Solved

Path selection between VPN and eigrp routing

Posted on 2014-11-02
6
253 Views
Last Modified: 2014-11-08
Hi Expert
I met a situation. In order to simplify it, I imitate it with the following diagram

aaa
there is a vpn tunnel between Pix1 and Pix3. R4 has two paths to reach R5. One is the vpn and another is through R6. The result is the traffic goes through R6(R5, R6 and R4 are configured with eigrp) and the vpn is just backup.

The question is how to configure the balance in order that the traffic goes through the vpn and R6 is used as backup ? As we know, AD, metric and cost etc decide the path selection. in this situation, what factor affect the path selection ? thank you.
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40418958
You can create unequal load balance by change variance with command:
r1(config)#router eigrp x
r1(config-router)#variance y

But in order for EIGRP to use VPN link as load balance that route must be in topology table.

To enter topology table (and not to enter routing table) as feasible successor route must satisfy few rules.
1. feasible successor route must have cost bigger that successor route cost
2. advertised distance of feasible successor route must be less than feasible distance cost of successor route

Cost calculation formulaBy manipulating bandwidth and delay you can set route cost advertised and feasible distance to desired value to enter EIGRP topology table

How route to enter topology table simplification
R1#show ip eigrp topology

P10.0.0.0/8, 1 successors, FD is 2707456
        via33.168.30.2 (2707456/2195456), Eth1/0
        via192.168.1.2 (3507456/2495456), Eth1/1

cost of green route (2707456) < cost of yellow route (3507456)
cost of blue route (2495456) < cost of green route (2707456)

if cost of green route = cost of yellow route - both routes go to routing table and automatically starts equal cost balance

To determine variance  value formula is
FD of feasible successor / FD of successor = y (ceiling rounding)
in this example
2907456/2707456 = 1.295 so variance (rounded it is 2) would do the trick for unequal load balance

But, as much as I know, firewalls don't appreciate things like this (but that was not your question). :)

PS
Whatever route data need to travel to load balance, or to be primary/backup route basic principle is the same.
0
 

Author Comment

by:EESky
ID: 40420817
Thank you for your reply. but i do not think so. the problem is this vpn does not allow eigrp go through.
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40420947
I don't know your exact configuration, and I wrote answer as it was wrote (at least how I understand question). VPN tunnels are capable of support EIGRP with encapsulation of IP packets with encapsulated GRE packets. I thought that's how your VPN  tunnel is created. This pointed me in that direction
The question is how to configure the balance
:)

For EIGRP to work over VPN create GRE tunnel on both sides, encapsulate data in a  GRE packet and then GRE packets encapulated in IP packets insert into VPN. GRE tunnel is capable of encapsulating  L3 protocols.

You can set static routes (AD 1 - that will beats AD of EIGRP) to forward traffic in needed direction, also if you configure EIGRP over tunnel and set summary routes (AD 5) for tunnel routes, that will beat AD of non summarized routs over R4-R5-R6. If you go with static routes - create static routes with tracking object,  so router can forward traffic through backup route if primary route becomes unavailable .

I hope this is what you need, since I still have no clear idea what your needs are.
0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 

Author Comment

by:EESky
ID: 40423252
Sorry, I think i did not express it clear and in detail.
R5 has default route toward Pix1 and R4 has difault route toward Pix3. Pix1 and Pix3 have a l2l tunnel. In the topology, the traffic goes through R5-R6-R4 and the vpn is used as backup. It looks like the AD of eigrp does not take effect in path selection.
0
 
LVL 29

Accepted Solution

by:
Predrag Jovic earned 500 total points
ID: 40423325
AD takes part at route selection, but there's a rule that comes in place before AD - more specific route (Prefix length). If there is more specific route it is always used. Default route is used only when there's no more specific route to destination (gateway of last resort is always least specific route).
When there are two paths of the same specificity - then AD comes to place.

Let's say if you need to forward traffic to 192.168.0.0/24 through pix static route will do the trick
ip route 192.168.0.0 255.255.255.0 x.x.x.x (IP address of the tunnel on other side of tunnel)
but if you set another route
ip route 192.168.0.2 255.255.255.255 y.y.y.y (R6 ip address of e1/0)
all traffic to 192.168.0.0/24 will be forwarded through pix except traffic to 192.168.0.2, cause it is more specific route.

Route Selection in Cisco Routers
0
 

Author Comment

by:EESky
ID: 40430436
Thank you! You are right
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port# 500 and 4500 not open by ISP 10 44
Ping in Fortigate 2 36
Static Route on Cisco ISR 4431's 4 30
SSL-VPN Solution 8 16
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question