02-06-2017 02:55 PM - edited 03-05-2019 07:59 AM
I have a site that terminates to an ASA HA pair active / standby. That ASA is connected to a pair of L2 only 2960-X's. The 2960's are then connected to 2921's One will be primary and one is a backup link. I have HSRP running between the ASA and the Routers. The other side of the 2921's terminate at two separate sites. I do not want my return traffic to come back on the secondary path. So my thought was to add delay on the secondary router to but there is a prefix list that is redistributing static routes into my network. So I was going to add a delay to that metric as well. That would sour all the routes from the secondary router into my network. My question is two fold do I need to add delay to both the interface and the redistribution metric or will interface delay be added to both? Second is there a better way that I could do this using another method?
02-06-2017 03:31 PM
Hi
I think both 2921 are receiving the same prefixes from the remote sites, in this case as you mentioned the secondary 2921 should be receving the prefixes with greater delay than the primary path.
Are you using EIGRP only?
02-06-2017 03:36 PM
Yes only EIGRP. I just want the advertised routes from the 2921's to favor the primary router. HSRP will solve the routing back into my Network ring. So they will use HSRP to leave out the primary router and I was going to add a delay to the Secondary into my network to stop the return traffic from heading back through that and causing asymmetrical routing.
02-06-2017 03:39 PM
Yes, I think delay on the interface between Router 2 and Site 2 should be enough but are you going to redistribute any static route or other protocol?
02-06-2017 03:44 PM
Yes, I am going to redistribute some statics using a prefix list and "set metric" command and increase the delay on that as well if I needed too. I was not sure if I needed to do both the interface delay and "set metric" with increased delay.
02-06-2017 03:51 PM
Yes, if you are going to redistribute on site 2, the prefixes should be with a greater metric like site1, Please let me lab it and share that with you
02-06-2017 03:59 PM
02-06-2017 04:04 PM
thank you!
02-06-2017 04:16 PM
are the ASA running any routing protocol or just static routes? Site A and B are connected directly or are they isolated?
02-06-2017 04:23 PM
ASA is L2 no routing. I have SAME exact static routes in the 2921's pointing to the routes that are on the other side of the ASA
For example
Primary 2921
ip route 10.10.10.0 255.255.255.0 10.255.195.116
Secondary 2921
ip route 10.10.10.0 255.255.255.0 10.255.195.116
10.255.195.116 being my inside interface of the ASA toward the network I do not own and do not share routes with. I just static route what I need to them.
02-06-2017 05:12 PM
Hi
Please see the attached topology:
R1 is simulating the ASA firewalls, this router has a default route pointing to the virtual IP of the HSRP 123. Also this router has a loopback 0 to simulate the networks behind the firewalls.
R2 and R3 are running HSRP 123 and EIGRP, these routers have a static route to reach 1.1.1.1 pointing to the ip .11 associated to R1.
R2 has an Eigrp adjacency with R4. R3 has an Eigrp adjacency with R5, nothing special.
R6 is simulating the network ring, and it has a default route pointing to the virtual IP of HSRP 45. Also the router has a loopback0 6.6.6.6/32
R4 and R5 routers are running EIGRP and HSRP 45, these routers have a static route to reach the prefix 6.6.6.6/32, it is pointing to the IP .11 of R6.
R4 has an Eigrp adjacency to R2. R5 has an Eigrp adjacency to R3, nothing special.
Now R2, R3, R4 and R5 are redistributing the static routes with the same metric. If you dont modify the metric on R3 and R5 for this redistribution, R3 and R5 will reach the remote loopback through each other not to R2 and R4 respectively.
So i configured under the EIGRP process:
R3
router eigrp 100
network 0.0.0.0
redistribute static metric 10000 1000 255 1 1500
R5
router eigrp 100
network 0.0.0.0
redistribute static metric 10000 1000 255 1 1500
In order to modify the path, now R3 are reaching the prefix 6.6.6.6 through R2 and R5 is reaching the prefix 1.1.1.1 through R4.
R3
R3#traceroute 6.6.6.6 numeric
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 10.123.0.2 1 msec 1 msec 1 msec
2 10.24.0.4 2 msec 1 msec 0 msec
3 10.45.0.11 1 msec * 5 msec
R3#
R5
R5#TRACeroute 1.1.1.1 NUMeric
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.45.0.2 1 msec 1 msec 1 msec
2 10.24.0.2 1 msec 1 msec 1 msec
3 10.123.0.11 1 msec * 6 msec
R5#
If the P2P between R2 and R4 is shutdown the path will changed automatically
R3#traceroute 6.6.6.6 numeric
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 10.35.0.5 1 msec 0 msec 1 msec
2 10.45.0.11 2 msec * 5 msec
R3#
R5#TRACeroute 1.1.1.1 NUMeric
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.35.0.3 0 msec 0 msec 1 msec
2 10.123.0.11 2 msec * 2 msec
R5#
HSRP on both side is making a great work on this topology. The following command is very useful: show ip eigrp topology or show ip eigrp topology <subnet>/<cidr>
Hope it is useful :-)
No delay values are required between R3 and R5. But check the delay value configured on the metric for redistribution.
02-06-2017 05:14 PM
I cannot use HSRP on the ring side of my network. :(
02-06-2017 05:59 PM
Hi
No worries, please correct me site 1 and 2 are advertising the same prefixes from the network ring to R1 and R2, right? are Site 1 and 2 isolated locations?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide