Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
0
Helpful
1
Replies

EIGRP and Balancing Traffic from 2 ISRs to ASA 5525

CiscoMedMed
Level 1
Level 1

‎02-26-2020 08:38 PM - edited ‎02-26-2020 08:51 PM

I have two 3945 ISRs which are hubs in a DMVPN network. They learn the routes of dozens of sites connected over the DMVPN. A redistribution is used take the routes from the AS 201 of the DMVPN to the AS (10) of the HUB to ASA connection.

 

HUB1 redistributes with the line:

 

redistribute eigrp 201 metric 100000 90 255 1 1500 route-map EIGRP201-TO-EIGRP10

 

HUB 2 redistributes with the line 

 

redistribute eigrp 201 metric 100000 100 255 1 1500 route-map EIGRP201-TO-EIGRP10

 

Because the DELAY value is set higher on HUB 2, the routes learned from HUB 1 are always what the ASA is choosing. 

 

Now HUB 1 is over subscribed for outbound traffic to the spoke sites. So I was hoping to try and have the traffic take either path and balance the traffic in the outbound directions. To test this I gave HUB 2 the same redistribute eigrp 201 line as HUB 1. However the ASA was having none of looking at the route table in the monitoring section of the ASDM I only could see routes to HUB1. I ran a bunch of traceroutes to make sure it wasn't just some GUI weirdness. But no I just could not get the ASA to accept the two paths as equal and load balance against them. 

 

Is there something essential I'm missing here? Should I be able to load balance in this way? Both of the hubs are directly connected (or via one switch) to the ASA. Any thoughts are appreciated. 

0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 12:14 AM

Hi,

 

    I understand you want some kind of load-balancing, but in order to not run into issues with possible asymmetric traffic flows, provide the following information:

      - in each remote site, do you have one router, two routers for redundancy, or it's a mix, depending on the site

      - transport wise, do you have a single ISP and a single DMVPN cloud (one tunnel interface on spokes and hubs), or you have multiple DMVON clouds?

      - traffic destined for the remote spokes needs to travel through the ASA first and afterwards through the hub, always? What i'm asking is, upstream from your hub routers, do you have other connections to core network , or DC, or the only upstream link from the hubs is the ASA? If you have other upstream devices/links, what is your routing protocol in that direction, and do you have one or multiple such uplinks?

      - is the ASA connected to the hubs via a single VLAN, like the ASA and hubs are sharing a common subnet, or do you have the ASA attached to each hub via a different layer 3 segment?

 

If you could upload a topology with DMVPN and upstream connections of the hubs, and routing domains, that would be great

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents