blunted1
asked on
Configuring EIGRP
I'm trying to implement EIGRP on my network, rather than use the static routes I currently have in place. I'm looking for this to provide a fail over when one of my internet links fails, routing the traffic out the other interface. The pertinent configs are as follows, along with a network diagram of how things are physically connected.
Core 3750 Switch:
router eigrp 1
network 10.0.0.0
!
ASA:
router eigrp 1
no auto-summary
network 10.0.0.0 255.0.0.0
network 65.XXX.XXX.XXX 255.255.255.248
network 69.XXX.XXX.XXX 255.255.255.248
2600 w/T1:
router eigrp 1
no auto-summary
network 65.XXX.XXX.XXX 255.255.255.248
My question is what do I need to do to make the 69.XXX.XXX.XXX/29 join EIGRP since it's directly connected to the ASA, no additional router is involved.
Right now in ASDM, I don't see it in 'EIGRP Neighbors'
On the core switch when I run:
sh eigrp address-family ipv4 topology
I do see both internet links 69.XXX.XXX.XXX/29 and 65.XXX.XXX.XXX/29. Does this mean it's working properly?
How do I make the 69.XXX.XXX.XXX/29 link become my primary route out? Even if it fails to 65.x/29, I want it to fail back over to 69.x/29 when at all possible.
Thanks,
blunted1
EIGRP-config.jpg
Core 3750 Switch:
router eigrp 1
network 10.0.0.0
!
ASA:
router eigrp 1
no auto-summary
network 10.0.0.0 255.0.0.0
network 65.XXX.XXX.XXX 255.255.255.248
network 69.XXX.XXX.XXX 255.255.255.248
2600 w/T1:
router eigrp 1
no auto-summary
network 65.XXX.XXX.XXX 255.255.255.248
My question is what do I need to do to make the 69.XXX.XXX.XXX/29 join EIGRP since it's directly connected to the ASA, no additional router is involved.
Right now in ASDM, I don't see it in 'EIGRP Neighbors'
On the core switch when I run:
sh eigrp address-family ipv4 topology
I do see both internet links 69.XXX.XXX.XXX/29 and 65.XXX.XXX.XXX/29. Does this mean it's working properly?
How do I make the 69.XXX.XXX.XXX/29 link become my primary route out? Even if it fails to 65.x/29, I want it to fail back over to 69.x/29 when at all possible.
Thanks,
blunted1
EIGRP-config.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is configurable by you. The SLA tracking can be configured to send icmp at intervals you define. Once the tracking state changes to down, the route will be removed immediately. It will happen in a matter of a few seconds if you like.
In my experience, SLA is a truer test of Internet connectivity to and even through the isp than BGP peering with your isp who might have a routing problem themselves but still show as up in BGP.
In my experience, SLA is a truer test of Internet connectivity to and even through the isp than BGP peering with your isp who might have a routing problem themselves but still show as up in BGP.
I should also mention that the sla tracking will be faster than a default hold down BGP timer anyway.
True. Also, your ASA cant do BGP whatsoever.
Route-tracking will do fine for outbound traffic but since you have different public ip:s on your internet connections, a failover to the secondary ISP will make your public services (web servers and so on...) reachable via the primary ISP ip-addresses unreachable.
/Kvistofta
Route-tracking will do fine for outbound traffic but since you have different public ip:s on your internet connections, a failover to the secondary ISP will make your public services (web servers and so on...) reachable via the primary ISP ip-addresses unreachable.
/Kvistofta
/agreed.. If you have need for remote Internet access into internal services, this is a different story altogether.
ASKER
OK fellas, I learned a lot today ;-)
I'm leaving EIGRP alone for now as I have only a single default route out from my core switch. I've now implemented the SLA monitor to keep my internet users happy.
I don't have any need for users from the outside world for any traffic at this time, so this should suffice.
I found this command to be very useful in determining if I did things correctly:
show sla monitor operational-state
The only other question I have is about the recovery of the link. If the result from the sla monitor gets an ICMP response, will it grab that route again?
Thanks,
blunted1
I'm leaving EIGRP alone for now as I have only a single default route out from my core switch. I've now implemented the SLA monitor to keep my internet users happy.
I don't have any need for users from the outside world for any traffic at this time, so this should suffice.
I found this command to be very useful in determining if I did things correctly:
show sla monitor operational-state
The only other question I have is about the recovery of the link. If the result from the sla monitor gets an ICMP response, will it grab that route again?
Thanks,
blunted1
ASKER
The SLA is in place, which I didn't even know I needed before this EIGRP question ;-)
peace,
blunted1
peace,
blunted1
The only other question I have is about the recovery of the link. If the result from the sla monitor gets an ICMP response, will it grab that route again?
Yes, when the reachability track is again successful, the route will be re-added to the table.
Yes, when the reachability track is again successful, the route will be re-added to the table.
ASKER
So with route-tracking it will provide the necessary fail over, but how fast are we talking? Should I focus my efforts on BGP with the two carriers, or should I proceed with route-tracking?
Thanks,
blunted1