Track Static Routes for Service VPNs

Feature history of track static routes for service VPNs

This table describes the developments of this feature, by release.

Table 1. Feature history

Feature Name

Release Information

Description

Static Route Tracker for Service VPNs

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Cisco vManage Release 20.6.1

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

TCP/UDP Endpoint Tracker and Dual Endpoint Static Route Tracker for Cisco IOS XE Catalyst SD-WAN devices

Cisco IOS XE Catalyst SD-WAN Release 17.9.1a

Cisco vManage Release 20.9.1

This feature enables you to configure the TCP/UDP static route endpoint trackers. Using this feature you can also configure IPv4, TCP/UDP dual endpoint static-route tracker groups for service VPNs to enhance the reliability of probes.

Track static routes for service VPNs

Tracking static routes for service VPNs allows you to monitor the reachability of the configured next-hop endpoint IP address. You can verify the endpoint before the device adds the static route to its routing table. This is particularly important in service VPNs where static routes are advertised over the Overlay Management Protocol (OMP). The static route tracker periodically sends Internet Control Message Protocol (ICMP) ping probes to the configured endpoint IP address. If the endpoint is unreachable (no response to probes), the static route is excluded from the routing table and is not advertised to OMP, preventing traffic blackholing. You can configure backup routes with higher administrative distance to provide alternate paths.. This mechanism enhances route reliability and network stability in SD-WAN environments. The tracker sends periodic probes (ICMP echo requests, TCP, or UDP probes) to the static route's next-hop IP address.

  • If the endpoint is unreachable, the static route is removed from the routing table and not advertised to OMP.

  • Configure backup static routes with higher administrative distance for failover.

  • Only one endpoint tracker is supported per static route per next-hop.

  • IPv6 static routes are not supported for tracking.

  • You can configure dual endpoint tracker groups to enhance probe reliability.

  • This feature is supported on Cisco IOS XE Catalyst SD-WAN platforms such as ASR 1000, ISR 1000 and 4000, and CSR 1000 series routers.

  • This feature ensures that static routes in service VPNs are advertised only when their next-hop endpoints are reachable. As a result, it prevents traffic blackholing and improves network resilience.

From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure TCP or UDP individual endpoint trackers and configure a tracker group with dual endpoints (using two trackers), and associate the trackers and tracker group to a static route. Dual endpoints help avoid false negatives that route unavailability might introduce.

Starting with Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, Cisco SD-WAN Manager reports only UP/DOWN status changes. It does not report RTT value changes. This optimization improves efficiency in extensive networks.

Supported platforms

These devices support static route tracking for service VPNs:

  • Cisco ASR 1000 Series Aggregated Services Routers

  • Cisco ISR 1000 Series-Integrated Services Routers

  • Cisco ISR 4000 Series Integrated Services Routers

  • Cisco CSR 1000 Series Cloud Service Routers

Restrictions for IPv4 static route tracking

  • Only one endpoint tracker is supported per static route per next-hop address.

  • IPv6 static routes are not supported.

  • To configure a static route with tracker:

    1. Delete any existing static route, if it is already configured without a tracker. Plan for any connectivity downtime that might occur during this step for static route advertisement.

    2. Configure a new static route with tracker using the same prefix and next-hop as the deleted static route.

  • To add a new tracker after you reach maximum tracker limit per router:

    1. Delete an old tracker and attach the template to the device.

    2. Add a new tracker and attach the device to the template again.

  • UDP tracker endpoint enabled with IP SLA UDP packet responder is supported only on Cisco IOS XE Catalyst SD-WAN devices.

  • You cannot link the same endpoint-tracker to static routes in different VPNs. Endpoint-tracker is identified by a name and can be used for multiple static routes in a single VPN.

Configure tracker group using a configuration group

Before you begin

On the Configuration > Configuration Groups page, choose SD-WAN as the solution type.

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure a tracker group in a Service Profile.

Table 2. Tracker Group

Field

Description

Tracker Elements*

This field is displayed only if you chose Tracker Type as the Tracker Group. Add the existing interface tracker names, separated with a space. When you add this tracker to the template, the tracker group is associated with these individual trackers, and you can then associate the tracker group to an interface.

Tracker Boolean

This field is displayed only if you chose Tracker Type as the Tracker Group. Select AND or OR.

OR is the default boolean operation. An OR ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the interface is active.

If you select the AND operation, the transport-interface status is reported as active if both the associated trackers of the tracker group report that the interface is active.

What to do next

Also see Deploy a configuration group.

Create a static route tracker

Before you begin

Use the System Template to create a tracker for static routes.

Delete existing static routes, if any, before you create a static route tracker. Configure a new static route tracker using the same prefix and next hop as the deleted static route.

Procedure

Step 1

From Cisco SD-WAN Manager menu, choose Configuration > Templates.

Step 2

Click Feature Templates.

Step 3

Navigate to the Cisco System template for the device.

For information about creating a System template, see Create System Template.

Step 4

Click Tracker. Click New Endpoint Tracker to configure the tracker parameters.

Table 3. Tracker Parameters

Field

Description

Name

Name of the tracker. The name can be up to 128 alphanumeric characters.

Threshold

Wait time for the probe to return a response before declaring that the configured endpoint is down. The range is from 100 to 1000 milliseconds. The default is 300 milliseconds.

Interval

Time interval between probes to determine the status of the configured endpoint. The default is 60 seconds (1 minute).

The range is from 20 to 600 seconds.

Multiplier

Number of times probes are sent before declaring that the endpoint is down. The range is from 1 to 10. The default is 3.

Tracker Type

From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices. You can associate this tracker group to a static route.

Endpoint Type

Choose endpoint type IP address.

Note

 

Configuring the tracker type Static Route using endpoint URL or endpoint DNS name is not supported.

End-Point Type: IP Address

IP address of the static route end point. This is the destination on the internet to which the router sends probes to determine the status of the route.

Step 5

Click Add.

Step 6

Click Save.

Complete all mandatory actions before saving the template.

Step 7

To create a tracker group, click Tracker Groups > New Endpoint Tracker Groups and configure the tracker parameters.

Ensure that you have created two trackers to form a tracker group.

Table 4. Tracker Group Parameters

Fields

Description

Name

Name of the tracker group.

Tracker Type

From the drop-down, choose Global. From the Tracker Type field drop-down, choose Static Route.

From Cisco IOS XE Catalyst SD-WAN Release 17.7.1a, you can configure a tracker group with dual endpoints on Cisco IOS XE Catalyst SD-WAN devices and associate this tracker group to a static route.

Tracker Elements

This field is displayed only if you chose Tracker-group as the tracker type. Add the existing interface tracker names (separated by a space). When you add this tracker to the template, the tracker group is associated with these individual trackers, and you can then associate the tracker group to a static route.

Tracker Boolean

From the drop-down list, choose Global. This field is displayed only if you chose tracker-group as the Tracker Type. By default, the OR option is selected. Choose AND or OR.

OR ensures that the static route status is reported as active if either one of the associated trackers of the tracker group report that the route is active.

If you select AND, the static route status is reported as active if both the associated trackers of the tracker group report that the route is active.

Step 8

Click Add.

Step 9

Click Save.

Complete all mandatory actions before saving the template.

Configure a next hop static route with tracker

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

Step 2

Click Feature Templates and navigate to Cisco VPN Template for the device.

For information about creating a VPN template, see Create VPN Template.

Step 3

Enter Template Name and Description as required.

Step 4

In Basic Configuration, by default, VPN is set to 0. Set a VPN value within (1–511, 513–65530) range for service VPNs, for service-side data traffic on Cisco IOS XE Catalyst SD-WAN devices.

You can configure static route tracker only on service VPNs.

Step 5

Click IPv4 Route and New IPv4 Route.

Step 6

In the IPv4 Prefix field, enter a value.

Step 7

Click Next Hop. Click Add Next Hop with Tracker and enter values for the fields listed in the table.

Parameter Name

Description

Address

Specify the next-hop IPv4 address.

Distance

Specify the administrative distance for the route.

Tracker

Enter the name of the gateway tracker to determine whether the next hop is reachable before adding that route to the route table of the device.

Add Next Hop with Tracker.

Enter the name of the gateway tracker with the next hop address to determine whether the next hop is reachable before adding that route to the route table of the device.

Step 8

Click Add and Save to create the static route with the next-hop tracker.

You need to fill all the mandatory fields in the form to save the VPN template.

Monitor static route tracker configuration

To view information about a static tracker on a transport interface:

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Monitor > Devices.

Step 2

Choose a device from the list of devices.

Step 3

Click Real Time.

Step 4

From the Device Options drop-down list, choose Endpoint Tracker Info.

Configure static routes using CLI

These sections provide information about how to configure static routes using the CLI.

You can configure static route tracking using the Cisco SD-WAN Manager CLI Add-on feature templates and CLI device templates. For more information on configuring using CLI templates, see CLI Templates.

Configure a static route tracker

Device# config-transaction 
Device(config)# endpoint-tracker <tracker-name> 
Device(config-endpoint-tracker)# tracker-type <tracker-type> 
Device(config-endpoint-tracker)# endpoint-ip <ip-address>   
Device(config-endpoint-tracker)# threshold <value> 
Device(config-endpoint-tracker)# multiplier <value> 
Device(config-endpoint-tracker)# interval <value>  
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a static route tracker with TCP port as the endpoint

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure a static route tracker with UDP port as the endpoint

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name> endpoint-tracker

Configure tracker groups

You can create tracker groups to probe static routes from Cisco IOS XE Catalyst SD-WAN Release 17.7.1a and Cisco vManage Release 20.7.1. 

Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name1>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> tcp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name1> endpoint-tracker 


Device# config-transaction  
Device(config)# endpoint-tracker <tracker-name2>      
Device(config-endpoint-tracker)# tracker-type <tracker-type>  
Device(config-endpoint-tracker)# endpoint-ip <ip-address> udp <port-number>  
Device(config-endpoint-tracker)# threshold <value>       
Device(config-endpoint-tracker)# multiplier <value>     
Device(config-endpoint-tracker)# interval <value>      
Device(config-endpoint-tracker)# exit 
Device(config)# track <tracker-name2> endpoint-tracker


Device(config)# endpoint-tracker <static-tracker-group>    
Device(config-endpoint-tracker)# tracker-type tracker-group  
Device(config-endpoint-tracker)# tracker-elements <tracker-name1> <tracker-name2> 
Device(config-endpoint-tracker)# boolean {and | or}
Device(config-endpoint-tracker)# exit
Device(config)# track <static-tracker-group> endpoint-tracker 

Device(config)# ip route vrf <vrf-name> <prefix> <mask> <nexthop-ipaddress> <administrative-distance> track name <static-tracker-group>

Note

  • Use the ip route command to bind a tracker or tracker group with a static route and to configure a backup route for administrative distance that is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

  • A tracker group can have a mix of endpoint trackers. For example, you can create a tracker group with an IP address tracker and UDP tracker.

Configuration examples static route tracking

Configure Tracker

This example shows how to configure a single static route tracker:


config-transaction 
!
 endpoint-tracker tracker1 
!
  tracker-type static-route  
  endpoint-ip 10.1.1.1   
  threshold 100 
  multiplier 5 
  interval 20 
  exit 
!
track tracker1 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name tracker1

This example shows how to configure a tracker with TCP port as endpoint:


config-transaction      
!
 endpoint-tracker tcp-10001 
!
  tracker-type static-route  
  endpoint-ip 10.0.0.1 tcp 10001  
  threshold    100  
  interval     10  
  multiplier   1  
  exit  
!
track tcp-10001 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name tcp-10001

This example shows how to configure a tracker with UDP port as endpoint: 


config-transaction      
!
  endpoint-tracker udp-10001  
!
    tracker-type static-route  
    endpoint-ip 10.0.0.1 udp 10001  
    threshold    100  
    interval     10  
    multiplier   1  
    exit  
!
track udp-10001 endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name udp-10001

Configure Tracker Groups

This example shows how to configure a tracker group with two trackers (two endpoints). You can create tracker groups to probe static routes. 


config-transaction 
!
 endpoint-tracker tcp-10001 
!
    tracker-type static-route   
    endpoint-ip 10.1.1.1 tcp 10001 
    threshold 100  
    multiplier 5 
    interval 20 
    track tcp-10001 endpoint-tracker 
!
 endpoint-tracker udp-10002 
!
   tracker-type static-route   
   endpoint-ip 10.2.2.2 udp 10002 
   threshold 100  
   multiplier 5 
   interval 20   
   track udp-10002 endpoint-tracker 
!   
endpoint-tracker static-tracker-group    
!
  tracker-type tracker-group 
  tracker-elements tcp-10001 udp-10002 
  boolean and 
  track static-tracker-group endpoint-tracker 
!
ip route vrf 1 192.168.0.0 255.255.0.0 10.1.19.16 100 track name static-tracker-group

Note

  • You must configure an administrative distance when you are configuring through CLI templates.

  • Use the ip route  command to bind the tracker or tracker group with a static route and to configure a backup route for administrative distance when it is higher than the default value of 1.

  • You can apply only one tracker to an endpoint.

Verify static route tracking configuration

Use these commands to verify if the configuration is committed. The sample configuration shows tracker definition for a static route tracker and it's application to an IPv4 static route: 

Device# show running-config | sec endpoint-tracker
endpoint-tracker tracker1
endpoint-ip 10.1.1.1
interval 60
multiplier 5
tracker-type static-route
endpoint-tracker tracker2
endpoint-ip 10.1.1.12
interval 40
multiplier 2
tracker-type static-route
track tracker2 endpoint-tracker
track tracker1 endpoint-tracker

Use this command to verify the IPv4 route:

Device# show running-config | inc ip route
ip route vrf 1 10.1.1.11 255.255.0.0 10.20.2.17 track name tracker2
ip route vrf 1 10.1.1.12 255.255.0.0 10.20.24.17 track name tracker1

The sample output from the show endpoint-tracker static-route command displaying individual static route tracker status: 

Device#  show endpoint-tracker static-route 
Tracker Name   Status     RTT (in msec) Probe ID
tcp-10001         UP         3             1
udp-10002         UP         1             6

The sample output from the show endpoint-tracker tracker-group command displaying tracker group status: 

Device# show endpoint-tracker group
Tracker Name               Element trackers name    Status         RTT in msec  Probe ID       
group-tcp-10001-udp-10002  tcp-10001, udp-10002     UP(UP AND UP)  5, 1          9, 10

The sample output from the show endpoint-tracker records command displaying tracker/tracker group configuration: 

Device# show endpoint-tracker records       
Record Name                Endpoint                 EndPoint Type Threshold(ms) Multiplier Interval(s) Tracker-Type   
group-tcp-10001-udp-10002  tcp-10001 AND udp-10002  N/A           N/A           N/A        N/A         static-tracker-group  
tcp-10001                  10.1.1.1                 TCP           100           1          20          static-route   
udp-10002                  10.2.2.2                 UDP           100           1          20          static-route

The sample output from the show ip static route vrf command: 

Device# show ip static route vrf 1       
Codes: M - Manual static, A - AAA download, N - IP NAT, D - DHCP, 
       G - GPRS, V - Crypto VPN, C - CASA, P - Channel interface processor, 
       B - BootP, S - Service selection gateway 
       DN - Default Network, T - Tracking object 
       L - TL1, E - OER, I - iEdge 
       D1 - Dot1x Vlan Network, K - MWAM Route 
       PP - PPP default route, MR - MRIPv6, SS - SSLVPN 
       H - IPe Host, ID - IPe Domain Broadcast 
       U - User GPRS, TE - MPLS Traffic-eng, LI - LIIN 
       IR - ICMP Redirect, Vx - VXLAN static route 
       LT - Cellular LTE, Ev - L2EVPN static route 
Codes in []: A - active, N - non-active, B - BFD-tracked, D - Not Tracked, P - permanent, -T Default Track 
Codes in (): UP - up, DN - Down, AD-DN - Admin-Down, DL - Deleted 
Static local RIB for 1  
T  192.168.0.0 [1/0] via 10.1.19.16 [A]