Track Static Routes for Service VPNs

Table 1. Feature History

Feature Name

Release Information

Description

Static Route Tracker for Service VPNs

Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Cisco vManage Release 20.3.1

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

TCP/UDP Endpoint Tracker and Dual Endpoint Static Route Tracker for Cisco IOS XE Catalyst SD-WAN devices

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

Cisco vManage Release 20.7.1

This feature enables you to configure the TCP/UDP static route endpoint trackers. Using this feature you can also configure IPv4, TCP/UDP dual endpoint static-route tracker groups for service VPNs to enhance the reliability of probes.

Information About Static Route Tracking

Static-route tracking for service VPNs enables you to track the availability of the configured endpoint address to determine if the static route can be included in the routing table of a device. This is applicable when a site uses a static route in a service VPN to advertise its route over Overlay Management Protocol (OMP). The static route tracker periodically sends ICMP ping probes to the configured endpoint. If the tracker does not receive a response, the static route is not included in the routing table and is not advertised to OMP. You can configure an alternative next-hop address or a static route with a higher administrative distance to provide a backup path. This path is advertised over OMP.


Note

  • From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure TCP/UDP individual endpoint trackers and configure a tracker group with dual endpoints (using two trackers), and associate the trackers and tracker group to a static route. Dual endpoints help in avoiding false negatives that might be introduced because of the unavailability of the routes.

  • From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a only UP/DOWN status changes are reported to Cisco SD-WAN Manager, while RTT value changes are not. This optimization improves efficiency in extensive networks.

Supported Platforms

  • Cisco ASR 1000 Series Aggregated Services Routers

  • Cisco ISR 1000 Series-Integrated Services Routers

  • Cisco ISR 4000 Series Integrated Services Routers

  • Cisco CSR 1000 Series Cloud Service Routers

Restrictions for IPv4 Static Route Tracking

  • Only one endpoint tracker is supported per static route per next-hop address.

  • IPv6 static routes are not supported.

  • To configure a static route with tracker:

    1. Delete any existing static route, if it is already configured without a tracker. Plan for any connectivity downtime that might occur during this step for static route advertisement.

    2. Configure a new static route with tracker using the same prefix and next-hop as the deleted static route.

  • To add a new tracker after you reach maximum tracker limit per router:

    1. Delete an old tracker and attach the template to the device.

    2. Add a new tracker and attach the device to the template again.

  • UDP tracker endpoint enabled with IP SLA UDP packet responder is supported only on Cisco IOS XE Catalyst SD-WAN devices.

  • You cannot link the same endpoint-tracker to static routes in different VPNs. Endpoint-tracker is identified by a name and can be used for multiple static routes in a single VPN.

Workflow to Configure IPv4 Static Route Tracking

  1. Configure an endpoint tracker using the System template.

  2. Configure a static route using the VPN template.

  3. Apply the tracker to the next-hop address.

Create a Static Route Tracker

Use the System Template to create a tracker for static routes.


Note

Delete existing static routes, if any, before you create a static route tracker. Configure a new static route tracker using the same prefix and next hop as the deleted static route.

  1. From Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco System template for the device.


    Note

    For information about creating a System template, see Create System Template.

  4. Click Tracker. Click New Endpoint Tracker to configure the tracker parameters.

    Table 2. Tracker Parameters

    Field

    Description

    Name

    Name of the tracker. The name can be up to 128 alphanumeric characters.

    Threshold

    Wait time for the probe to return a response before declaring that the configured endpoint is down. Range is from 100 to 1000 milliseconds. Default is 300 milliseconds.

    Interval

    Time interval between probes to determine the status of the configured endpoint. Default is 60 seconds (1 minute).

    Range is from 20 to 600 seconds.

    Multiplier

    Number of times probes are sent before declaring that the endpoint is down. Range is from 1 to 10. Default is 3.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices and associate this tracker group to a static route.

    Endpoint Type

    Choose endpoint type IP Address.

    Note

     

    Configuring the tracker type Static Route using endpoint URL or endpoint DNS name is not supported.

    End-Point Type: IP Address

    IP address of the static route end point. This is the destination on the internet to which the router sends probes to determine the status of the route.

  5. Click Add.

  6. Click Save.

  7. To create a tracker group, click Tracker Groups > New Endpoint Tracker Groups and configure the tracker parameters.


    Note

    Ensure that you have created two trackers to form a tracker group.
    Table 3. Tracker Group Parameters

    Fields

    Description

    Name

    Name of the tracker group.

    Tracker Type

    From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

    From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices and associate this tracker group to a static route.

    Tracker Elements

    This field is displayed only if you chose Tracker-group as the tracker type. Add the existing interface tracker names (separated by a space). When you add this tracker to the template, the tracker group is associated with these individual trackers, and you can then associate the tracker group to a static route.

    Tracker Boolean

    From the drop-down list, choose Global. This field is displayed only if you chose tracker-group as the Tracker Type. By default, the OR option is selected. Choose AND or OR.

    OR ensures that the static route status is reported as active if either one of the associated trackers of the tracker group report that the route is active.

    If you select AND, the static route status is reported as active if both the associated trackers of the tracker group report that the route is active.

  8. Click Add.

  9. Click Save.


    Note

    Complete all the mandatory actions before you save the template.

Configure a Next Hop Static Route with Tracker

Use the VPN template to associate a tracker to a static route next hop.


Note

You can apply only one tracker per static route next hop.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.

  3. Navigate to the Cisco VPN Template for the device.


    Note

    For information about creating a VPN template, see Create VPN Template.

  4. Enter Template Name and Description as required.

  5. In Basic Configuration, by default, VPN is set to 0. Set a VPN value within (1–511, 513–65530) range for service VPNs, for service-side data traffic on Cisco IOS XE Catalyst SD-WAN devices.


    Note

    You can configure static route tracker only on service VPNs.

  6. Click IPv4 Route.

  7. Click New IPv4 Route.

  8. In the IPv4 Prefix field, enter a value.

  9. Click Next Hop.

  10. Click Add Next Hop with Tracker and enter values for the fields listed in the table.

    Parameter Name

    Description

    Address

    Specify the next-hop IPv4 address.

    Distance

    Specify the administrative distance for the route.

    Tracker

    Enter the name of the gateway tracker to determine whether the next hop is reachable before adding that route to the route table of the device.

    Add Next Hop with Tracker

    Enter the name of the gateway tracker with the next hop address to determine whether the next hop is reachable before adding that route to the route table of the device.

  11. Click Add to create the static route with the next-hop tracker.

  12. Click Save.


Note

You need to fill all the mandatory fields in the form to save the VPN template.

Monitor Static Route Tracker Configuration

View Static Route Tracker

To view information about a static tracker on a transport interface:

  1. From the Cisco SD-WAN Manager menu, choose Monitor > Devices.

    Cisco vManage Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network.

  2. Choose a device from the list of devices.

  3. Click Real Time.

  4. From the Device Options drop-down list, choose Endpoint Tracker Info.

Configure Static Routes Using CLI

The following sections provide information about how to configure static routes using the CLI.

Configure a Static Route Tracker


Note

You can configure static route tracking using the Cisco SD-WAN Manager CLI Add-on feature templates and CLI device templates. For more information on configuring using CLI templates, see CLI Templates. 


Device# config-transaction 
Device(config)# endpoint-tracker <tracker-name> 
Device(config-endpoint-tracker)# tracker-type <tracker-type> 
Device(config-endpoint-tracker)# endpoint-ip <ip-address>   
Device(config-endpoint-tracker)# threshold <value> 
Device(config-endpoint-tracker)# multiplier <value> 
Device(config-endpoint-tracker)# interval <value>  
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a Static Route Tracker with TCP Port as the Endpoint 


Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a Static Route Tracker with UDP Port as the Endpoint


Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure Tracker Groups


Note

You can create tracker groups to probe static routes from Cisco IOS XE Catalyst SD-WAN Release 17.7.1a and Cisco vManage Release 20.7.1. 


Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name1>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name1> endpoint-tracker 

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name2>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name2> endpoint-tracker

Device(config)# endpoint-tracker <static-tracker-group>    
Device(config-endpoint-tracker)# tracker-type tracker-group  
Device(config-endpoint-tracker)# tracker-elements <tracker-name1> <tracker-name2> 
Device(config-endpoint-tracker)# boolean {and | or}
Device(config-endpoint-tracker)# exit
Device(config)# track <static-tracker-group> endpoint-tracker 

Device(config)# ip route vrf <vrf-name> <prefix> <mask> <nexthop-ipaddress> <administrative-distance> track name <static-tracker-group>

Note

  • Use the ip route  command to bind a tracker or tracker group with a static route and to configure a backup route for administrative distance that is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

  • A tracker group can have a mix of endpoint trackers. For example, you can create a tracker group with an IP address tracker and UDP tracker.

Configuration Examples for Static Route Tracking Using the CLI

Configure Tracker

This example shows how to configure a single static route tracker:


config-transaction 
!
 endpoint-tracker tracker1 
!
  tracker-type static-route  
  endpoint-ip 10.1.1.1   
  threshold 100 
  multiplier 5 
  interval 20 
  exit 
!
track tracker1 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name tracker1

This example shows how to configure a tracker with TCP port as endpoint:


config-transaction      
!
 endpoint-tracker tcp-10001 
!
  tracker-type static-route  
  endpoint-ip 10.0.0.1 tcp 10001  
  threshold    100  
  interval     10  
  multiplier   1  
  exit  
!
track tcp-10001 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name tcp-10001

This example shows how to configure a tracker with UDP port as endpoint: 


config-transaction      
!
  endpoint-tracker udp-10001  
!
    tracker-type static-route  
    endpoint-ip 10.0.0.1 udp 10001  
    threshold    100  
    interval     10  
    multiplier   1  
    exit  
!
track udp-10001 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name udp-10001

Configure Tracker Groups

This example shows how to configure a tracker group with two trackers (two endpoints). You can create tracker groups to probes static routes from Cisco IOS XE Catalyst SD-WAN Release 17.7.1a. 


config-transaction 
!
 endpoint-tracker tcp-10001 
!
    tracker-type static-route   
    endpoint-ip 10.1.1.1 tcp 10001 
    threshold 100  
    multiplier 5 
    interval 20 
    track tcp-10001 endpoint-tracker 
!
 endpoint-tracker udp-10002 
!
   tracker-type static-route   
   endpoint-ip 10.2.2.2 udp 10002 
   threshold 100  
   multiplier 5 
   interval 20   
   track udp-10002 endpoint-tracker 
!   
endpoint-tracker static-tracker-group    
!
  tracker-type tracker-group 
  tracker-elements tcp-10001 udp-10002 
  boolean and 
  track static-tracker-group endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name static-tracker-group

Note

  • You must configure an administrative distance when you are configuring through CLI templates.

  • Use the ip route  command to bind the tracker or tracker group with a static route and to configure a backup route for administrative distance when it is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

Verify Static Route Tracking Configuration Using CLI

Command Verification

Use the following command to verify if the configuration is committed. The following sample configuration shows tracker definition for a static route tracker and it's application to an IPv4 static route: 

Device# show running-config | sec endpoint-tracker
endpoint-tracker tracker1
endpoint-ip 10.1.1.1
interval 60
multiplier 5
tracker-type static-route
endpoint-tracker tracker2
endpoint-ip 10.1.1.12
interval 40
multiplier 2
tracker-type static-route
track tracker2 endpoint-tracker
track tracker1 endpoint-tracker

Use the following command to verify the IPv4 route:

Device# show running-config | inc ip route
ip route vrf 1 10.1.1.11 255.255.0.0 10.20.2.17 track name tracker2
ip route vrf 1 10.1.1.12 255.255.0.0 10.20.24.17 track name tracker1

The following is a sample output from the show endpoint-tracker static-route command displaying individual static route tracker status: 

Device#  show endpoint-tracker static-route 
Tracker Name   Status     RTT (in msec) Probe ID
tcp-10001         UP         3             1
udp-10002         UP         1             6

The following is a sample output from the show endpoint-tracker tracker-group command displaying tracker group status: 

Device# show endpoint-tracker group
Tracker Name               Element trackers name    Status         RTT in msec  Probe ID       
group-tcp-10001-udp-10002  tcp-10001, udp-10002     UP(UP AND UP)  5, 1          9, 10

The following is a sample output from the show endpoint-tracker records command displaying tracker/tracker group configuration: 

Device# show endpoint-tracker records       
Record Name                Endpoint                 EndPoint Type Threshold(ms) Multiplier Interval(s) Tracker-Type   
group-tcp-10001-udp-10002  tcp-10001 AND udp-10002  N/A           N/A           N/A        N/A         static-tracker-group  
tcp-10001                  10.1.1.1                 TCP           100           1          20          static-route   
udp-10002                  10.2.2.2                 UDP           100           1          20          static-route

The following is a sample output from the show ip static route vrf command: 

Device# show ip static route vrf 1       
Codes: M - Manual static, A - AAA download, N - IP NAT, D - DHCP, 
       G - GPRS, V - Crypto VPN, C - CASA, P - Channel interface processor, 
       B - BootP, S - Service selection gateway 
       DN - Default Network, T - Tracking object 
       L - TL1, E - OER, I - iEdge 
       D1 - Dot1x Vlan Network, K - MWAM Route 
       PP - PPP default route, MR - MRIPv6, SS - SSLVPN 
       H - IPe Host, ID - IPe Domain Broadcast 
       U - User GPRS, TE - MPLS Traffic-eng, LI - LIIN 
       IR - ICMP Redirect, Vx - VXLAN static route 
       LT - Cellular LTE, Ev - L2EVPN static route 
Codes in []: A - active, N - non-active, B - BFD-tracked, D - Not Tracked, P - permanent, -T Default Track 
Codes in (): UP - up, DN - Down, AD-DN - Admin-Down, DL - Deleted 
Static local RIB for 1  
T  192.168.0.0 [1/0] via 10.1.19.16 [A]