Trying to track down an outage. Our Cisco ASR has a tunnel configured as
IP: 100.64.#.# Source: 192.#.#.# (Amazon DX block, this address is also configured as a loopback on another interface) Destination: 52.#.#.# (tunnel endpoint through Amazon)
Our router tracks a dozen or so echoes, if echoes from the IP (100.64.#.#) fail, the router assumes the tunnel is down and forwards everything to a secondary router. It also tracks echoes from the Source (192.#.#.#) which is from our Amazon Direct Connect block, there have been instances where these echoes failed simultaneously and I'm just curious what exactly is the situation when that happens?
edit: config added by request:
interface Loopback0
ip address 192.a.a.a 255.255.255.0
ip virtual-reassembly
interface Tunnel1
ip address 100.64.b.b 255.255.255.252
ip nat outside
ip tcp adjust-mss 1436
tunnel source 192.a.a.a
tunnel destination 52.c.c.c
tunnel path-mtu-discovery
The router does BGP and there are several virtual interfaces for 169.254.#.# addresses. There are also several echoes like:
ip sla 11
icmp-echo 8.8.8.8 source-ip 192.a.a.a
threshold 900
timeout 900
frequency 1
ip sla schedule 11 life forever start-time now
If the above one and similar fail, the router inserts a next hop to our secondary router that does not touch any kind of tunnels as it assumes the tunnel is down.
There are several more echoes like:
ip sla 21
icmp-echo 100.64.c.c source-ip 100.64.b.b
threshold 900
timeout 900
frequency 1
ip sla schedule 21 life forever start-time now
ip sla 22
icmp-echo 8.8.8.8 source-ip 100.64.b.b
threshold 900
timeout 900
frequency 1
ip sla schedule 22 life forever start-time now
The router doesn't do any events if these change state, but I'm assuming that it means we have an ISP outage and it takes care of this through the route map. But since these are the only events in the log I'm looking to get some data on how frequently it happens. Sorry if its missing anything else that might be helpful, the router config is over 1000 lines, we have 2 routes from our primary ISP, one is for AWS direct connect, the second is regular traffic, then we have a backup ISP route for tunnel traffic as well.
