hi all ;
i need your help, advice.
i have a topology that include 1 hq and 2 sites. i have 2 dmvpn tunnel. one is belongs to primary link of isp(tunnel 100), other one is belongs to backup link of isp(tunnel 200). tunnel 100 is running bgp, tunnel 200 is running eigrp. my problem is; when a site primery link goes down for exm:site 1. there is asiymetric route. site 1 tun 200 running eigrp, is forwarding packet to hq , hq is forwarding packet to site 2 . but via bgp(tunnel 100) (because site 2 is running still bgp(primary link of tunnel run bgp). and bgp ad is lower. and first chosie.that ok. but) site 2 is forwarding packet to site 1 directly via tunnel 200. (that i want. but site 1 is not forward trafic to site 2. i want they comminicate directly. ). i cant solve this. please advice me or hand me.
Hello @BurakTutkun ,
what you would like to achieve is not an easy task.
In order to have the spokes to be able to speak directly on the only available tunnel when the primary tunnel fails you need to ensure that all the configuration tricks are configured.
For EIGRP you need:
no ip eigrp X split-horizon
no ip eigrp X next-hop self
on the hub router under interface tunnel 200.
But even with these tricks configured the eBGP route would be preferred over the EIGRP route for its lower AD.
One possible way to avoid this comparison would be to put the two tunnels in two different VRFs on the hub site so that if the primary link fails on a spoke the other spoke uses the secondary tunnel.
But this is not enough.Two different VRFs should be used also on the spokes and this would make the solution really complex.
I would suggest you to consider if the current setup can be acceptable for you (this depends on the number of spokes in the real network).
Hope to help
So, each site has two tunnels connected to the isp.
Each having a Tunnel with BGP en a Tunnel based on EIGRP. You probably wan't to select the EIGRP as main...
So I understand that a tunnel goes down from a site, you HQ is sending out suddenly via the wrong Tunnel?...
To reach site 1, it is only able via the BGP tunnel to Site 2?
That is as far I understand correct behavior... But perhaps creating a fixed route with a higher AD can solve the issue.
It floats around until the tunnel goes down. You configure it to use the still active Tunnel if it is there.
I hope this is a good idea for you.