Meraki

Community

INVALID static route with unreachable next-hop still shows in VPN route table

arvind-CCIE
Just browsing
‎Apr 22 2019 9:00 PM
‎Apr 22 2019 9:00 PM

INVALID static route with unreachable next-hop still shows in VPN route table

I have recently deployed Active/Active DC-DC failover topology where I have installed a Meraki MX84
in two of our Datacenters. It has issue during failover on spoke site as it don't get failover to 
secondary headend/hub when LAN port of primary headend goes down.
 
During the event of LAN port down, Primary Headend still keep the static routes in routing table.
These INVALID static route with unreachable next-hop still shows in VPN route table. This makes VPN to
advertise INVALID routes to spoke. Spoke continue to send traffic to primary headend where it get dropped 
as it find no further path.
 
Meraki support suggested that what ever the status of next-hop, INVALID route will still there in VPN. 
I have made a request though WISH.
0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 22 2019 9:14 PM
‎Apr 22 2019 9:14 PM

Use static route tracking in this case to withdrawl the routes when the LAN gateway goes down.

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Static_Route_Tracking

 

You could also consider getting support to enable BGP, and use BGP peering and dump the static routes.

https://documentation.meraki.com/MX/Networks_and_Routing/BGP

0 Kudos
In response to PhilipDAth
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 22 2019 9:17 PM
‎Apr 22 2019 9:17 PM

This is quite a good BGP design guide.

https://documentation.meraki.com/MX/Site-to-site_VPN/BGP_VPN_Design_Guide

0 Kudos
In response to PhilipDAth
doogs
New here
‎Jun 12 2019 5:17 AM
‎Jun 12 2019 5:17 AM

Hello There,
New to this forum so pardon me for jumping in here.
Static Route Tracking is exactly what I have recently attempted as a mechanism for determining reachability from the remote LAN and this post is the closest support resource (outside the manuals) I have found.

Here is my setup :
MX67 Head-end +
Z1 <LAN Subnet> VLAN-X-Cisco3560-VLAN-Z </30 Subnet> VLAN-Z-Cisco3560-VLAN-X <LAN Subnet>Z1

a) Both of the above Z1 were participating in AutoVPN and advertised their LAN Subnets to an MX67 (DC head-end)
b) Cisco switches Numbered in the Z1 LAN Subnet (VLAN-X)
c) VLAN-Z set up as a transit net between switches
d) Tracked Static Routes configured in both Z1 pointing to far end of /30 via Cisco3560 VLAN-X IP Address
e) Static routes configured as "Active when Host pings - chosen host being far end of /30
f) Static routes configured to be "In VPN"

In normal conditions head-end had specific /30 route learned from both Z1s.
When transit link cable disconnected the following was noted:
1) local Z1 remove route from local table (this was as expected) - this was true for both Z1 - Looking good at this point
2) Head end remained to have destination route available even though there was NO POSSIBILITY of getting there.

Is this the expected behaviour in such a set up?
My interpretation of this feature is: If a route is NOT ACTIVE (the determination of which is the function of Static Route Tracking) it would therefore be flushed from the global routing table.

Any Assistance you can offer on this would be gratefully received.
Do any of you folks know of known good implementations of Static Route Tracking?
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.