Re: How do I suppress routes when one of the remote site is acti

John Peterson · ‎04-21-2013

Guys I was not sure if this should be in the LAN section but I gathered that as the communication was over two remote sites I would post under WAN.

A customer of our has two remote sites both internet facing with a 3 layer design and 2Gpbs inter-connections between sites.

Core devices have eBGP and iBGP (via inter-link) at both sites with L3 3750-X switch as dist layer and the two 1Gpbs inter-links connected. These are then connected to access switches where the services are located.

The Internet facing routers provide a default route to the layer 3 switches which is redistributed into EIGRP. Site A is active and Site B is DR.

Every so often a new network is connected and vlan is configure on the L3 switch which is then advertised in EIGRP and then redistributed into BGP. Then allows the Internet at site A to go down and traffic can enter via Site B and communicate via the 2Gpbs inter-link.

The problem I'm facing is when the vlans are configured on site A they also need to be configured on site B's device. This will allow site failover to site B, but the routes should be present in the routing table to be able to connected to the server behind the access switches in site B, ( at this point the services would have also failed over.)

I can configure the vlans on both sites but, when site A eBGP goes down and the traffic flows via Site B the packets will be pushed towards the vlan interface (as it would be directed connected) and not the EIGRP route to site A causing traffic to be dropped and the service will not be active on site B.

Ideally is there a way in which I can stop the connected routes from appearing in the global routing table and then in some way either manual or automated be able to activate these routes at site B when performing a site failover? I guess I could shutdown the vlan interfaces but as the network grows this would probably be not an options.

Any thoughts would be apperciated.

Thanks.

John Peterson · ‎04-23-2013

Anybody have any thoughts?

Sent from Cisco Technical Support iPhone App

Muhammad Thanveer · ‎04-23-2013

Hello John,

I am not sure I can help you out in this case or not? but can you please share a diagram with some configrations, it atleast helps others to answer.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

John Peterson · ‎04-23-2013

Hi Muhammad,

I currenly don't have any config are but one project which should have been completed 2 months back and was handed to me therefore still in the early stages.

I have attached a network diagram of something of what two of the sites will end up like.

The problem is that the secondary site will be inactive (no incomming connections), but the vlans configured on the Dist/Access switches will have directed connected networks. If the eBGP relationship for the Primary site goes down traffic will be routed via the secondary site Internet and to primary site services via the link between.

The network on the dist/access switch will also need to be configured on the secondary site incase we need to perform a full site failover, but cannot be active as when the primary Internet fails over the connect network next hop for the primary networks should be the other end of the inter-link.

If the network is in the routing table for the secondary site the packet will not reach the correct side.

Thanks

blau grana · ‎04-23-2013

Hello John,

To be able help you with design, we need to know exact logical (L3) and physical (L2) topology.

Configuration of BGP should be straightforward, ISP1 will be used as primary and ISP2 will be used as backup, you will have to manipulate LOCAL_PREF to influence outband traffic and AS_PREPEND to influence inbound traffic.

The network on the dist/access switch will also need to be configured on the secondary site

You mean that same VLANs will be terminated on both sites, same L3 subnet?

If yes, then you have to connect both sites with trunk link to connect L2 domains. Link with OSPF mark on diagram has to be L2 trunk, no routing.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Muhammad Thanveer · ‎04-23-2013

Hello John,

As Blau said local preference wold help you out.

route-map WORD permit 10

route-map local permit 10

set local-preference 1000

router bgp (AS NUMBER)

address-family ipv4 unicast

neighbor (ibgpneighborip) route-map WORD in

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

John Peterson · ‎04-24-2013

Thanks,

I dont't really have any ip address at the moment. I aware of the BGP and routing configuration of the network, local perfernece etc.. Thanks.

My real concern was:

In Site A we have the following access vlans:

VLAN 226: 192.168.1.0/30

VLAN 225: 192.168.1.4/30

VLAN 227: 10.10.1.0/29

In Site B we have the following access vlans:

VLAN 226: 192.168.1.0/30

VLAN 225: 192.168.1.4/30

VLAN 227: 10.10.1.0/29

As traffic comes into Site A the Layer 3 switch is aware of the connected vlan via the IGP and routes the packets to the networks.

In the instance where Site A looses its connection to the internet Site B internet connection will become active and route packet to Site A network from above via the inter-link as the switch is aware of the network via OSPF.

At this point I would like to say that the services which are held in Site A are also replicated to Site B incase of full DR.

So here comes the issues.

As networks/vlan are created on the access layer on Site A, they also need to be created on Site B and these will show up as connected interfaces in Site B L3 device. Therefore when the internet at Site A goes down and packet come from Site B router and want to get routed to Site A they will be dropped and the connected interfaces will show up in the routing table not the OSPF routes. As we have not failed over at this point the packet will get dropped rather than going to Site A.

From the above I was hoping there was a way I could supress the connected routes on Site B L3 devices and have them active when we perform a full DR.

Thanks

Muhammad Thanveer · ‎04-24-2013

Hello John,

May I know, that before the link goes down, how do you make the other side vlan to be inactive and the primary one to be active?

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

John Peterson · ‎04-30-2013

Hi Muhammad,

I don't really know, I was hoping someone from here could help, that is my problem.

The only way I can think would some sort of features which takes the secondary site vlans out from the global routing table and then when we like or using ip sla the vlans are placed back into the global routing table to pass traffic.

Thanks

Giuseppe Larosa · ‎05-01-2013

Hello John,

the traditional solution for this kind of issues is to have less specific routes on the DR site.

The most specific route is used first regardless of AD and route origin.

So all you need is to make the SVI interfaces at site B using less specific subnet masks then the ones used in siteA

Hope to help

Giuseppe

John Peterson · ‎05-02-2013

Hi

That won't be possible as the site has be a replica, in case site A goes down. The routes at the distu layer would need to be the same therefore when the site fails the networks are available to each business. As each client has a allocated subnet these cannot be less specific as there are public address.

This will only be a problem is the internet connection in site A fails and traffic needs to be routed via Site B to Site A.

Is there any way round this?

How do I suppress routes when one of the remote site is active?