Is the below EIGRP situation a routing loop?

jmaxwellUSAF · ‎03-27-2023

Hello.

It seems the 2 below devices are advertising each other making a routing loop.

But the static route is advertising as tunneled. I don't understand why there should be any routing distinction for tunneled-- all devices need these routes tunneled or not.

QUESTIONS:

1. Is the below situation a routing loop?

2. If not why not? Where is the source for 172.16.9.0?

3850-STACK#sh ip int br
Vlan128 172.16.228.1 YES NVRAM up

3850-STACK#sh ip route 172.16.9.0
Routing entry for 172.16.9.0/24
Known via "static", distance 1, metric 0
Redistributing via eigrp 1
Advertised by eigrp 1 route-map stat2eigrp
Routing Descriptor Blocks:
* 172.16.228.10
Route metric is 0, traffic share count is 1
===

ASA-5525# sh int ip br
GigabitEthernet0/1 172.16.228.10

ASA-5525# sh route 172.16.9.0
Routing entry for 172.16.9.0 255.255.255.0
Known via "eigrp 1", distance 170, metric 1707008, type external
Redistributing via eigrp 1
Last update from 172.16.228.1 on inside
Routing Descriptor Blocks:
* 172.16.228.1, from 172.16.228.1, via inside
Loading 1/255, Hops 1
S 0.0.0.0 0.0.0.0 [255/0] via 172.16.228.1, inside tunneled

Flavio Miranda · ‎03-27-2023

Hi

I dont see any loop. What I see is you have a static route to 172.16.9.0 on 3850 and you are advertising this route through eigrp and the ASA is learning via eigrp.

How your topology looks like?

jmaxwellUSAF · ‎03-27-2023

"3850-STACK#sh ip route 172.16.9.0
Routing entry for 172.16.9.0/24
Known via "static", distance 1, metric 0
Redistributing via eigrp 1
Advertised by eigrp 1 route-map stat2eigrp
Routing Descriptor Blocks:
* 172.16.228.10

=============

3850-STACK#sh ip route

S 172.16.19.0/24 [1/0] via 172.16.228.10

---

"What I see is you have a static route to 172.16.9.0 on 3850 and you are advertising this route through eigrp and the ASA is learning via eigrp"

It seems to me that the ASA is learning from the neighbor that the route is through the ASA. And when the ASA is queried...

# sh route 172.16.9.0

Routing entry for 172.16.9.0 255.255.255.0
Known via "eigrp 1", distance 170, metric 1707008, type external
Redistributing via eigrp 1
Last update from 172.16.228.1 on inside, 1193:02:47 ago
Routing Descriptor Blocks:
* 172.16.128.1, from 172.16.128.1, via inside
Loading 1/255, Hops 1
S 0.0.0.0 0.0.0.0 [255/0] via 172.16.128.1, inside tunneled

...it points to the inside interface on the same device. "S 0.0.0.0 0.0.0.0 [255/0] via 172.16.128.1, inside tunneled"

This inside interface connects to the 3850 switch. That sems like a loop to me.

Furthermore how does "S 0.0.0.0 0.0.0.0 [255/0] via 172.16.128.1, inside tunneled" involve in this? What would be the difference if "inside tunneled" was not listed?

Thank you.

Kanan Huseynli · ‎03-27-2023

Hi,

where is by design 172.16.9.0/24 route? Based on your configuration, you have created static route towards ASA, and ASA learns this route. Yeap, seems loop, but something is missing in your configuration. ASA should have more better route for 172.16.9.0/24 (like connected/ another static etc.), hence where is physically and logically this subnet in your topology? Is it behind ASA?

S 0.0.0.0 0.0.0.0 [255/0] via 172.16.128.1, inside tunneled - this route is for RA VPN clients.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.