[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1125
  • Last Modified:

EIGRP or HSRP

Hello Guys, Looking for a design suggestion.
I have a single incomming circuit with a manage router, feeding a switch, which then feeds my two core routers (cisco 3800 ISR's) - Then finaly into a stack of L3 cisco 3750's

So my question is should I connect the 3750 and my two edge ISR's with EIGRP or should I just created an HSRP gateway and send it that way.. I know my real single point of failure is the manged ISP router. I am wondering how that managed router will send the traffic to me specialy with the one to one nats.  





0
JPDU4
Asked:
JPDU4
  • 12
  • 6
  • 2
  • +1
1 Solution
 
JPDU4Author Commented:
I know that both ISR will need to have the firewalls rules.  
0
 
Robert Sutton JrSenior Network ManagerCommented:
How are your routes being advertised? Is the rest of your network setup the same way?
0
 
Don JohnstonInstructorCommented:
Personally, I would use EIGRP. Much easier to troubleshoot.

Are you receiving any routes from your ISP?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
ipajonesCommented:
HSRP and EIGRP do different things, you may want to use both depending on requirements.  For example you might want HSRP between the core routers to create a redundant routing pair but equally use EIGRP to advertise all your subnets between the routers and L3 switches.  Are you already using a dynamic routing protocol and what you actually trying to do here ?
--IJ
0
 
Don JohnstonInstructorCommented:
Since HSRP is a FHRP (First Hop Routing Protocol), it comes with it's own set of challenges when using it in lieu of a dynamic routing protocol.  

For example: If you create an HSRP pair on the 3800's, you'll have to create static routes for the networks inside of the 3750's.  Or it you create an HSRP pair on the 3750's, you'll still have to create a static route on the 3800's.

I really don't get the logic behind using HSRP (or VRRP or GLBP) in router to router environments unless there's a reason you can't run an IGP.  
0
 
ipajonesCommented:
@donjohnston,  I agree.  I wasn't thinking HSRP or EIGRP I was thinking possibly both depending on requirements.

It's difficult to recommend without more clarification on requirements but it may be that running HSRP on the 3750's to create redundancy of the VLAN SVI's, which would provide a redundant gateway to clients, may be required as part of the solution.
--IJ
0
 
JPDU4Author Commented:
Thanks Guys,

Through some testing here with GNS3 I was able to accomplish my goal using EIGRP... Convergence is much faster.  One thing I had to set up which I had not done before was to set up a couple /30's between my 3750 core and the 3800's  (one fore each uplink) Originally the the 3750 and the two 3800s were using ip addresses on the same segment... and I had a default route for the ISP. When Trying to just enable EIGRP on those interfaces I received a overlapping ip error...

VIA this lab I am able to accomplish my out bound goals, Now the in bound goals.. The 3800 will perform a handful of one 2 one (outside to inside) nats and act as the Firewalls...




I just created the one to one nat statements (the same one to one on each router) but I am now getting a  %IP-4-DUPADDR: Duplicate address x.x.x.x on FastEthernet0/0, sourced by c001.0d3c.0000


attached here is  outline of what  this set up looks like....
LAB
0
 
JPDU4Author Commented:
updated lab
0
 
JPDU4Author Commented:
so for an example I would do a one to one on both 3800 routers


ip nat inside source static 10.1.30.10 13.13.13.10



then i get this error on both routers
%IP-4-DUPADDR: Duplicate address 13.13.13.10 on FastEthernet0/0, sourced by c002.0d3c.0000
0
 
JPDU4Author Commented:
crap the /32 on the left should be a /30  
LAB.JPG
0
 
Don JohnstonInstructorCommented:
This is going to be a problem. If you try to translate traffic to the same address on two different routers, there's no way to assure that returning traffic goes to the correct router. You'll have to let one router translate to one address (or range) and the other translate to a second address (or range).
0
 
JPDU4Author Commented:
Thanks donjohnston

Crap, what is an alternative to this. Any suggestions...
0
 
Don JohnstonInstructorCommented:
Using a different pool on each router.
0
 
JPDU4Author Commented:
I may be over looking something, but my over all goal is to ensure redundancy. In that situation I would have to be ready to perform an config change of one of my 3800s took a dump
0
 
Don JohnstonInstructorCommented:
Correct.
0
 
JPDU4Author Commented:
Whats another option active/passive ASA maybe?
0
 
JPDU4Author Commented:
Any other options for a active active
0
 
Don JohnstonInstructorCommented:
If you have ASA's, you could go Active/Active or Active/Passive. Either one should work.
0
 
JPDU4Author Commented:
Hello Donjohnston,
how would the one to one nats work with an asa and not with the ISR
0
 
JPDU4Author Commented:
I think is going to be the fix, trying it now in the lab

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnthsrp.html
0
 
JPDU4Author Commented:
URL points to the fix... Thank you
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 12
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now