Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2732
Views
0
Helpful
11
Replies

Eigrp Flexvpn

sblackman68
Level 1
Level 1

‎03-16-2019 06:06 AM

Hi,

 

I’m looking for some help on an EIGRP issue we’re having with route advertisements over a FlexVPN between two sites. The spoke router is receiving a full routing table from the hub and this is being redistributed down to the L3 Switch but the hub is not installing routes from the spoke router into it’s topology or routing tables. The spoke router is receiving routes from the L3 switch and these appear in the topology table for AS 203 but the hub router is seeing these with infinite metrics:

 

480  12:47:13.926 Update reason, delay: new if delay(Infinity)

481  12:47:13.926 Update sent, RD: 10.103.34.0/24 metric(Infinity)

482  12:47:13.926 Update reason, delay: metric chg delay(Infinity)

483  12:47:13.926 Update sent, RD: 10.103.34.0/24 metric(Infinity)

484  12:47:13.926 Route installed: 10.103.34.0/24 10.199.104.251

485  12:47:13.926 Route installing: 10.103.34.0/24 10.199.104.251

486  12:47:13.926 Find FS: 10.103.34.0/24 metric(Infinity)

487  12:47:13.926 Rcv update met/succmet: metric(9831710720) metric(1966080)

488  12:47:13.926 Rcv update dest/nh: 10.103.34.0/24 10.199.104.251

489  12:47:13.926 Metric set: 10.103.34.0/24 metric(Infinity)

490  12:47:13.926 Metric set: 10.103.30.0/29 metric(9831710720)

491  12:47:13.926 Update reason, delay: new if delay(Infinity)

492  12:47:13.926 Update sent, RD: 10.103.30.0/29 metric(Infinity)

493  12:47:13.926 Update reason, delay: metric chg delay(Infinity)

494  12:47:13.926 Update sent, RD: 10.103.30.0/29 metric(Infinity)

495  12:47:13.926 Route installed: 10.103.30.0/29 10.199.104.251

496  12:47:13.926 Route installing: 10.103.30.0/29 10.199.104.251

497  12:47:13.926 Find FS: 10.103.30.0/29 metric(Infinity)

498  12:47:13.926 Rcv update met/succmet: metric(9831710720) metric(1966080)

499  12:47:13.926 Rcv update dest/nh: 10.103.30.0/29 10.199.104.251

500  12:47:13.926 Metric set: 10.103.30.0/29 metric(Infinity)

 

This is the topology I am using:

 

<![if !vml]><![endif]>

 

Labels:
0 Helpful
11 Replies 11

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-16-2019 07:04 AM

Hi,

Have you disabled split-horizon EIGRP on FlexVPN? Run a command on FlexVPN "no ip split-horizon eigrp <AS Number>.

Distance vector routing protocols like RIP and EIGRP rely on a number of measures for loop avoidance. One of these is split horizon, which prevents a route from being readvertised out the interface on which it was received.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

sblackman68
Level 1
Level 1
In response to Deepak Kumar

‎03-16-2019 07:11 AM

Hey, Many thanks.  Is this a default thing?  I will check config now???

 

Cheers,

 

Scott.

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to sblackman68

‎03-16-2019 07:27 AM

Hi,
Under the VTI interface. Share your configuration.

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

sblackman68
Level 1
Level 1
In response to Deepak Kumar

‎03-16-2019 07:46 AM

Not sure, which bit you mean??

 

Scott.

 

 

 

interface Tunnel1
ip unnumbered Loopback1
ip mtu 1400
ip nhrp network-id 4
ip nhrp shortcut virtual-template 1
ip nhrp redirect
zone-member security Tunnel
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel destination dynamic
tunnel protection ipsec profile FLEXVPN-IPSEC-PROFILE
!
interface GigabitEthernet0/0/0
description *** LAN ***
ip address 10.103.30.10 255.255.255.252
zone-member security Inside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap
!
interface ATM0/1/0.1 point-to-point
description *** Connection to Internet ***
ip mtu 1458
no atm enable-ilmi-trap
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to sblackman68

‎03-16-2019 08:19 AM - edited ‎03-17-2019 03:51 AM

Hi,

Disable Split-Horizon as:

 

interface Virtual-Template1 type tunnel
no ip split-horizon eigrp <AS Number>.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

sblackman68
Level 1
Level 1
In response to Deepak Kumar

‎03-16-2019 07:58 AM

Not sure, which bit you mean??

 

Scott.

 

 

 

 

0 Helpful

sblackman68
Level 1
Level 1
In response to Deepak Kumar

‎03-16-2019 07:59 AM

Hi,

 

interface Loopback1
ip address 10.199.104.251 255.255.255.255
!
interface Tunnel1
ip unnumbered Loopback1
ip mtu 1400
ip nhrp network-id 4
ip nhrp shortcut virtual-template 1
ip nhrp redirect
zone-member security Tunnel
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel destination dynamic
tunnel protection ipsec profile FLEXVPN-IPSEC-PROFILE
!

0 Helpful

Rob Ingram
VIP
VIP
In response to sblackman68

‎03-16-2019 09:54 AM

Hi,
Your diagram is not displayed at all, so I am unsure of your complete topology. However the configuration above has a sVTI which is referencing a Virtual-Template, so I assume this is a Hub-and-Spoke with Spoke-to-Spoke topology? - and this configuration is from a Spoke?

You would potentially need to disable split horizon on the Virtual Template on the HUB.
You should also ensure that the spokes only recieve routes from the HUB, so therefore configure passive-interface for all interfaces except the tunnel towards the HUB.

HTH
0 Helpful

sblackman68
Level 1
Level 1
In response to Rob Ingram

‎03-17-2019 02:39 AM

Hi, Apologies, diagram and config below, appreciate your help!!!

 

Scott.

 

 

interface Loopback1
ip address 10.199.104.251 255.255.255.255
!
interface Tunnel1
ip unnumbered Loopback1
ip mtu 1400
ip nhrp network-id 4
ip nhrp shortcut virtual-template 1
ip nhrp redirect
zone-member security Tunnel
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel destination dynamic
tunnel protection ipsec profile FLEXVPN-IPSEC-PROFILE
!
interface GigabitEthernet0/0/0
description *** LAN ***
ip address 10.103.30.10 255.255.255.252
zone-member security Inside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap
!
interface ATM0/1/0.1 point-to-point
description *** Connection to Internet ***
ip mtu 1458
no atm enable-ilmi-trap
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0/1/0
no ip address
no negotiation auto
ip virtual-reassembly
!
interface Ethernet0/1/0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.0.1 255.255.255.0
negotiation auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
ip nhrp network-id 4
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel protection ipsec profile FLEXVPN-IPSEC-PROFILEeigrp.png

0 Helpful

Rob Ingram
VIP
VIP
In response to sblackman68

‎03-17-2019 05:21 PM

Re-reading the original post and looking at the diagram it doesn't seem like the routes are actually being readvertised out of the same interface they were received, correct?

Does the Hub install the Loopback interface IP address of the spoke in it's routing table?
Is this diagram complete? or are there other devices connected?
0 Helpful

sblackman68
Level 1
Level 1
In response to Rob Ingram

‎03-18-2019 01:18 AM

Morning,

 

Hi, I will find out more info.

 

Cheers,

 

Scott.

 

0 Helpful
Customers Also Viewed These Support Documents
Top