EIGRP and Balancing Traffic from 2 ISRs to ASA 5525
I have two 3945 ISRs which are hubs in a DMVPN network. They learn the routes of dozens of sites connected over the DMVPN. A redistribution is used take the routes from the AS 201 of the DMVPN to the AS (10) of the HUB to ASA connection.
Because the DELAY value is set higher on HUB 2, the routes learned from HUB 1 are always what the ASA is choosing.
Now HUB 1 is over subscribed for outbound traffic to the spoke sites. So I was hoping to try and have the traffic take either path and balance the traffic in the outbound directions. To test this I gave HUB 2 the same redistribute eigrp 201 line as HUB 1. However the ASA was having none of looking at the route table in the monitoring section of the ASDM I only could see routes to HUB1. I ran a bunch of traceroutes to make sure it wasn't just some GUI weirdness. But no I just could not get the ASA to accept the two paths as equal and load balance against them.
Is there something essential I'm missing here? Should I be able to load balance in this way? Both of the hubs are directly connected (or via one switch) to the ASA. Any thoughts are appreciated.
Re: EIGRP and Balancing Traffic from 2 ISRs to ASA 5525
I understand you want some kind of load-balancing, but in order to not run into issues with possible asymmetric traffic flows, provide the following information:
- in each remote site, do you have one router, two routers for redundancy, or it's a mix, depending on the site
- transport wise, do you have a single ISP and a single DMVPN cloud (one tunnel interface on spokes and hubs), or you have multiple DMVON clouds?
- traffic destined for the remote spokes needs to travel through the ASA first and afterwards through the hub, always? What i'm asking is, upstream from your hub routers, do you have other connections to core network , or DC, or the only upstream link from the hubs is the ASA? If you have other upstream devices/links, what is your routing protocol in that direction, and do you have one or multiple such uplinks?
- is the ASA connected to the hubs via a single VLAN, like the ASA and hubs are sharing a common subnet, or do you have the ASA attached to each hub via a different layer 3 segment?
If you could upload a topology with DMVPN and upstream connections of the hubs, and routing domains, that would be great
the scenario is :I'm replacing core Cisco switch 4506-E with switch 4507R-E. As I have one supervisor card on 4506-E and I'm going to take out all the card that I have in 4506-E and install it in the new 4507R-E. On the 4507R-E I have 2 slots for the supe...
Since its release in August of 2019, the SASE report released by Gartner has generated a lot of chatter regarding what SASE is all about. People are wondering whether it will be disruptive to the current network and network security designs and are curiou...
I tried to setup a virtual environment with 2960 switches and 2911 Router. In one part of the network where I connected PCs directly to the 2911 Router, I was able to communicate to the attached devices, having configured static route. In the th...
Network Insider Live Webinar
Tuesday, June 23, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00)
Learn how Software-Defined Access and new innovations in Cisco DNA Center provide a better way to control your network. We will explore new enhancements, ...
This event had place on Thursday 30, April 2020 at 10hrs PDT
Victor Moreno is a Distinguished Engineer at Cisco Systems responsible for the definition of next generation network architectures. Victor has over 20 years of i...