Solved

Path selection between VPN and eigrp routing

Posted on 2014-11-02
6
261 Views
Last Modified: 2014-11-08
Hi Expert
I met a situation. In order to simplify it, I imitate it with the following diagram

aaa
there is a vpn tunnel between Pix1 and Pix3. R4 has two paths to reach R5. One is the vpn and another is through R6. The result is the traffic goes through R6(R5, R6 and R4 are configured with eigrp) and the vpn is just backup.

The question is how to configure the balance in order that the traffic goes through the vpn and R6 is used as backup ? As we know, AD, metric and cost etc decide the path selection. in this situation, what factor affect the path selection ? thank you.
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40418958
You can create unequal load balance by change variance with command:
r1(config)#router eigrp x
r1(config-router)#variance y

But in order for EIGRP to use VPN link as load balance that route must be in topology table.

To enter topology table (and not to enter routing table) as feasible successor route must satisfy few rules.
1. feasible successor route must have cost bigger that successor route cost
2. advertised distance of feasible successor route must be less than feasible distance cost of successor route

Cost calculation formulaBy manipulating bandwidth and delay you can set route cost advertised and feasible distance to desired value to enter EIGRP topology table

How route to enter topology table simplification
R1#show ip eigrp topology

P10.0.0.0/8, 1 successors, FD is 2707456
        via33.168.30.2 (2707456/2195456), Eth1/0
        via192.168.1.2 (3507456/2495456), Eth1/1

cost of green route (2707456) < cost of yellow route (3507456)
cost of blue route (2495456) < cost of green route (2707456)

if cost of green route = cost of yellow route - both routes go to routing table and automatically starts equal cost balance

To determine variance  value formula is
FD of feasible successor / FD of successor = y (ceiling rounding)
in this example
2907456/2707456 = 1.295 so variance (rounded it is 2) would do the trick for unequal load balance

But, as much as I know, firewalls don't appreciate things like this (but that was not your question). :)

PS
Whatever route data need to travel to load balance, or to be primary/backup route basic principle is the same.
0
 

Author Comment

by:EESky
ID: 40420817
Thank you for your reply. but i do not think so. the problem is this vpn does not allow eigrp go through.
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40420947
I don't know your exact configuration, and I wrote answer as it was wrote (at least how I understand question). VPN tunnels are capable of support EIGRP with encapsulation of IP packets with encapsulated GRE packets. I thought that's how your VPN  tunnel is created. This pointed me in that direction
The question is how to configure the balance
:)

For EIGRP to work over VPN create GRE tunnel on both sides, encapsulate data in a  GRE packet and then GRE packets encapulated in IP packets insert into VPN. GRE tunnel is capable of encapsulating  L3 protocols.

You can set static routes (AD 1 - that will beats AD of EIGRP) to forward traffic in needed direction, also if you configure EIGRP over tunnel and set summary routes (AD 5) for tunnel routes, that will beat AD of non summarized routs over R4-R5-R6. If you go with static routes - create static routes with tracking object,  so router can forward traffic through backup route if primary route becomes unavailable .

I hope this is what you need, since I still have no clear idea what your needs are.
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 

Author Comment

by:EESky
ID: 40423252
Sorry, I think i did not express it clear and in detail.
R5 has default route toward Pix1 and R4 has difault route toward Pix3. Pix1 and Pix3 have a l2l tunnel. In the topology, the traffic goes through R5-R6-R4 and the vpn is used as backup. It looks like the AD of eigrp does not take effect in path selection.
0
 
LVL 29

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 40423325
AD takes part at route selection, but there's a rule that comes in place before AD - more specific route (Prefix length). If there is more specific route it is always used. Default route is used only when there's no more specific route to destination (gateway of last resort is always least specific route).
When there are two paths of the same specificity - then AD comes to place.

Let's say if you need to forward traffic to 192.168.0.0/24 through pix static route will do the trick
ip route 192.168.0.0 255.255.255.0 x.x.x.x (IP address of the tunnel on other side of tunnel)
but if you set another route
ip route 192.168.0.2 255.255.255.255 y.y.y.y (R6 ip address of e1/0)
all traffic to 192.168.0.0/24 will be forwarded through pix except traffic to 192.168.0.2, cause it is more specific route.

Route Selection in Cisco Routers
0
 

Author Comment

by:EESky
ID: 40430436
Thank you! You are right
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Failover for DMVPN 3 58
Routing Issue 26 67
Cisco WLC certificate question 4 13
Need to cut my Verizon home cost 3 63
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question