EIGRP metrics on ASA

Leonardo Gama · ‎08-05-2011

Hi.

I have two 2911 routers running 15.0(1)M4 in a redundant topology connected to an ASA 5520 firewall running 8.4 version. All gears are running EIGRP.

In order to distribute the incoming traffic between the two 2911 routers, I am using 'offset-list out' on them, but in the ASA's routing table I see updates from both 2911 with the same metric, i.e. the offset-list is not working.

What are the default metric weights on ASA? How can I change them?

I couldn't find any known bug.

I will appreciate any insight.

Cheers.

andrew.prince · ‎08-06-2011

Why are you using an off-set list?

The metrics that EIGRP uses are the five K values.

By default EIGRP uses Bandwdith and Delay.

Leonardo Gama · ‎08-06-2011

In order to distribute the incoming traffic between the two 2911 routers.

How can I change the K values on ASA?

varrao · ‎08-06-2011

Have a look at this:

https://supportforums.cisco.com/thread/152135

Thanks,

Varun

Thanks,
Varun Rao

Leonardo Gama · ‎08-08-2011

How can I change the K values on ASA?

Jon Marshall · ‎08-07-2011

Offset-lists should work with EIGRP so they are a valid way to influence routing preference.

What i'm not clear on is you say you are trying to distribute traffic between the routers. Generally offset-lists, bandwidth/delay are used to prefer one set of routes over another.

So what connections do the 2921 routers have to the ASA and when you say disribute do you mean load share between the routers ? If you do mean load share as long as the speed of the links connecting to the ASA from the 2921 are the same in terms of bandwidth then the ASA should load share by default.

Note the ASA will use multiple routes to the same destination as long as they are out of the same interface.

Jon

Leonardo Gama · ‎08-08-2011

How can I change the K values on ASA?

andrew.prince · ‎08-08-2011

On your current topology, you do not need to touch the K values on the ASA, or the routers. If you must (but it will not make any difference) use your preferred sear4ch engine and search for (cisco asa eigrp configuration)

Leonardo Gama · ‎08-10-2011

Unfortunately there is no mention in the ASA's configuration guide about K values.

andrew.prince · ‎08-10-2011

Actually 2 things are wrong with that statement - if you search for "cisco asa eigrp configuration" you should see a link to a document named "Cisco ASA 5500 Series Adaptive Security AppliancesPIX/ASA 8.X: Configuring EIGRP on the Cisco Adaptive Security Appliance (ASA)" that is the first thing.

The second thing is on that page there is a screen shot with the text above it:-

"In this example, the EIGRP Router ID is statically configured with the IP address of the inside interface (10.10.10.1). Additionally, Auto-Summary is also disabled. All other options are configured with their default values.In this example, the EIGRP Router ID is statically configured with the IP address of the inside interface (10.10.10.1). Additionally, Auto-Summary is also disabled. All other options are configured with their default values."

The screen shot shows the the K values - which is the point. The fact that you do not know what the K Values are, - indicates you should not change them, as you do not understand them or even recognise them. So before you change anything I suggest you read the below

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml

Leonardo Gama · ‎08-10-2011

I already saw this page.

Actually I think you have misunderstood what I need.

The screenshot doesn't show the K values, but the default metrics.

K values are integers between 0 and 255.They are not bandwidth, reliability, load and MTU metrics.

As we both know, K1 and K3 are set to 1, by default. Other values are 0, i.e., they don't account for the composite metric.

I hope this clear things up.

Jon Marshall · ‎08-10-2011

K values are integers between 0 and 255.They are not bandwidth, reliability, load and MTU metrics.

But that's exactly what they are ie. each K value ( 0 - 255) represents one of bandwidth/delay/load etc.

The main problem is you still haven't told us what you want to do. You have 2 routers sending routes to the ASA (on the outside interface or inside ?). The ASA is seeing 2 routes to each destination subnet via both routers.

You are trying to distribute the traffic between the routers. But how do you want this to happen ie. with a percentage of traffic going to one router and the rest to the other ? Because currently, as long as bith routes are out of the same interface on the ASA, traffic will be shared between the routers.

So rather than have a fairly pointless argument about K values which may or may not be a solution to your problem it would be better if you state exactly what you are trying to achieve.

Jon

Leonardo Gama · ‎08-10-2011

Let me elaborate on what I want to achieve.

I have two routers sending routes to the outside interface of the ASA.

I want to use offset-list on the routers so some routes are prefered thru router 1 and some routes are prefered thru router 2.

Offset-list is supposed to increase the delay metric of the selected routes, so the K3 should be set to 1 on ASA.

Jon Marshall · ‎08-10-2011

Can you post config of ASA and router eigrp config ?

Edit - also a "sh route" and "sh ip eigrp topology all-links" from the ASA.

Can you also identify a route on the ASA that is via the routers.

Jon

Leonardo Gama · ‎08-10-2011

Unfortunately I will only have access to the gears next week, but I have the router's config:

router eigrp 200

network x.x.x.x x.x.x.x

offset-list 20 out 400 GigabitEthernet0/0

!

access-list 20 permit 192.168.100.0

access-list 20 permit 192.168.101.0

I am inclined to run eigrp debugs to see what is happening, when I have the opportunity.

Thanks.