefix field, enter a value.

  9. Click Next Hop.

  10. Click Add Next Hop and enter values for the fields listed in the table.

    Parameter Name

    Description

    Address

    Specify the next-hop IPv4 address.

    Distance

    Specify the administrative distance for the route.

    Tracker

    Enter the name of the gateway tracker to determine whether the next hop is reachable before adding that route to the route table of the device.

    Add Next Hop

    Enter the name of the gateway tracker with the next hop address to determine whether the next hop is reachable before adding that route to the route table of the device.

  11. Click Add to create the static route with the next-hop tracker.


    Note

    Configuring a static route with a next-hop 'X.X.X.255' is not supported.

    Cisco vEdge device does not implement RFC 3021.

  12. Click Save.


Note

You need to fill all the mandatory fields in the form to save the VPN template.

Monitor Static Route Tracker Configuration

View Static Route Tracker

To view information about a static tracker on a transport interface:

  1. From the Cisco vManage menu, choose Monitor > Devices.

    Cisco vManage Release 20.6.x and earlier: From the Cisco vManage menu, choose Monitor > Network.

  2. Choose a device from the list of devices.

  3. Click Real Time.

  4. From the Device Options drop-down list, choose Static Route Tracker Info.

Configure Static Routes Using CLI

The following sections provide information about how to configure static routes using the CLI.

Configure a Static Route Tracker


Note

You can configure static route tracking using the Cisco vManage CLI Add-on feature templates and CLI device templates. For more information on configuring using CLI templates, see CLI Templates. 


Device# config terminal 
Device(config)# system tracker <tracker-name> 
Device(config-tracker-trackername)# tracker-type <tracker-type> 
Device(config-tracker-trackername)# endpoint-ip <ip-address>   
Device(config-tracker-trackername)# threshold <value> 
Device(config-tracker-trackername)# multiplier <value> 
Device(config-tracker-trackername)# interval <value>  
Device(config-tracker-trackername)# exit

Configure a Static Route Tracker with TCP Port as the Endpoint 


Device# config terminal  
Device(config)# system tracker <tracker-name>      
Device(config-tracker-trackername)# tracker-type <tracker-type>  
Device(config-tracker-trackername)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-tracker-trackername)# threshold <value>       
Device(config-tracker-trackername)# multiplier <value>     
Device(config-tracker-trackername)# interval <value>      
Device(config-tracker-trackername)# exit

Configure a Static Route Tracker with UDP Port as the Endpoint


Device# config terminal  
Device(config)# system tracker <tracker-name>      
Device(config-tracker-trackername)# tracker-type <tracker-type>  
Device(config-tracker-trackername)# endpoint-ip <ip-address> udp <port-number>  
Device(config-tracker-trackername)# threshold <value>       
Device(config-tracker-trackername)# multiplier <value>     
Device(config-tracker-trackername)# interval <value>      
Device(config-tracker-trackername)# exit

Configure Tracker Groups


Note

You can create tracker groups to probe static routes from Cisco SD-WAN Release 20.7.1 and Cisco vManage Release 20.7.1. 


Device# config terminal  
Device(config)# system tracker <tracker-name1>      
Device(config-tracker-trackername1)# tracker-type <tracker-type>  
Device(config-tracker-trackername1)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-tracker-trackername1)# threshold <value>       
Device(config-tracker-trackername1)# multiplier <value>     
Device(config-tracker-trackername1)# interval <value>      
Device(config-tracker-trackername1)# exit  

Device(config)# system tracker <tracker-name2>      
Device(config-tracker-trackername2)# tracker-type <tracker-type>  
Device(config-tracker-trackername2)# endpoint-ip <ip-address> udp <port-number>  
Device(config-tracker-trackername2)# threshold <value>       
Device(config-tracker-trackername2)# multiplier <value>     
Device(config-tracker-trackername2)# interval <value>      
Device(config-tracker-trackername2)# exit

Device(config)# system tracker <tracker-group-name>    
Device(config-tracker-tracker-group-name)# tracker-type <tracker-group>  
Device(config-tracker-tracker-group-name)# tracker-elements <tracker-name1> <tracker-name2>
Device(config-tracker-tracker-group-name)# boolean {and | or}
Device(config-tracker-tracker-group-name)# exit

Configure a Next Hop Static Route with Tracker


Device(config)# system 
Device(config)# vpn <vpn-number>  
Device(config-vpn-vpn-number)# ip route <ipv4address/prefix> <ip-address> <administrative-distance> tracker <tracker-name>

Note

Configuring a static route with a next-hop 'X.X.X.255' is not supported.

Cisco vEdge device does not implement RFC 3021.


Note

  • Use the ip route  command to bind a tracker or tracker group with a static route and to configure a backup route for administrative distance that is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

  • A tracker group can have a mix of endpoint trackers. For example, you can create a tracker group with an IP address tracker and UDP tracker.

Configuration Examples for Static Route Tracking Using the CLI

Configure Tracker

This example shows how to configure a single static route tracker:


config terminal 
!
 system tracker tracker1 
!
  tracker-type static-route  
  endpoint-ip 10.1.1.1   
  threshold 100 
  multiplier 5 
  interval 60 
  exit 
!
  vpn 1 
  ip route 192.0.2.0/24 10.20.24.17 tracker tracker1 
  ip route 172.16.0.0/12 10.20.24.16 100

This example shows how to configure a tracker with TCP port as endpoint:


config terminal      
!
 system tracker tcp-10001 
!
  tracker-type static-route  
  endpoint-ip 10.0.0.1 tcp 10001  
  threshold    100  
  interval     10  
  multiplier   1  
  exit  
!
  vpn 1 
  ip route 192.0.0.4/24 10.20.25.18 tracker tcp-10001

This example shows how to configure a tracker with UDP port as endpoint: 


config terminal      
!
  system tracker udp-10001  
!
    tracker-type static-route  
    endpoint-ip 10.0.0.1 udp 10001  
    threshold    100  
    interval     10  
    multiplier   1  
    exit  
!
   vpn 1 
   ip route 192.0.0.4/24 10.20.30.19 tracker udp-10001

Configure Tracker Groups

This example shows how to configure a tracker group with two trackers (two endpoints). You can create tracker groups to probes static routes from Cisco SD-WAN Release 20.7.1. 


config terminal 
!
 system tracker tcp-10001 
!
    tracker-type static-route   
    endpoint-ip 10.1.1.1 tcp 10001 
    threshold 100  
    multiplier 5 
    interval 20     
!
 system tracker udp-10002 
!
   tracker-type static-route   
   endpoint-ip 10.2.2.2 udp 10002 
   threshold 100  
   multiplier 5 
   interval 20      
!   
system tracker group-tcp-10001-udp-10002    
!
  tracker-type tracker-group 
  boolean and
  tracker-elements tcp-10001 udp-10002 
  exit
!
vpn 1 
  ip route 192.168.2.0/16 10.20.24.17 tracker group-tcp-10001-udp-10002 
  ip route 192.168.2.0/16 10.20.24.16 100

Note

  • You must configure an administrative distance when you are configuring through CLI templates.

  • Use the ip route  command to bind the tracker or tracker group with a static route and to configure a backup route for administrative distance when it is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

  • Configuring a static route with a next-hop 'X.X.X.255' is not supported.

    Cisco vEdge device does not implement RFC 3021.

Verify Static Route Tracking Configuration Using CLI

Command Verification

Use the following command to verify if the configuration is committed. The following sample configuration shows tracker definition for a static route tracker and it's application to an IPv4 static route: 

Device# show running-config system tracker
system 
 tracker tracker1
 endpoint-ip 10.1.1.1
 interval 60
 multiplier 5
 tracker-type static-route

 tracker tracker2
 endpoint-ip 10.1.1.12
 interval 40
 multiplier 2
 tracker-type static-route

Use the following command to verify the IPv4 route:

Device# show running-config vpn 1 ip route

vpn 1         
 ip route 10.20.30.0/24 10.20.30.1   
 ip route 192.168.2.0/16 10.20.24.16 100  
 ip route 192.168.2.0/16 10.20.24.17 tracker tracker1  
!

The following is a sample output from the show tracker static-route command displaying individual static route tracker status: 

Device#  show tracker static-route 
TRACKER                RTT IN      
NAME      VPN  STATUS  MSEC        
--------------------------------   
tcp-10001  1    UP      0
udp-10002  1    UP      0

The following is a sample output from the show tracker static-route-group command displaying tracker group status: 

Device# show tracker static-route-group
                                                 TRACKER     TRACKER  TRACKER
                                                 ELEMENT     ELEMENT  ELEMENT  
TRACKER NAME                VPN  BOOLEAN  STATUS  NAME       STATUS   RTT      
----------------------------------------------------------------------------------
group-tcp-10001-udp-10002    1    and      UP     tcp-10001    UP       0 
                                                  udp-10002    UP       0

The following is a sample output from the show ip route static command: 

Device# show ip route static
 Codes Proto-sub-type:
  IA -> ospf-intra-area, IE -> ospf-inter-area,
  E1 -> ospf-external1, E2 -> ospf-external2,
  N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
  e -> bgp-external, i -> bgp-internal
Codes Status flags:
  F -> fib, S -> selected, I -> inactive,
  B -> blackhole, R -> recursive, L -> import

                                         PROTOCOL  NEXTHOP      NEXTHOP   NEXTHOP                                                   
VPN  PREFIX          PROTOCOL  SUB TYPE  IF NAME     ADDR        VPN      TLOC IP   COLOR  ENCAP  STATUS 
----------------------------------------------------------------------------------------------------------
1    192.168.2.0/16  STATIC      -         ge0/4   10.20.24.17    -        -        -      -      F,S     
1    192.168.2.0/16  STATIC      -         ge0/4   10.20.24.16    -        -        -      -      F,S