Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
5
Helpful
6
Replies

ASA not loading BGP route over EIGRP Route

Go to solution
ghdowns
Level 1
Level 1

‎02-20-2019 06:40 AM

Hi!

I am having a strange problem, or at least something that I am missing.

 

I have a setup of a remote site that has two ASA's with VTI's running eBGP across them.  Each VTI is connected to a primary pair and a secondary pair of ASA's at the DC.  We've configured that the primary VPN is preferred over the secondary easily with EIGRP and metric redistribution from eBGP into EIGRP.

When a site has a failure on the primary ASA, the failover occurs properly to where the routes seen on the secondary ASA are available and traffic flows perfectly.

 

However, when the primary ASA at the remote site comes back online (service restored yay!), the Primay ASA at the DC will not load the eBGP route into the routing table, and prefers the EIGRP route (Distance of 170 for the EIGRP route over 20 for the BGP route).  It shows in BGP that the route exists.  However, because it will not load that route, it will not advertise the route and we end up in a wicked loop of traffic from the DC traverses the seconday ASA and the remote site responds across the Primary ASA leading to a loop.

 

If I shut the VTI on the secondary ASA at the remote site, normalcy returns.  I can then bring the VTI back online and routes remain stable as they should.  The Primary ASA at the DC recognizes and has the eBGP route loaded.

 

Any help would be greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ghdowns

‎02-20-2019 06:57 AM

 

I am not fully understanding your setup but if you are redistributing EIGRP into BGP then you need to check the weight of the routes, see this link for details  (it is with OSPF but same principles apply ) - 

 

https://community.cisco.com/t5/switching/bgp-ospf-redistribution-bgp-route-not-preferred/td-p/2486609

 

not saying that is the issue but worth checking. 

 

Jon

View solution in original post

6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-20-2019 06:47 AM

 

Are you redistributing EIGRP into BGP ?

 

Jon

0 Helpful

Go to solution
ghdowns
Level 1
Level 1
In response to Jon Marshall

‎02-20-2019 06:51 AM

Yes.  I have two separate instances of EIGRP running with EIGRP redistributing back into each other to further complicate things.

 

However, i'm running separate BGP ASN's for everything.  The EIGRP process on the primary asa at the DC is 1000 and has normal (meaning GOOD) metrics assigned to it.  The EIGRP process on the secondary ASA (EIGRP 1001) is with very bad metrics to make sure paths are preferred.  BGP on both primary and secondary are redistributed into each EIGRP process accordingly.

 

I also am using tags to control EIGRP redistribution.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ghdowns

‎02-20-2019 06:57 AM

 

I am not fully understanding your setup but if you are redistributing EIGRP into BGP then you need to check the weight of the routes, see this link for details  (it is with OSPF but same principles apply ) - 

 

https://community.cisco.com/t5/switching/bgp-ospf-redistribution-bgp-route-not-preferred/td-p/2486609

 

not saying that is the issue but worth checking. 

 

Jon

Go to solution
ghdowns
Level 1
Level 1
In response to Jon Marshall

‎02-20-2019 07:06 AM

That is excellent Jon!

I've not done this before, so how do you modify the weights of the ebgp routes in this scenario?

I'm an ASA guy, not a routing guy and further, BGP on ASA does not have all the functionality.

 

I'm assuming by modifying bgp default local-preference within the BGP process on the primary ASA.

If you know, awesome, if not, no biggie.  You got me where i need to be going for sure sir!!

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ghdowns

‎02-20-2019 07:13 AM

 

That link I posted has an example further down. 

 

BGP local preference would not work here because it is the EIGRP route being used in the routing table. 

 

Have a look at that link and if you need more help by all means come back. 

 

Jon

0 Helpful

Go to solution
ghdowns
Level 1
Level 1
In response to Jon Marshall

‎02-20-2019 07:18 AM

Thank you sir.  I just set the weight on the inbound from the neighbors.  Only 50 or so neighbors =P but that all makes perfectly good sense.

 

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents