Solved: Hi Jon:I realized not long

mike0000111111 · ‎03-09-2015

Hi Cisco Experts:

I have a design question: If I have a WAN connection on one primary router, and a second WAN connection (vis a vis 4G Cellular data) on a secondary Router, and I want all outgoing data to use the primary WAN until failover to the secondary WAN - what combination of protocols would you use? (1. Failover means WAN link failover to secondary WAN. 2. Also, router failover to secondary Router and secondary WAN.)

I'm presently using:

IP SLA on primary router to ping ISP side and remove static default route from table if ping is unresponsive.
EIGRP to propagate default routes from both the secondary router and primary router.
Secondary router's static default route with AD of 200 out to secondary WAN.
Primary router's static default route with AD of 150 out to primary WAN.
Packet Tracer to test results before implementation.

I'm getting inconsistent results with my implementation. Since EIGRP propagates static routes with an AD of 170, all devices are indifferent until I change the eigrp static route metric. Then all devices should prefer the Primary WAN default route, even the secondary router. When the Primary Router goes down, no device except the secondary router begins using the the secondary WAN. Remaining devices just show no default route.

Anyway - your thoughts please!

Thanks,

Mike

Jon Marshall · ‎03-10-2015

Mike

Sorry, I'm in between a few things at the moment so I didn't read your scenario properly, my fault.

I think you are seeing split horizon in effect ie. both L3 switches see equal cost paths so they cannot advertise those routes to either router.

So there are, as always, a number of ways to address this but first lets try the obvious one.

When you said you modified the metrics and got inconsistent results how were you modifying them ?

Jon

View solution in original post

Jon Marshall · ‎03-10-2015

Mike

You need to use EIGRP or at least it is preferable because of the discussion we had about your switches.

I suspect you are not redistributing static on the secondary router which you should.

What you do is on the primary router just configure a static route, no need for an AD and use IP SLA to track. You then redistribute this into EIGRP and it will have an AD of 170.

On your secondary router configure a static route with an AD > 170 and redistribute into EIGRP.

What should happen is that if the primary link is up the static from the primary is redistributed and both the switches and the secondary router receive this route. Because the EIGRP route has a lower AD the secondary cannot place it's own static into the IP routing table.

Only routes in the IP routing table are redistributed.

So all devices use the primary for the default route.

If your track fails the primary then removes the static from the IP routing table and so it no longer gets redistributed which now means the secondary can add it's static to the IP routing table and redistribute so now all devices use the secondary.

If the primary links comes back up then the primary router will have a static with a better AD, install that in the IP routing table, redistribute into EIGRP and then all devices use the primary router again.

Jon

mike0000111111 · ‎03-10-2015

Hi Jon:

You've become something like my guardian angel; thanks for your response. I think your suggestion makes sense, and I've been trying to do exactly that with a few variations.

Today I tried doing exactly what you suggested, and here's what I discovered:

Note: I think what occurs below may only be an error in Packet Tracer simulation.

Scenario

Both Backup Router and Primary Router will advertise static routes via EIGRP. Backup Router's static route has an AD of 200. Both Switch 1 and Switch 2 indicate they see the two static routes, and since both routes have AD 170, the switches are indifferent. The switches usually pick the route that comes up first and notes the availability of 2 default routes in the routing table. But...

The switches are not passing the knowledge of each router's static default route to the other router. Neither router knows there is another router on the network claiming to have a route to the default network - not even in their topology maps. Consequently, Backup Router does not replace its default route with the default route from Primary Router, and then inform the network to forget about its default route.

Resolution Attempt #1

I've tried changing the metric on the static routes advertised from Primary Router to see if I can break the stalemate. When I did, I received inconsistent results.

Result

1) Both switches prefer default route from Primary Router, 2) switches pass Primary Router's default route to Backup Router, 3) Backup Router replaces its default route with Primary Router's default route, which was learned from Primary Router via the switches. Great so far.

Redundancy Test

1) I manually remove the default route from Primary Router to simulate an IP SLA downed route event. 2) Primary Router removes default network (of course), informs downstream switches and Backup Router of change in topology. 3) Secondary Router puts its own default route with AD of 200 back into its routing table. 4) Backup Router does not distribute its static route - even though this is explicitly commanded and evident in the show run and it was doing this earlier.

Result

Primary Router and downstream switches have no idea there is another default route available vis a vis Backup Router. The network, except for Backup Router, cannot route out of the LAN onto the WAN.

Simulator error?

Thanks,

Mike

Jon Marshall · ‎03-10-2015

Mike

Okay there is an issue with the secondary router not seeing the route from the primary.

Do the switches see two equal cost paths in their routing tables via both routers ?

Jon

mike0000111111 · ‎03-10-2015

Hi Jon:

As discussed in the Scenario section, both switches will see two equal cost paths in their routing tables from both routers.

The switches will remove the Secondary Router's default route from their routing table only when I change the metric of the default route being redistributed from Primary Router.

-Mike

Jon Marshall · ‎03-10-2015

Mike

Sorry, I'm in between a few things at the moment so I didn't read your scenario properly, my fault.

I think you are seeing split horizon in effect ie. both L3 switches see equal cost paths so they cannot advertise those routes to either router.

So there are, as always, a number of ways to address this but first lets try the obvious one.

When you said you modified the metrics and got inconsistent results how were you modifying them ?

Jon

mike0000111111 · ‎03-10-2015

Jon:

No worries; I wrote a lot of text.

When I change the eigrp redistribute static metric, it looks like this:

Router (config-router): redistribute static metric 22000 0 255 255 1500

[22000 (kbits/sec)] [0 (eigrp delay metric)] [255 (reliability)] [255 (loaded)] [1500 (MTU Size)]

Those aren't necessarily accurate numbers. I went with something I thought would create preference.

Also, I thought Split Horizon was the problem. I got around it using an EIGRP metric. My new problem is that Backup Router isn't redistributing its default route when Primary Router removes its own default route from its own routing table.

Please be aware, these results are coming from Packet Tracer.

-Mike

Jon Marshall · ‎03-10-2015

Mike

I thought if you were just modifying metrics both routers should be redistributing anyway and the switches would be preferring the primary.

It is just a default route from the routers so we can try one of two things -

Firstly just redistribute both static routes without any AD and the same metric.

Then you can either -

1) add a delay to the 3560 interfaces that connect to the backup router

or

2) use an offset list on the backup router interfaces to the 3560 switches.

using either should mean the switches prefer the primary routers route.

It shouldn't matter what the backup router prefers (it will prefer it's own route) because no traffic should go to it unless the primary link is down.

Jon

mike0000111111 · ‎03-10-2015

Jon,

I may end up using one of your suggestions.

It is somewhat circumspect to have my backup router preferring the default route (until it goes down) through the Primary Router. If I purchase CISCO IPS for the routers, they'll need to update. I won't want the Backup Router to use the cellular connection for that. There may be other reasons too.

I feel like this is just a bug, since there's no reason Backup Router should make a change to its routing table (add its own default route back into routing table), then doesn't advertise this change to the other devices on the network.

I'll try to leave this topic open a while longer. Thanks for your help.

-Mike

Jon Marshall · ‎03-10-2015

Mike

I have access to an online lab that I can use so I can test it out for you if you want.

Here is a possible alternative to consider.

Don't connect each router to each switch. Connect the primary router to the primary switch and the secondary router to the secondary switch. You lose nothing in terms of redundancy except there may be an extra hop between the switches on the dedicated vlan but that is over an etherchannel.

Then you can have a direct connection between your routers and that would solve the EIGRP split horizon issue and ensure the secondary used the primary default route unless the primary link fails.

The only issue here is that if the direct link failed both routers would advertise a default route with the same AD.

However this could be overcome by having the router connections to each switch in a common vlan which would mean they peered directly with each other. So they always see each others EIGRP advertisements and are not reliant on which route the switch prefers.

In fact with a common vlan you don't even need the direct connection although it would be an extra failsafe.

I don't normally use a common vlan for connections to routers but it may sort out your issue.

Just something to think about or maybe test.

Jon

mike0000111111 · ‎03-10-2015

Hi Jon:

Thank you for offering to take a swing at this. Do this only if you enjoy what you're doing. Otherwise, I can make some attempts to further resolve the issue before asking you for additional help. Do you want my packet tracer file? How do I send it to you? (don't want to attach for world to see)

I have all the equipment I'm using sitting on the table in front of me. Because I have no explanation why my secondary router refuses to redistribute its static default route on failover - well, I haven't given up the dream that our original idea might work. It's just too elegant to give up yet.

So I am going to try this on the actual equipment - which might take a day or two to get around to.

-Mike

mike0000111111 · ‎04-09-2015

Hi Jon:

I realized not long after our discussion that our equipment has two unused serial ports. I believed, with you, that we had a split horizon problem for EIGRP updates. On a whim, I installed a serial cable between the two routers for router updates.

Since then I've brought the cellular and main internet connection online. They seem to have no problem updating the other devices with new default routes in the event of failover.

I still need to do some more testing - especially with IP SLA before I can say that the solution is adequate. Thank you for your initial recommendations - they were ultimately implemented.

-Mike

Jon Marshall · ‎03-10-2015

Mike

If I get the time today i'll lab this up and see how it works.

The last suggestion I made does not take account of a switch failure ie. primary switch fails but primary router still up and I appreciate this may be a concern for you.

I am wondering if a hybrid of what you have and what I suggested may work ie. leave your topology as it is but instead of having P2Ps for all router connections use two vlans and have each router with a link in each vlan.

That way they would peer with the switches and also each other direct which would mean they would see each other's EIGRP advertisements.

Jon

IP SLA, EIGRP, Floating Static Default Route on 2 Routers