Нужно часть трафика перекинуть на прокси-сервер. Если сервер падает, нужно пускать трафик мимо него. В ядре стоит коммутатор Catalyst 4900M с лицензией IP Services. Несмотря на лицензию, функционал EEM и PBR на коммутаторах урезан. В EEM нельзя привязать событие к track, в route-map при установке next-hop нельзя проверять доступность, используя IP SLA. Для себя решил это, находя соответствие определенному шаблону в syslog.
!
interface Vlan31
ip address 10.6.100.50 255.255.255.252
!
interface Port-channel11
ip address 10.6.100.1 255.255.255.252
ip policy route-map PBR
!
ip access-list extended USERS-SUBNETS
permit ip host 10.6.112.101 any
permit ip host 10.6.112.85 any
permit ip host 10.6.13.12 any
!
ip sla 12
icmp-echo 10.6.100.49 source-interface Vlan31
threshold 3000
frequency 10
ip sla schedule 12 life forever start-time now
!
track 12 ip sla 12
delay down 30
!
route-map PBR permit 10
match ip address USERS-SUBNETS
set ip next-hop 10.6.100.49
route-map PBR deny 100
!
event manager applet KERIO-UP
event syslog pattern "%TRACKING-5-STATE: 12 ip sla 12 state Down->Up"
action 1.0 syslog msg "KERIO-UP"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Port-channel11"
action 3.3 cli command "ip policy route-map PBR"
action 3.4 cli command "exit"
event manager applet KERIODOWN
event syslog pattern "%TRACKING-5-STATE: 12 ip sla 12 state Up->Down"
action 1.0 syslog msg "KERIO-DOWN"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Port-channel11"
action 3.3 cli command "no ip policy route-map PBR"
action 3.4 cli command "exit"
!
!
interface Vlan31
ip address 10.6.100.50 255.255.255.252
!
interface Port-channel11
ip address 10.6.100.1 255.255.255.252
ip policy route-map PBR
!
ip access-list extended USERS-SUBNETS
permit ip host 10.6.112.101 any
permit ip host 10.6.112.85 any
permit ip host 10.6.13.12 any
!
ip sla 12
icmp-echo 10.6.100.49 source-interface Vlan31
threshold 3000
frequency 10
ip sla schedule 12 life forever start-time now
!
track 12 ip sla 12
delay down 30
!
route-map PBR permit 10
match ip address USERS-SUBNETS
set ip next-hop 10.6.100.49
route-map PBR deny 100
!
event manager applet KERIO-UP
event syslog pattern "%TRACKING-5-STATE: 12 ip sla 12 state Down->Up"
action 1.0 syslog msg "KERIO-UP"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Port-channel11"
action 3.3 cli command "ip policy route-map PBR"
action 3.4 cli command "exit"
event manager applet KERIODOWN
event syslog pattern "%TRACKING-5-STATE: 12 ip sla 12 state Up->Down"
action 1.0 syslog msg "KERIO-DOWN"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 3.2 cli command "interface Port-channel11"
action 3.3 cli command "no ip policy route-map PBR"
action 3.4 cli command "exit"
!
Комментариев нет:
Отправить комментарий