Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
4
Replies

cant get router to use fiber wan over DSL wan connection

Amills
Level 1
Level 1

‎04-15-2022 07:18 AM - edited ‎04-15-2022 07:20 AM

So I got an odd one, I have two wan connections, one Fiber 50Mbps and the other DSL 7Mbps. EIGRP in the show ip route shows that it is learning all its routes from tunnel 11 including the default route, Tunnel 11 is the Fiber wan connection. 

 

The routers learn the default route out from the DMVPN hub and traffic then goes through the data center firewall before going to the internet. 

 

Even though the show ip route shows it is going to go out tunnel 11, speed tests show that the download is coming in from the DSL link and the upload is going out the Fiber link.

 

Router-namechanged#sh ip route
...

Gateway of last resort is x.x.x.x to network 0.0.0.0

D*EX 0.0.0.0/0 [170/26624000] via x.x.x.x, 1w1d, Tunnel11

 

The gateway of last resort IP is the DMVPN hub tunnel 11 IP.  Which is what I want, that is the fiber link.

When I do a speed test with both wan links up, I get 5Mpbs down and 41Mbps up, when I do a shutdown of the dialer and g0/0/1 I get 41Mbps down and 43Mbps up. 

 

So it would seem that the download traffic comes in the DSL link but uploads out the fiber link. I have more than 1 site that has this issue, a site with DSL and Fiber the download traffic preferring the DSL link even though the Show IP route says it should be going out tunnel 11, the fiber link.

 

Speed test DSL.jpgSpeed test 01.jpg

 

 

Here is my running config:

 

 

version 16.9
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 300000
!
hostname Router-namechanged
!
boot-start-marker
boot system flash isr4300-universalk9.16.09.04.SPA.bin
boot-end-marker
!
!
vrf definition INET
!
address-family ipv4
exit-address-family
!
vrf definition INET2
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
ip name-server vrf INET 8.8.8.8 4.2.2.1
ip name-server vrf INET2 8.8.8.8 4.2.2.1
ip domain name xxxx

!
key chain EIGRP-KEY
key 1
key-string 7 123456789
!
!

!

!

!
!
!
!
!
class-map match-all MARK-VOICE-SIGNALING
description VoIP Control Traffic
match access-group name VOICE-SIGNALING-ACL
class-map match-all VOICE-OUT
description Match Voice Traffic out
match ip dscp ef
class-map match-all VOICE-SIGNALING-OUT
description Match Voice Signaling traffic out
match ip dscp cs5
class-map match-any ROUTING
match dscp cs6
class-map match-any MARK-VOICE
description VoIP Bearer Traffic
match access-group name VOICE-ACL
!
policy-map IWAN-INTERFACE-35MB
description WAN Physical Interface policy
class class-default
shape average 35000000
policy-map IWAN-INTERFACE-5MB
description WAN Physical Interface policy
class class-default
shape average 5000000
policy-map IWAN-INTERFACE-50MB
description 50Mbps Policy for WAN
class class-default
shape average 50000000
policy-map IWAN-OUT
class VOICE-OUT
set dscp tunnel ef
priority percent 35
class VOICE-SIGNALING-OUT
bandwidth remaining percent 5
set dscp tunnel cs5
class ROUTING
bandwidth remaining percent 5
class class-default
bandwidth remaining percent 40
random-detect
set dscp tunnel default
policy-map IWAN-INTERFACE-100MB
description WAN Physical Interface policy
class class-default
shape average 100000000
policy-map IWAN-INTERFACE-7MB
description WAN Physical Interface policy
class class-default
shape average 7000000
policy-map LAN-MARK-IN
class MARK-VOICE
set dscp ef
class MARK-VOICE-SIGNALING
set dscp cs5
class class-default
set dscp default
policy-map RS-GROUP-50MBPS-POLICY
class class-default
shape average 50000000
bandwidth remaining ratio 10
service-policy IWAN-OUT
policy-map RS-GROUP-5MBPS-POLICY
class class-default
shape average 5000000
bandwidth remaining ratio 5
service-policy IWAN-OUT
policy-map RS-GROUP-7MBPS-POLICY
class class-default
shape average 7000000
bandwidth remaining ratio 10
service-policy IWAN-OUT
policy-map RS-GROUP-10MBPS-POLICY
class class-default
shape average 10000000
bandwidth remaining ratio 10
service-policy IWAN-OUT
!
interface Loopback0
ip address x.x.x.x x.x.x.x

!
interface Port-channel8
description UPLINK to
ip address x.x.x.x x.x.x.x
no negotiation auto
!
interface Tunnel11
description DMVPN:
bandwidth 50000
ip address x.x.x.x x.x.x.x
no ip redirects
ip mtu 1400
ip pim dr-priority 0
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxx
ip nhrp network-id 11
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
nhrp group RS-GROUP-50MBPS
no nhrp route-watch
if-state nhrp
tunnel source GigabitEthernet0/1/0
tunnel mode gre multipoint
tunnel key 11
tunnel vrf INET
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE-INET
!
interface Tunnel14
description DMVPN:
bandwidth 7000
ip address x.x.x.x x.x.x.x
no ip redirects
ip mtu 1400
ip pim dr-priority 0
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxx
ip nhrp network-id 14
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
nhrp group RS-GROUP-7MBPS
no nhrp route-watch
if-state nhrp
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 14
tunnel vrf INET2
tunnel protection ipsec profile DMVPN-IPSEC-PROFILE-INET2
!
interface GigabitEthernet0/0/0
description LAN EDGE
no ip address
negotiation auto
channel-group 8 mode active

!
interface GigabitEthernet0/0/1
description DSL
vrf forwarding INET2
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!

!
interface GigabitEthernet0/1/0
description Fiber internet
bandwidth 50000
vrf forwarding INET
ip address x.x.x.x x.x.x.x
negotiation auto
service-policy output IWAN-INTERFACE-50MB
!
interface GigabitEthernet0/1/1
description LAN EDGE
no ip address
negotiation auto
channel-group 8 mode active
!
!
interface Dialer1
bandwidth 7000
vrf forwarding INET2
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname xxx.xxx.com
ppp chap password 7 112233445566
service-policy output IWAN-INTERFACE-7MB
!
!
router eigrp IWAN-EIGRP
!
address-family ipv4 unicast autonomous-system 100
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/0/0
authentication mode md5
authentication key-chain EIGRP-KEY
hello-interval 20
hold-time 60
no passive-interface
exit-af-interface
!
af-interface Tunnel11
authentication mode md5
authentication key-chain EIGRP-KEY
hello-interval 30
hold-time 90
no passive-interface
stub-site wan-interface
exit-af-interface
!
af-interface Port-channel8
authentication mode md5
authentication key-chain EIGRP-KEY
hello-interval 20
hold-time 60
no passive-interface
exit-af-interface
!
af-interface Tunnel14
authentication mode md5
authentication key-chain EIGRP-KEY
hello-interval 30
hold-time 90
no passive-interface
stub-site wan-interface
exit-af-interface
!
topology base
exit-af-topology
network x.x.x.x x.x.x.x

eigrp router-id x.x.x.x x.x.x.x
eigrp stub-site x.x.x.x x.x.x.x
exit-address-family
!
ip forward-protocol nd

ip route vrf INET 0.0.0.0 0.0.0.0 x.x.x.x
ip route vrf INET2 0.0.0.0 0.0.0.0 Dialer1

!
!

!

 

 

 

 

0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎04-15-2022 09:19 AM

But which control do you have over download traffic? 

For upload traffic, all you need is the default route, which in your case goes to fiber. But, if the download is coming through ADSL, you need to look at the Data Center, right?

0 Helpful

Amills
Level 1
Level 1
In response to Flavio Miranda

‎04-18-2022 06:33 AM

What would I look at? I got EIGRP hubs setup at the datacenters. nothing in the config indicates it wants download traffic to go out tunnel 14, the tunnel at the spoke site on DSL. Its supposed to be setup to have everything go though tunnel 11. What EIGRP config would be missing? How can I tell what is used for up vs download traffic? I have never seen any documentation saying it traffic would be asymmetrical, in fact, everything I read claims EIGRP should figure out what is the best link based on the metrics but that doesn't appear to be the case.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Amills

‎04-18-2022 07:08 AM

". . . everything I read claims EIGRP should figure out what is the best link based on the metrics but that doesn't appear to be the case."

Indeed, what I believe @Flavio Miranda is trying to tell you, download traffic doesn't use your router's EIGRP config for determining best path TO your router.  TO IT depends on what's EIGRP configured on the "upstream" routers.

"I have never seen any documentation saying it traffic would be asymmetrical . . ."

Conversely, have you seen any (IP) documentation saying traffic is guaranteed to be symmetric?

You need to examine the routing topology, for your traffic, on the "other/up" side.

0 Helpful

Amills
Level 1
Level 1
In response to Joseph W. Doherty

‎04-18-2022 07:09 PM

After checking the datacenters there was some wonky routing going on, I can test tomorrow from the spoke site if it fixed it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card