Track Static Routes for Service VPNs


To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, Cisco vSmart to Cisco Catalyst SD-WAN Controller, and Cisco Controllers to Cisco Catalyst SD-WAN Control Components. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.
Table 1. Feature History

Feature Name

Release Information


Static Route Tracker for Service VPNs

Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Cisco vManage Release 20.3.1

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

TCP/UDP Endpoint Tracker and Dual Endpoint Static Route Tracker for Cisco IOS XE Catalyst SD-WAN devices

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

Cisco vManage Release 20.7.1

This feature enables you to configure the TCP/UDP static route endpoint trackers. Using this feature you can also configure IPv4, TCP/UDP dual endpoint static-route tracker groups for service VPNs to enhance the reliability of probes.

Information About Static Route Tracking

Static-route tracking for service VPNs enables you to track the availability of the configured endpoint address to determine if the static route can be included in the routing table of a device. This is applicable when a site uses a static route in a service VPN to advertise its route over Overlay Management Protocol (OMP). The static route tracker periodically sends ICMP ping probes to the configured endpoint. If the tracker does not receive a response, the static route is not included in the routing table and is not advertised to OMP. You can configure an alternative next-hop address or a static route with a higher administrative distance to provide a backup path. This path is advertised over OMP.


From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure TCP/UDP individual endpoint trackers and configure a tracker group with dual endpoints (using two trackers), and associate the trackers and tracker group to a static route. Dual endpoints help in avoiding false negatives that might be introduced because of the unavailability of the routes.

Supported Platforms

  • Cisco ASR 1000 Series Aggregated Services Routers

  • Cisco ISR 1000 Series-Integrated Services Routers

  • Cisco ISR 4000 Series Integrated Services Routers

  • Cisco CSR 1000 Series Cloud Service Routers

Restrictions for IPv4 Static Route Tracking

  • Only one endpoint tracker is supported per static route per next-hop address.

  • IPv6 static routes are not supported.

  • To configure a static route with tracker:

    1. Delete any existing static route, if it is already configured without a tracker. Plan for any connectivity downtime that might occur during this step for static route advertisement.

    2. Configure a new static route with tracker using the same prefix and next-hop as the deleted static route.

  • To add a new tracker after you reach maximum tracker limit per router:

    1. Delete an old tracker and attach the template to the device.

    2. Add a new tracker and attach the device to the template again.

  • UDP tracker endpoint enabled with IP SLA UDP packet responder is supported only on Cisco IOS XE Catalyst SD-WAN devices.

  • You cannot link the same endpoint-tracker to static routes in different VPNs. Endpoint-tracker is identified by a name and can be used for multiple static routes in a single VPN.

Workflow to Configure IPv4 Static Route Tracking

  1. Configure an endpoint tracker using the System template.

  2. Configure a static route using the VPN template.

  3. Apply the tracker to the next-hop address.

Create a Static Route Tracker

Use the System Template to create a tracker for static routes.


Delete existing static routes, if any, before you create a static route tracker. Configure a new static route tracker using the same prefix and next hop as the deleted static route.

  1. From Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco System template for the device.


    For information about creating a System template, see Create System Template.

  4. Click Tracker. Click New Endpoint Tracker to configure the tracker parameters.

    Table 2. Tracker Parameters




    Name of the tracker. The name can be up to 128 alphanumeric characters.


    Wait time for the probe to return a response before declaring that the configured endpoint is down. Range is from 100 to 1000 milliseconds. Default is 300 milliseconds.


    Time interval between probes to determine the status of the configured endpoint. Default is 60 seconds (1 minute).

    Range is from 20 to 600 seconds.


    Number of times probes are sent before declaring that the endpoint is down. Range is from 1 to 10. Default is 3.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices and associate this tracker group to a static route.

    Endpoint Type

    Choose endpoint type IP Address.



    Configuring the tracker type Static Route using endpoint URL or endpoint DNS name is not supported.

    End-Point Type: IP Address

    IP address of the static route end point. This is the destination on the internet to which the router sends probes to determine the status of the route.

  5. Click Add.

  6. Click Save.

  7. To create a tracker group, click Tracker Groups > New Endpoint Tracker Groups and configure the tracker parameters.


    Ensure that you have created two trackers to form a tracker group.

    Table 3. Tracker Group Parameters




    Name of the tracker group.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices and associate this tracker group to a static route.

    Tracker Elements

    This field is displayed only if you chose Tracker-group as the tracker type. Add the existing interface tracker names (separated by a space). When you add this tracker to the template, the tracker group is associated with these individual trackers, and you can then associate the tracker group to a static route.

    Tracker Boolean

    From the drop-down list, choose Global. This field is displayed only if you chose tracker-group as the Tracker Type. By default, the OR option is selected. Choose AND or OR.

    OR ensures that the static route status is reported as active if either one of the associated trackers of the tracker group report that the route is active.

    If you select AND, the static route status is reported as active if both the associated trackers of the tracker group report that the route is active.

  8. Click Add.

  9. Click Save.


    Complete all the mandatory actions before you save the template.

Configure a Next Hop Static Route with Tracker

Use the VPN template to associate a tracker to a static route next hop.


You can apply only one tracker per static route next hop.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco VPN Template for the device.


    For information about creating a VPN template, see Create VPN Template.

  4. Enter Template Name and Description as required.

  5. In Basic Configuration, by default, VPN is set to 0. Set a VPN value within (1–511, 513–65530) range for service VPNs, for service-side data traffic on Cisco IOS XE Catalyst SD-WAN devices.


    You can configure static route tracker only on service VPNs.

  6. Click IPv4 Route.

  7. Click New IPv4 Route.

  8. In the IPv4 Prefix field, enter a value.

  9. Click Next Hop.

  10. Click Add Next Hop with Tracker and enter values for the fields listed in the table.

    Parameter Name



    Specify the next-hop IPv4 address.


    Specify the administrative distance for the route.


    Enter the name of the gateway tracker to determine whether the next hop is reachable before adding that route to the route table of the device.

    Add Next Hop with Tracker

    Enter the name of the gateway tracker with the next hop address to determine whether the next hop is reachable before adding that route to the route table of the device.

  11. Click Add to create the static route with the next-hop tracker.

  12. Click Save.


You need to fill all the mandatory fields in the form to save the VPN template.

Monitor Static Route Tracker Configuration

View Static Route Tracker

To view information about a static tracker on a transport interface:

  1. From the Cisco SD-WAN Manager menu, choose Monitor > Devices.

    Cisco vManage Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network.

  2. Choose a device from the list of devices.

  3. Click Real Time.

  4. From the Device Options drop-down list, choose Endpoint Tracker Info.

Configure Static Routes Using CLI

The following sections provide information about how to configure static routes using the CLI.

Configure a Static Route Tracker


You can configure static route tracking using the Cisco SD-WAN Manager CLI Add-on feature templates and CLI device templates. For more information on configuring using CLI templates, see CLI Templates.

Device# config-transaction 
Device(config)# endpoint-tracker <tracker-name> 
Device(config-endpoint-tracker)# tracker-type <tracker-type> 
Device(config-endpoint-tracker)# endpoint-ip <ip-address>   
Device(config-endpoint-tracker)# threshold <value> 
Device(config-endpoint-tracker)# multiplier <value> 
Device(config-endpoint-tracker)# interval <value>  
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a Static Route Tracker with TCP Port as the Endpoint

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a Static Route Tracker with UDP Port as the Endpoint

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure Tracker Groups


You can create tracker groups to probe static routes from Cisco IOS XE Catalyst SD-WAN Release 17.7.1a and Cisco vManage Release 20.7.1.

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name1>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name1> endpoint-tracker 

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name2>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name2> endpoint-tracker

Device(config)# endpoint-tracker <static-tracker-group>    
Device(config-endpoint-tracker)# tracker-type tracker-group  
Device(config-endpoint-tracker)# tracker-elements <tracker-name1> <tracker-name2> 
Device(config-endpoint-tracker)# boolean {and | or}
Device(config-endpoint-tracker)# exit
Device(config)# track <static-tracker-group> endpoint-tracker 

Device(config)# ip route vrf <vrf-name> <prefix> <mask> <nexthop-ipaddress> <administrative-distance> track name <static-tracker-group>


  • Use the ip route  command to bind a tracker or tracker group with a static route and to configure a backup route for administrative distance that is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

  • A tracker group can have a mix of endpoint trackers. For example, you can create a tracker group with an IP address tracker and UDP tracker.

Configuration Examples for Static Route Tracking Using the CLI

Configure Tracker

This example shows how to configure a single static route tracker:

 endpoint-tracker tracker1 
  tracker-type static-route  
  threshold 100 
  multiplier 5 
  interval 20 
track tracker1 endpoint-tracker 
ip route vrf 1 100 track name tracker1

This example shows how to configure a tracker with TCP port as endpoint:

 endpoint-tracker tcp-10001 
  tracker-type static-route  
  endpoint-ip tcp 10001  
  threshold    100  
  interval     10  
  multiplier   1  
track tcp-10001 endpoint-tracker 
ip route vrf 1 100 track name tcp-10001

This example shows how to configure a tracker with UDP port as endpoint:

  endpoint-tracker udp-10001  
    tracker-type static-route  
    endpoint-ip udp 10001  
    threshold    100  
    interval     10  
    multiplier   1  
track udp-10001 endpoint-tracker 
ip route vrf 1 100 track name udp-10001

Configure Tracker Groups

This example shows how to configure a tracker group with two trackers (two endpoints). You can create tracker groups to probes static routes from Cisco IOS XE Catalyst SD-WAN Release 17.7.1a.

 endpoint-tracker tcp-10001 
    tracker-type static-route   
    endpoint-ip tcp 10001 
    threshold 100  
    multiplier 5 
    interval 20 
    track tcp-10001 endpoint-tracker 
 endpoint-tracker udp-10002 
   tracker-type static-route   
   endpoint-ip udp 10002 
   threshold 100  
   multiplier 5 
   interval 20   
   track udp-10002 endpoint-tracker 
endpoint-tracker static-tracker-group    
  tracker-type tracker-group 
  tracker-elements tcp-10001 udp-10002 
  boolean and 
  track static-tracker-group endpoint-tracker 
ip route vrf 1 100 track name static-tracker-group 


  • You must configure an administrative distance when you are configuring through CLI templates.

  • Use the ip route  command to bind the tracker or tracker group with a static route and to configure a backup route for administrative distance when it is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

Verify Static Route Tracking Configuration Using CLI

Command Verification

Use the following command to verify if the configuration is committed. The following sample configuration shows tracker definition for a static route tracker and it's application to an IPv4 static route:

Device# show running-config | sec endpoint-tracker
endpoint-tracker tracker1
interval 60
multiplier 5
tracker-type static-route
endpoint-tracker tracker2
interval 40
multiplier 2
tracker-type static-route
track tracker2 endpoint-tracker
track tracker1 endpoint-tracker

Use the following command to verify the IPv4 route:

Device# show running-config | inc ip route
ip route vrf 1 track name tracker2
ip route vrf 1 track name tracker1

The following is a sample output from the show endpoint-tracker static-route command displaying individual static route tracker status:

Device#  show endpoint-tracker static-route 
Tracker Name   Status     RTT (in msec) Probe ID
tcp-10001         UP         3             1
udp-10002         UP         1             6

The following is a sample output from the show endpoint-tracker tracker-group command displaying tracker group status:

Device# show endpoint-tracker group
Tracker Name               Element trackers name    Status         RTT in msec  Probe ID       
group-tcp-10001-udp-10002  tcp-10001, udp-10002     UP(UP AND UP)  5, 1          9, 10          

The following is a sample output from the show endpoint-tracker records command displaying tracker/tracker group configuration:

Device# show endpoint-tracker records       
Record Name                Endpoint                 EndPoint Type Threshold(ms) Multiplier Interval(s) Tracker-Type   
group-tcp-10001-udp-10002  tcp-10001 AND udp-10002  N/A           N/A           N/A        N/A         static-tracker-group  
tcp-10001                         TCP           100           1          20          static-route   
udp-10002                         UDP           100           1          20          static-route   

The following is a sample output from the show ip static route vrf command:

Device# show ip static route vrf 1       
Codes: M - Manual static, A - AAA download, N - IP NAT, D - DHCP, 
       G - GPRS, V - Crypto VPN, C - CASA, P - Channel interface processor, 
       B - BootP, S - Service selection gateway 
       DN - Default Network, T - Tracking object 
       L - TL1, E - OER, I - iEdge 
       D1 - Dot1x Vlan Network, K - MWAM Route 
       PP - PPP default route, MR - MRIPv6, SS - SSLVPN 
       H - IPe Host, ID - IPe Domain Broadcast 
       U - User GPRS, TE - MPLS Traffic-eng, LI - LIIN 
       IR - ICMP Redirect, Vx - VXLAN static route 
       LT - Cellular LTE, Ev - L2EVPN static route 
Codes in []: A - active, N - non-active, B - BFD-tracked, D - Not Tracked, P - permanent, -T Default Track 
Codes in (): UP - up, DN - Down, AD-DN - Admin-Down, DL - Deleted 
Static local RIB for 1  
T [1/0] via [A]