Chapter 8
Configuring IP Routing and DHCP Services
Monitoring a Static or Default Route
Note
Currently, you can only monitor routes for one network as specified in the route-monitor command.
If you configured multiple static or default routes, FWSM lets you configure multiple routes to monitor
whether there are any problems on the active route, and if so, switches to an alternate route on the
network in the event a router goes down.
To do this, FWSM route monitoring process starts to send out ICMP queries to determine the best two
static route for the destination network and a back up route at a configurable interval of time set. The
interval of sending the ICMP query is set by the interval keyword; valid values are 100 to 3000, with the
default value at 300 milliseconds. The query is always sent to both of the chosen routers, keeping the
current available status locally.
The two routes chosen have the least metric distance, with the lowest chosen as the best path to send
traffic. In the FWSM, the route-monitor command will automatically choose the best two routes among
the static routes configured. The next best path always gets installed in the routing table when the current
route goes down, and the current one becomes the backup router.
If the ICMP query does not receive a configurable threshold number set by the failures keyword, the
router is determined to be unreachable. The failures keyword is the maximum number of ICMP queries
that are not replied to before the router is determined to be down; the default value being five seconds.
At this point the backup route takes precedence, provided this route was reachable, and becomes the best
route. The original route then becomes the backup route.
If the original best route becomes reachable again, then FWSM switches back to that route and the
current best route becomes the backup route. If in case both routes become unreachable, then both are
made backup routes. However, there is no change in the routing table.
To monitor a static or default route, and to switch to an alternate path in the event a router goes down,
use the Command Line Interface tool to enter the following command.
hostname(config-if)# route-monitor network_address network_mask [query_interval interval]
[max-failures failures]
Defining a Route Map
Route maps are used to redistribute routes between processes or for route health injection (RHI). To
define a route map for use with supported features, perform the following steps:
To create a route map entry, enter the following command:
Step 1
hostname(config)# route-map name {permit | deny} [sequence_number]
Route map entries are read in order. You can identify the order using the sequence_number option, or
the FWSM uses the order in which you add the entries.
Enter one or more match commands:
Step 2
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
To match any routes that have a destination network that matches a standard access list, enter the
following command:
hostname(config-route-map)# match ip address acl_id [acl_id] [...]
Defining a Route Map
8-5