Link to home
Start Free TrialLog in
Avatar of Techrunner
Techrunner

asked on

Dynamic Routing Implementation

Hello  Experts,
The below diagram shows  our network between Building A and Building B connected with Fiber. Currently I have no dynamic routing protocols in place only static default routes. I want to implement it on both buildings.

Please can someone advise what is the best and recommended practice I should use and how to configure it avoid any assymetric routing and loops.
Thanks


User generated image
Thanks
Avatar of NetExpert Network Solutions Pte Ltd
NetExpert Network Solutions Pte Ltd
Flag of Singapore image

We may need to know the answers for the below questions, before suggesting to redesign your network

1.Approximately how many subnets are there in both site.
2.Does this building are located very near with each other or far away
3.How those buildings are connected? dark fiber or Ethernet
4.what kind of link commissioned between the buildings? is it point to point fiber cable connectivity or thru service provider

Based on the above answer, we can suggest the design

Thanks
Avatar of Techrunner
Techrunner

ASKER

Thanks

1.Approximately how many subnets are there in both site.

Site A : currently 71
Site B : currently 20 and might increase to 35 later


2.Does this building are located very near with each other or far away

Approx 1.5 KM.


3.How those buildings are connected? dark fiber or Ethernet

Single Mode Fiber

4.what kind of link commissioned between the buildings? is it point to point fiber cable connectivity

Point to Point
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
agreed craigbeck.

Since you are going to change the production network, I would like to make sure the the below methods been followed

1.Make sure the point to point link to be L3 ( no trunk or access port)

2.Enable STP root bridge independent with building( both sites should have primary and backup root bridge as P2P link is going to change L3)

3.Enable EIGRP across the P2P link. While you enable EIGRP make sure, which link has to be primary and which one has to be backup. You can achieve by changing the bandwidth,delay parameters on the interface

Thanks
Based on your topology diagram, it seems same network been spread across building? if so, we may need to segregate it separately before enabling dynamic routing protocols.

Else the solution wont work

Thanks
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you guys for the response.

As craigbeck sugggested I will go with EIGRP, changing the link between Building A to Building B to L3, I have issue because couple of VLANs need to span to Building B.
I would use separate fiber-pairs for the L2 links between sites.  Terminate them at the remote DSW but don't add an SVI for the VLAN(s) at the remote DSWs; just the core (as you probably have already).
Sir,
I am going add to point to point Wireless bridging between these two sites for backup purpose so I can use this link for spanning vlans

Thanks
I'd use routing over a wireless link, especially here.  Of course, you could use the Wifi link to do it your way... I'm just giving you my opinion :-)

The problem you'll get though is that you'll have VLANs at the remote site (where there's no core) which won't exist at the core site, because you're going to route over the links between the core and distribution layers.  If you want to go L2 at the backup link it'll mean you have to put all your remote-site subnets at the core site too.  That won't work.
Yes correct having L2 wireless backup will be would be pain especially when changing the fiber links to Layer 3.

The suggestion is to keep fiber and wireless links as L3. Only the issue have is to spread some vlans to building B. With Fiber I can achieve it through terminating the pairs, for example if the fiber links completely goes offline I will have issue spreading VLANs through Wireless.
What I keep the Layer 2 links between Cores and DSWs and implement EIGRP ?

Thanks
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@samir381988,

I have attached the proposed topology here.. check with attachment
118.JPG
@Netexpert Thanks a lot I will go it through and let yo know my feedback

@craigbeck: Yes I could transit vlan. so I put configure the links as follows and configure the wireless links to spread required vlans.



Core1

int gi0/1
switchport mode access vlan 200
switchport mode access

int vlan 200
ip address 10.1.200.2 255.255.255.248
standby 200 ip 10.1.200.1
standby 200 priority 110
standby 200 preempt

Core 2

int gi0/1
switchport mode access vlan 200
switchport mode access

int vlan 200
ip add 10.1.200.3 255.255.255.248
standby 200 ip 10.1.200.1
standby 200 priority 95
standby 200 preempt


DSW1 and DSW2 ( StacK) 

int gi1/1 and int gi2/1
switchport mode access
switchport access vlan 200

int vlan 200
ip add 10.1.200.4 255.255.255.0

Open in new window

I prepared this configuration. Please have a look if I am on the right track.

Core 1

int gi1/1
description Link to Core 2
switchport mode trunk
switchport trunk encapsulation dot1q

int g1/2
description Link to DSW1
switchport mode trunk
switchport trunk vlan 2,3,100

int g1/2
description Link to DSW2
switchport mode trunk
switchport trunk vlan 2,3,100


int vlan 100
description Transit VLAN for EIGRP
ip add 10.1.100.1 255.255.255.248

int vlan 2
ip add 10.1.2.254 255.255.255.0
standby 2 ip 10.1.2.1
standby 2 priority 110

router eigrp 100
no auto-summary
passive-interface default
no passive-interface vlan 100
network 0.0.0.0


Core2

Core 1

int gi1/1
description Link to Core 1
switchport mode trunk
switchport trunk encapsulation dot1q

int g1/2
description Link to DSW1
switchport mode trunk
switchport trunk vlan 2,3,100

int g1/2
description Link to DSW2
switchport mode trunk
switchport trunk vlan 2,3,100


int vlan 100
description Transit VLAN for EIGRP
ip add 10.1.100.2 255.255.255.248

int vlan 2
ip add 10.1.2.253 255.255.255.0
standby 2 ip 10.1.2.1
standby 2 priority 95

router eigrp 100
no auto-summary
passive-interface default
no passive-interface vlan 100
network 0.0.0.0

DSW1

int gi1/1
description Link to Core1
switchport mode trunk
switchport trunk encapsulation dot1q

int gi2/1
description Link to Core2
switchport mode trunk
switchport trunk encapsulation dot1q

int vlan 10
ip add 10.1.10.1 255.255.255.0

int vlan 100
ip add 10.1.100.3 255.255.255.0

router eigrp 100
no auto-summary
passive-interface default
no passive-interface vlan 100
network 0.0.0.0

Open in new window

@samir381988,

I have gone thru the config. Yes, the config should work.

int g1/2
description Link to DSW1
switchport mode trunk
switchport trunk vlan 2,3,100

int g1/2   ==> it should be Gi1/3 or some other port
description Link to DSW2
switchport mode trunk
switchport trunk vlan 2,3,100

Since you have total of 4 P2P link, i believe you no need to have wireless bridge. I am very sure that , all the 4 P2P link wont go down at one time.

Thanks
Thanks I am just making few tests now by shuting down the interfaces one by one to determine the flow of traffic
Hi,

I've simulating this design on GNS3 and packet tracer but the issue I am issue that EIGRP neighbour  relationship flapping goes up/down

Any idea ?

Thanks
Have you verified the MTU values on both side.

Do you able to ping to peer ip by using the source interface without any drops?

can you post all your running config here
MTU is same both sides.
Ping is also stable

I am attaching the config and diagram I've simulated on packet tracer but i was facing on gns3 as well
configuration.txt
diagram.jpg
After shut/no shut VLAN 100 on Core1 it not flapping anymore
Nice to know that the design is working

If you need further info, you can post your query here
Hi,
Something strange

I doing tracert from PC0 to PC1 ( please refer the last posted packet tracer diagram)

Sometimes it takes the path 10.1.100.3 and sometimes 10.1.100.4 ? Is it load balancing or asymmetric routing

Thanks
@samir381988

If you haven't modified the EIGRP parameters(like Bandwidth,delay) then , yeah its EIGRP WAN Link load balancing..

If you don't want to do EIGRP load balancing, then increase BW and reduce the delay on one link and that will make primary backup wan link concepts

Thanks
Hi,
Do I have change the BW and DLY on SVI or the physical interface links ?
You need to change the BW on the L3 interface , here you need to change on the SVI not on the physical interface

Thanks
Hi
I went to SVI interface on DSW2 and changed the delay value to 100 but it didn't influence anything still it shows two path on Core 1 routing table
@samir381988, can you pass me the below command output captured on all devices

#sh ip ei nei
#shi p ei topology
#sh ip route eigrp

#sh ip int br | ex una
#sh run int vlan<EIGRP enabled interfac>

Thanks
Please see the attached
output.txt
@samir381988,

Have you changed the bandwidth statement on the Primary path on both switches SVI. I dont see that value on the vlan config

#conf t
int vlan 100
bandwidth 100000
delay 100

Apply this command on both core sw1 and dist sw1, then see the difference

Thanks
Sir
still no difference it still shows equal FD on Core 1
Strange,

Anyway, do the below steps on the Core2 switch and DSW2 switch

conf t
int vlan 100
bandwidth 1000
delay 10000
end

#clear ip eigrp

Lets try
The metric valu changed on Core 2 but still shows two paths with same equal metric

Really its strange
The metric valu changed on Core 2 but still shows two paths with same equal metric

Really its strange
Usually , In real time environment we change eigrp metrics only on the L3 interface

As you are trying in simulation,may be we can try to add/modify the bandwidth and delay statement on the physical interface and clear EIGRP.

Lets see
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok Sir I will leave the metric and do ECLB

I disconnected the physical link between Core 1 and DSW1 and did tracert from the host behind Core 1 the traffice flows this way

10.1.2.254 Core 1 SVI
10.1.100.3 DSW1 SVI
10.1.20.10 Destination Host

So is it good traffic flow?

as a layer it works this works this way

Core 1 > Core 2 > DSW2 > DSW1
Dears,any further advice.

Thanks
Also still I having issue EIGRP flapping loosing neighbour
Can you show us the logs and the routing table from each router?
Following are the logs from DSW1. Currently DSW1 loose the relationship with Core1,2 and DSW2. But somtime similar case happens when Core 1 loose the relationship with DSW1 and DSW2 but keep up with Core2.
 

*Mar  3 01:37:20.087: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.2 (Vlan100) is down: retry limit exceeded
*Mar  3 01:37:24.491: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.2 (Vlan100) is up: new adjacency
*Mar  3 01:37:33.555: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.4 (Vlan100) is down: Peer goodbye received
*Mar  3 01:37:33.619: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.4 (Vlan100) is up: new adjacency
*Mar  3 01:38:03.315: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.1 (Vlan100) is down: retry limit exceeded
*Mar  3 01:38:06.579: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.1 (Vlan100) is up: new adjacency
*Mar  3 01:38:44.003: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.2 (Vlan100) is down: retry limit exceeded
*Mar  3 01:38:47.935: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.2 (Vlan100) is up: new adjacency
*Mar  3 01:38:53.099: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.4 (Vlan100) is down: Peer goodbye received
*Mar  3 01:38:57.223: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.1.100.4 (Vlan100) is up: new adjacency

Open in new window


User generated image
The IP are as follows for Transit VLAN 100

Core 1 10.1.100.1
Core 2 10.1.100.2
DSW1  10.1.100.3
DSW2  10.1.100.4
You need two separate transit VLANs - one for each link.
Sir,
Any specific reason for doing that.
Shall I group them this way?

Core 1 and Core 2 VLAN 100
DSW1 and DSW2 VLAN 101
Core 1 and DSW1 VLAN 102
Core 2 and DSW2 VLAN 103
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Shall I group them this way?

Core 1 and Core 2 VLAN 100
DSW1 and DSW2 VLAN 101
Core 1 and DSW1 VLAN 102
Core 2 and DSW2 VLAN 103
Shall I group them this way?

Core 1 and Core 2 VLAN 100
DSW1 and DSW2 VLAN 101
Core 1 and DSW1 VLAN 102
Core 2 and DSW2 VLAN 103
Yes, that looks ok to me.
Thanks.
I trace the path from Host A Behind Core 1 and Core 2 to Host B behind DSW1 & 2
From Host A it takes the path Core1 > DSW1 > DSW2 > Host B

Sir, there is some in the routing please can you check the below

Host A #traceroute 10.1.20.10
Type escape sequence to abort.
Tracing the route to 10.1.20.10
  1 10.1.2.254 56 msec 84 msec 64 msec
  2 10.1.100.3 92 msec 124 msec 104 msec
  3 10.1.20.253 120 msec
    10.1.20.10 132 msec 120 msec

IP Information:
10.1.2.254 > VLAN 2  HSRP Active IP on Core1
10.1.100.3 > DSW1 SVI  EIGRP Route in the Core 1 Routing Table
10.1.20.253 > VLAN 20 HSRP Standby IP   .----------------> Why this is going to standby, it should be active HSRP router i.e 10.1.20.254
10.1.20.10 > Host B

PC_VLAN20#traceroute 10.1.2.10
Type escape sequence to abort.
Tracing the route to 10.1.2.10
  1 10.1.20.254 92 msec 96 msec 60 msec
  2 10.1.100.1 92 msec 108 msec 92 msec
  3 10.1.2.253 96 msec
    10.1.2.10 152 msec 128 msec

IP Information

10.1.20.254  > VLAN 20 HSRP Active ------ The return traffic is going thru Active, the request came from Standby
10.1.100.1 > Core 1 SVI IP EIGRP Route DSW1 Routing Table
10.1.2.253 > VLAN 2 HSRP Standby -------- The return traffic is going through Standby, the request from came through Activ
10.1.2.10 > VLAN 2 Host

Open in new window

When traffic is routed, it doesn't necessarily go 'out' of the active HSRP gateway on its way to the client.  The router is only 'active' when a client is sending traffic to the HSRP IP address, so when traffic is coming 'in' to the interface.  As well as that, you won't see the HSRP address in the traceroute - you'll see the router ID of the router that routed the packet.

Is Host B's subnet available on DSW2?  If it is you should get an unreachable or request timed out instead of the packet being routed over to another router.
Sir
So The Active HSRP router should route the packet in and out in my case in and out is different.
Otherwise everytime the HSRP standby router has to do the ARP requests
Yes the VLAN exists on DSW1 and DSW2 and HSRP is also configured.
Sir
So The Active HSRP router should route the packet in and out in my case in and out is different.
Otherwise everytime the HSRP standby router has to do the ARP requests
Yes the VLAN exists on DSW1 and DSW2 and HSRP is also configured.
The active HSRP router only accepts the incoming packet.  When it receives a packet for forwarding it just sends the packet out of whichever interface it decides based on its ARP table.  Outgoing packets are never tied to HSRP.
Sir
Apologies but still I didn't get it.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Sir for the great explanation

Host A #traceroute 10.1.20.10
Type escape sequence to abort.
Tracing the route to 10.1.20.10
  1 10.1.2.254 56 msec 84 msec 64 msec
  2 10.1.100.3 92 msec 124 msec 104 msec
  3 10.1.20.253 120 msec
    10.1.20.10 132 msec 120 msec

Clients A  ( 10.1.2.10 ) send packet to Client B 10.1.20.10

- The packet enters to Core 1 ( HSRP Active Router for Client A )
- Core queries the routing table and route the packet to next hop i.e 10.1.100.3 ( DSW1)
- DSW1 routes the packet to Client B HSRP Standby Router ( 10.1.20.253) .....I'm confused here why the packet went to 10.1.20.253, it should go directly from 10.1.20.254.

Thank
You're right.  Can you show the routing table and  IP interfaces from each DSW please, Samir?
Please see the attached.Thanks
output.txt
Any advise on the output Sir
So you have L2 between DSWs...

On the access switch I'm assuming you have a trunk interface to each DSW?  If so, which VLAN is being blocked on each link?

I'm guessing that the traffic coming into DSW1 is being passed to DSW2 (or vice-versa) because a link is blocked on the wrong switch.
Sir! Yes you are right....link was blocked on the wrong switch :) :)  STP was misconfigured and now corrected.

Regarding EIGRP flapping, still I did not make any change i,e. to have separate transit VLAN for each link, EIGRP is working fine the neighbors are up for now two days.

I am not sure shall I keep the same setup or transit VLAN for each link in production network.

Thanks
That's good news.  Have you configured DSW1 to be the STP root for all VLANs?  If not, you should do it.  Configure DSW1 as the primary root and DSW2 as the secondary.  That should encourage the link from the access switch to DSW2 to become blocked.

I suppose though there's one question which hasn't been asked yet...

What model are the core and distribution switches?
In the production network the Cores are 6509 Switches and Distribution are 2 x 3750 Stack switches,
Have you thought about VSS at the core?  Also, are the two 3750 stacks in separate rooms?
No Sir...we have Core in separate room with only HSRP.
3750s are in the same room.
You can still do VSS between 6500s if they're in different rooms.  You just need connectivity between them.

I would consider doing VSS and stacking the DSWs - it'd make routing so much easier and allow for greater redundancy, as well as ensure you have a loop-free topology.  It would also mean you don't have to use HSRP (or any other FHRP).  That's a good thing!
Yes Sir VSS is in our plan. DSWs are already stacked.

Thanks
I mean stack all 4 DSWs if they're in the same room.
Sir,
we have only 2 DSW.

Regarding EIGRP flapping, still I did not make any change i,e. to have separate transit VLAN for each link, EIGRP is working fine the neighbors are up for now two days. May be STP was causing the EIGRP to go up/down.

I am not sure shall I keep the same setup or transit VLAN for each link in production network.
Sorry, Samir, did I misunderstand?  You have 2 DSWs... I get that bit... But are they 2x 2-switch stacks (totalling 4 physical switches), or do you only have 2x 3750s?
Sir I have 2x 3750s
OK so they're not stacked?
They are stacked.
Sir,

I think I'll go with transit VLAN for each link...but I've very confused with its deployment I am attaching the current design that is being simulated on Packet Tracer. If you can help me with it.

With transit  VLANs I'll have multiple neigbour relationship between Core 1 and 2 and DSWs

User generated image
So if they're stacked you don't need half of what you're looking to do with your design.  I don't understand how you've got HSRP running either.  Did you stack at the front or the back?
No. I am just doing the setup on Simulator to practice the topology. On production will different with stack No HSRP!
So just use one DSW in the sim... It'll be easier to get your config sorted too.
I put the scenario of two DSWs just to strengthen  my knowledge for EIGRP on Layer 2 Links :) I will appreciate if we can succeed together to have EIGRP running between Cores and DSWs on Layer 2 links

Thanks
Ok that's fair enough, but just remember that what you're labbing now won't be what you'll need when the time comes to implement for real :-)

So are you happy so far that you can get EIGRP working and stable between the cores and DSWs?  If you are, I'd say you've got it mastered!  When you go into production you won't be able to do HSRP once you stack the DSWs, so it's going to mean more labbing.
Sir
Still I've got issues with EIGRP flapping I didn't implement yet the transit VLAN for each link.
The current still working with one VLAN and neighbor relationship between Cores and DSWs but the EIGRP randomly and sometime working fine.

I am confused with transit vlan for each link
This is what I am planning to do

Create transit VLANs  and SVI as follow

VLAN 100 Core 1 and Core 2
VLAN 101 Core 1 and DSW1
VLAN 102 Core 2 and DSW2
VLAN 103 DSW1 and DSW2
Ok let's simplify a little.

You don't really need VLAN 100 or VLAN 103 if you want HSRP and routing.  You should just use L2 trunk between Core1 and Core2, and DSW1 and DSW2.

Between Core1 and DSW1 configure a L3 link.  Do the same between Core2 and DSW2.  Configure EIGRP and see if it stays stable.

Configure the STP primary and secondary at the DSWs and configure HSRP on the client VLANs then test redundancy by breaking links.  If it works how you want it you can leave it like that.
Thanks Sir
Thats very simple and easy.

But If I configure the L3 links between Cores and DSWs I wont be able to span vlans from Cores to DSWs.

I am also going to have Wireless Bridging as a backup if any one damages the fiber cables on the street

What best solution I should apply it here.

Thanks
Good observation :-)

However, I just want to make sure that routing works for clients first.  If you're happy that it works let's do it with transit VLANs.

Just create VLANs 101 and 102.  Trunk between all devices but only route on VLANs 101 and 102.  You don't need to route between DSW1 and DSW2 as everything at DSW1 should also be at DSW2.

See how that goes.
OK Finally This what I did :)

Configured the Fiber link between Core 1 and DSW1 and Core 2 and DSW2 as P2P Layer 3 link. No Transit VLANs :). Its absolutely working fine no issues with routing.

Now we are going to add Wireless Bridge as backup to take over as the main link if the fiber goes down and  also spans vlan Cores to DSWs

I am just thinking how I can the make Cores and DSWs to become EIGRP neighbours and use as Feasible Successor.

I just need to solve this last query, hope this will last concern.
Final design should be similar to User generated imagethis
Just create a new transit VLAN for each wireless link and trunk the VLANs you need.  STP will block the VLANs over the wireless links until the wired link fails.
Sir,
So I will do the following.
- Create a transit for VLAN e.g 99 on Cores and DSWs.
- Trunk the wireless link between two sites.
- Create the SVIs on both Cores and both DSWs
- Establish EIGRP relationship between them.
- Using this setup will allows within a site to be EIGRP neighbors like Core1 will be neighbor to Core2,DSW1 and DSW2

Is this Correct Sir ?

Thanks
If you create one transit VLAN and put all 4 wireless bridges into that VLAN you'll need to use STP to block one of the links (providing the wireless bridges will pass BPDUs).  If they won't you'll need to use two separate transit VLANs.

You may be able to create an Etherchannel between the two links, but that's unlikely if the bridges won't pass BPDUs.