Rizwan,

I facing strange issues i have configured eigrp on  branch and HO router,,  from branch router i advertise my LAN and from HO i m advertising his internal LAN, Both EIGRP Neighbors are up but when i do sh ip route eigrp on HO router there are no routes for eigrp, And on branch i m receiving the  routes of HO LAN.

• when i do sh ip route on HO it shows me static route in the table for the branch router with a next hop of public IP which it learned automatically when a easy vpn client tried to create a tunnel with server,on ADSL connection this is the reason EIGRP routes are not included in the route table, How the static routes from HO router will be disappear when the branch ADSL fails.?????
  
• I more strange issue i m facing is when i specifically put static route pointing to async interface on HO still i m not able to ping the branch LAN,,,the branch router has a eigrp route to HO router for HO LAN.
  

Thanks

Hi Jack,

On your branch router and HO router have you disabled auto-summary?  as (no auto-summary) If you have not, please do so.

If you have put branch router on stub-zone, please make you have "eigrp stub connected" is being advertised.

If that did not help, please post your config from both ends, as an attachedment.

thanks

Rizwan Rafeek.

Rizwan,

Thanks for being kind and for ur replies,

• I found the problem ,it is with RRI, But i dont know why the route is not deleted when a SA is been deleted, It is taking too long time approximately 4 hrs to delete the static route from the routing table. Is it safe to execute command set reverse-route distance or from your exp any other hint.
  

• On your branch router and HO router have you disabled auto-summary? as (no auto-summary) If you have not, please do so
  

YES

• If you have put branch router on stub-zone, please make you have "eigrp stub connected" is being advertised
  

YES

I have 1 question on Eigrp routing protocol,the neighbor relation will be always up and the async interface will be always up though we have made the branch router stub, if i m not wrong the stub router advertises the connected route only and any other router does"nt queries the stub router for any active route but the neighbor hello will keep the link active.

Thanks

"any other router does"nt queries the stub router for any active route but the neighbor hello will keep the link active."

Yes, your understanding is correct but remember you have to copy IP-SLA on the branch-router, which is one of the reason why you will be better off using plain text GRE tunnel, due to a reason, GRE needs tunnel source and destination, so this tunnel source and destination can be manipulated by IP-SLA default-route failover which will solve your problem the neighbor hello will keep the link active.

When GRE tunnel's source and destination address cannot be reache via active connection, your GRE tunnel will stay down which result keeping "async interface" in idle state and when IP-SLA fails over to "async interface" then GRE tunnel's destination address will be reachable as dialout kick in.

Hope that make sense.

thanks

Rizwan Rafeek.

Hello Rizwan

thanks for replies which are helping me to get success.

I will eloborate more and also i have many doubt hope my thinknig may not be correct but i need an expert push for my success.

Step by Step i will elaborate packet flow by many options.

OPTION 1 (QUESTION 1)

• packets are flowing through ADSL
• ADSL links goes down and the backup async interface on GRE comes up due to ip sla tracking.
• Interesting traffic defined on async interface will initiate a tunnel.

     access-list 101 permit ip any any
      dialer-list 1 protocol ip list 101

• Eigrp neighbor relationship comes up and exchange of routes are done and packets continuous to flow.
• Now the packets are flowing through EIGRP routes and not through the backup default route on the tunnel interface
• ADSL links comes up and the primary default route comes back in the routing table.
• Now the packets will continue to flow through the async interface through EIGRP routes they will not failover to default route becz of more specific route in the routing table and always the dialer backup interface will be active.

OPTION 2  (QUESTION 2)

If u have a look on the below link:
http://www.cisco.com/en/US/tech/tk801/tk379/technologies_configuration_example09186a0080094143.shtml
In the configuration example above they have disable OSPF to initiate a dialer backup connection in the dialer-list command then how the routes 
are exchange when the dialer interface comes up ????
The same applies to us EIGRP hellos will initiate a connection without a back default route shifting to async interface because when we start 
EIGRP process on the async interface it will start to find the neighbor through that interface and it will initiate a dialer and suppose if i 
disable eigrp in the dialer list how the routes will be exchanged when it shifts to the async interface. 
Question 3:
 
 Any hints for the previous mail question regarding RRI, why the automatic static route are not deleted when the security
 SA are terminated from the remote branch.

Hi Jack,

"In the configuration example above they have disable OSPF to initiate a dialer backup connection in the dialer-list command then how the routes are exchange when the dialer interface comes up ????"

Yes, that is being taking cared by routing protocol, does exchange the routes.

"EIGRP process on the async interface it will start to find the neighbor through that interface and it will initiate a dialer and suppose if i disable eigrp in the dialer list how the routes will be exchanged when it shifts to the async interface."

If you create EIGRP peering over async-interface's IP address you will run into this issue, however if you create EIGRP peering with GRE tunnel interface's ip address, then routes will be exchange only when GRE tunnel interface's destination address is reachable.  Therefore your IP-SLA pushes default-route traffic to speific direction based on return echo-reply traffic.  As far as branch router is concern it will exchange routes via async interface when default-route IP-SLA fails upon itself.

"they will not failover to default route becz of more specific route in the routing table and always the dialer backup interface will be active."

not quite, it should and it must failback to default-route (primary) because your secondary-default-route has higher cost (lets say 250), beside as soon as your primary ADSL comes uponline, the IP-SLA will remove higher cost default-route from the routing table which will result in GRE tunnel to go down.

"Any hints for the previous mail question regarding RRI, why the automatic static route are not deleted when the security SA are terminated from the remote branch."

If a route learned dynamicly and then those routes will be deleted when they are no longer reachable from routing-table, but when it comes to static-route the only want to remove static-route from routing-table is by IP-SLA.

"specific route in the routing table and always the dialer backup interface" 

You can increase the GRE tunnel interface "delay to 250" that will be taken care, that particular issue.

Hope that answers your question.

thanks

Message was edited by: Rizwan Mohamed

Rizwan,

not quite, it should and it must failback to default-route (primary)  because your secondary-default-route has higher cost (lets say 250),  beside as soon as your primary ADSL comes uponline, the IP-SLA will  remove higher cost default-route from the routing table which will  result in GRE tunnel to go down

All traffic hitting to router has no route except secondary default route to tunnel interface becz EIGRP has not been converged, once EIGRP is converged router will choose the eigrp route and not the default route becz the longest match is found in the routing table,when the ADSL comes online the IP-SLA will  remove higher cost default-route from the routing table which will not affect the routing becz the router was not using secondary default route it was using eigrp route and the async interface will be always active.

If a route learned dynamicly and then those routes will be deleted when  they are no longer reachable from routing-table, but when it comes to  static-route the only want to remove static-route from routing-table is  by IP-SLA.

The above paragraph is related to easy vpn and not related to GRE.Many branches are connected through easy vpn client when i execute sh ip route on HUB router it shows me remote braches local subnet with a next hop of remote branch ADSL public ip (this is becz reverse route injection RRI), But when i shut the ADSL interface on branch router the route from the HUB router for the branch is not  removed it still exist this is the reason eigrp routes of branches  were not installed in the routing table of HO router becz  router was choosing the ADSL public IP to forward the trafic with a AD of 1 and all traffic was dropped.

Thanks

Dear Rizwan,

The doubts which were raised before all came true. Attached is the sh run for the branch router.

• Eigrp hello are keeping the Async link UP always though the default route switches over to the primary link ADSL
• Eigrp routes are not removed once the default route is switched over to the primary
• I have applied the highest delays on the tunnel interface but no effects .
• Also the tunnel keepalive initiates the tunnel and keep them up

Thanks

Hi Jack,

Please explain the below, I am not sure, why this source and destination address are on the same network, how and why ?

what is interface on the branch router is being the source?  if it is one of your internal network on the branch router then, likewise GRE tunnel destination address must be local segment from HO router.

interface Tunnel0

ip address 10.17.1.2 255.255.255.0

delay 16000000

tunnel source 172.16.1.2

tunnel destination 172.16.1.1

FYI...

It is best pratice to keep tunnel interface at mask /30.

thanks

Please update.

Rizwan,

What IP address will be on async interface and which networks i shld advertised in EIGRP.????

Thanks

"What IP address will be on async interface and which networks i shld advertised in EIGRP.????"

You can keep existings IP on the async-interface, maybe just change mask to /30 since it is back-to-back connection, please adverties loopback0 and connected from both side, HO and branch.

thanks

rizwan,

and connected from both side, HO and branch.

means the async interface and internal LAN??? i hope u mean this, As soon as i include async interface in eigrp  the backup link initiates becz of hello as i can see from debug eigrp packets and  though the default route is present in the routing table still the backup is initiated,

Thanks