Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Path selection between VPN and eigrp routing

Posted on 2014-11-02
6
Medium Priority
?
287 Views
Last Modified: 2014-11-08
Hi Expert
I met a situation. In order to simplify it, I imitate it with the following diagram

aaa
there is a vpn tunnel between Pix1 and Pix3. R4 has two paths to reach R5. One is the vpn and another is through R6. The result is the traffic goes through R6(R5, R6 and R4 are configured with eigrp) and the vpn is just backup.

The question is how to configure the balance in order that the traffic goes through the vpn and R6 is used as backup ? As we know, AD, metric and cost etc decide the path selection. in this situation, what factor affect the path selection ? thank you.
0
Comment
Question by:EESky
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Predrag
ID: 40418958
You can create unequal load balance by change variance with command:
r1(config)#router eigrp x
r1(config-router)#variance y

But in order for EIGRP to use VPN link as load balance that route must be in topology table.

To enter topology table (and not to enter routing table) as feasible successor route must satisfy few rules.
1. feasible successor route must have cost bigger that successor route cost
2. advertised distance of feasible successor route must be less than feasible distance cost of successor route

Cost calculation formulaBy manipulating bandwidth and delay you can set route cost advertised and feasible distance to desired value to enter EIGRP topology table

How route to enter topology table simplification
R1#show ip eigrp topology

P10.0.0.0/8, 1 successors, FD is 2707456
        via33.168.30.2 (2707456/2195456), Eth1/0
        via192.168.1.2 (3507456/2495456), Eth1/1

cost of green route (2707456) < cost of yellow route (3507456)
cost of blue route (2495456) < cost of green route (2707456)

if cost of green route = cost of yellow route - both routes go to routing table and automatically starts equal cost balance

To determine variance  value formula is
FD of feasible successor / FD of successor = y (ceiling rounding)
in this example
2907456/2707456 = 1.295 so variance (rounded it is 2) would do the trick for unequal load balance

But, as much as I know, firewalls don't appreciate things like this (but that was not your question). :)

PS
Whatever route data need to travel to load balance, or to be primary/backup route basic principle is the same.
0
 

Author Comment

by:EESky
ID: 40420817
Thank you for your reply. but i do not think so. the problem is this vpn does not allow eigrp go through.
0
 
LVL 31

Expert Comment

by:Predrag
ID: 40420947
I don't know your exact configuration, and I wrote answer as it was wrote (at least how I understand question). VPN tunnels are capable of support EIGRP with encapsulation of IP packets with encapsulated GRE packets. I thought that's how your VPN  tunnel is created. This pointed me in that direction
The question is how to configure the balance
:)

For EIGRP to work over VPN create GRE tunnel on both sides, encapsulate data in a  GRE packet and then GRE packets encapulated in IP packets insert into VPN. GRE tunnel is capable of encapsulating  L3 protocols.

You can set static routes (AD 1 - that will beats AD of EIGRP) to forward traffic in needed direction, also if you configure EIGRP over tunnel and set summary routes (AD 5) for tunnel routes, that will beat AD of non summarized routs over R4-R5-R6. If you go with static routes - create static routes with tracking object,  so router can forward traffic through backup route if primary route becomes unavailable .

I hope this is what you need, since I still have no clear idea what your needs are.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:EESky
ID: 40423252
Sorry, I think i did not express it clear and in detail.
R5 has default route toward Pix1 and R4 has difault route toward Pix3. Pix1 and Pix3 have a l2l tunnel. In the topology, the traffic goes through R5-R6-R4 and the vpn is used as backup. It looks like the AD of eigrp does not take effect in path selection.
0
 
LVL 31

Accepted Solution

by:
Predrag earned 2000 total points
ID: 40423325
AD takes part at route selection, but there's a rule that comes in place before AD - more specific route (Prefix length). If there is more specific route it is always used. Default route is used only when there's no more specific route to destination (gateway of last resort is always least specific route).
When there are two paths of the same specificity - then AD comes to place.

Let's say if you need to forward traffic to 192.168.0.0/24 through pix static route will do the trick
ip route 192.168.0.0 255.255.255.0 x.x.x.x (IP address of the tunnel on other side of tunnel)
but if you set another route
ip route 192.168.0.2 255.255.255.255 y.y.y.y (R6 ip address of e1/0)
all traffic to 192.168.0.0/24 will be forwarded through pix except traffic to 192.168.0.2, cause it is more specific route.

Route Selection in Cisco Routers
0
 

Author Comment

by:EESky
ID: 40430436
Thank you! You are right
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question