Thanks for posting! The most common means of fail-over is to use higher administrative distance default routes. Below is an example.
ip route 0.0.0.0 0.0.0.0 ppp 1
ip route 0.0.0.0 0.0.0.0 ppp 2 10
In this example, adding "10" as the administrative distance keeps the "ppp 2" route from being used as long as "ppp 1" is up. However, this configuration will only fail over if the PPP interface goes down. Network problems further upstream could prevent service. Also, ethernet WAN connections can often have problems with IP connectivity even though the ethernet interface never goes down. In these cases, our Network Monitor feature will help determine when a default route change should take place. Below is an example taken from Network Monitoring in AOS (DOC-1646). You can use that link for more detailed information. In this example, a primary route exists through 184.108.40.206 and a backup route would go to 220.127.116.11.
1. Configure the probe:
probe ping1 icmp-echo
tolerance consecutive fail 3
2. Configure the track:
test if probe ping1
3. Configure the administrative distance of the secondary link:
ip route 0.0.0.0 0.0.0.0 18.104.22.168 100
4. Configure PBR:
ip access-list extended ping1
permit icmp any host 22.214.171.124
route-map probeping1 permit 10
match ip address ping1
set ip next-hop 126.96.36.199
set interface null 0
ip local policy route-map probeping1
5. Associate track with primary route:
ip route 0.0.0.0 0.0.0.0 188.8.131.52 track ping1
This configuration will invalidate the route to 184.108.40.206 in the event that we have 3 consecutive failures to receive an ICMP echo response on that primary interface. Of course, you will want to change the IP addresses, ping probe tolerances, etc. to fit your specific application.
There are a couple of other significant considerations when setting up multiple WAN connections. First, if you are doing NAT for a private LAN behind the Adtran unit, you will need to make sure your firewall rules allow for NAT to fail over quickly and use the appropriate public IP address.
ip firewall fast-nat-failover
interface ppp 1
ip address 220.127.116.11 255.255.255.252
media-gateway ip primary
interface eth 0/1
ip address 18.104.22.168 255.255.255.252
media-gateway ip primary
interface eth 0/2
ip address 192.168.1.254 255.255.255.0
ip access-list extended matchall
permit ip any any
ip policy-class Private
nat source list matchall address 22.214.171.124 overload policy Public1
nat source list matchall address 126.96.36.199 overload
Please take note of the "policy Public1" associated with the first NAT statement. This optional parameter ensures that the source IP address will be changed to 188.8.131.52 only if the traffic is destined for the interface on which "Public1" is applied, in this example the PPP 1 interface. In the fail-over scenario, this condition would not be met, so the new outbound session would fall through to the rule which will change the source IP address to 184.108.40.206. Additional information for firewall settings can be found in Configuring the Firewall in AOS (DOC-1657).
The last significant consideration would be your SIP registrations. Once your TA908e has switched over to the backup link, we want to make sure a SIP registration goes out this new link so that inbound calls will use the reachable IP address. The route table change will not directly trigger a SIP registration, so we can just use short registration timers to make sure the new registration occurs within a relatively short window. Consider a case where the network SIP registrar provides a 5 minute (300 second) expire time on our registrations. We would rather not wait five minutes for the new registration, so we can use the following command to ensure that new registrations are sent every 30 seconds (270 seconds prior to expiration).
voice trunk T01 type sip
registrar threshold absolute 270
Hope this helps,
Very helpful. Thank you for your assistance.
On Wed, Apr 11, 2012 at 12:35 PM, david <
I went ahead and flagged this post as “Assumed Answered”. If any of the responses on this thread assisted you, please mark them as Correct or Helpful answers as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.