Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
172
Views
0
Helpful
3
Replies

Multipath routing EIGRP/BGP and static

m1domainadmin
Level 1
Level 1

ā€Ž05-02-2024 04:54 PM

I am looking for advice on a multi-path routing solution. We have a large global MPLS network that has ben primary path for along time and is being phased out over the next 18 months. I've built an IPSec route-based VPN tunnels between my home site (site1) and a branch office (Site 2)

Site 1 - LAN 10.15.0.0/16 (static routing and EIGRP; MPLS uses EIGRP and BGP)

Site 2 - LAN 10.10.0.0/16 (static and EIGRP, MPLS uses EIGRP and BGP)

The LAN core switches learn routes via EIGRP, and I have added a static route to 10.10.0.0/16 via the ASA that terminates the VPN. No problems there, but I need to figure out a way to add routing to achieve a fallback to the MPLS network if the tunnel goes down for any reason. 

MPLS is on an ISR4001 router, The VPN is between an FTD-3110 (Site1) and an ASA-5516 (Site2) 

Core switches are Cat9300.

Can I just accomplish this with multiple static routes with different priorities on the cores, one route point to the VPN tunnel and one to the MPLS router? Seems simple enough but before I start changing routing I thought I would ask.

 

Diagram attached.

Any suggestions would be appreciated.

 

 

 

 

 

 

Labels:
Preview file
391 KB
0 Helpful
3 Replies 3

David Ruess
VIP
VIP

ā€Ž05-02-2024 05:07 PM

Hello,

Yes you can accomplish this with static routing. Using a floating static route with a higher AD than the default of 1 for static routes. For the primary route I would add a "tracked object" sending probes to the IP it needs to detect thats down so the transition is automatic. I believe if you only do the static route with the interface it will only be removed if the interface is shutdown

 

-David

0 Helpful

paul driver
VIP
VIP

ā€Ž05-03-2024 12:42 AM - edited ā€Ž05-03-2024 12:43 AM

Personally I would use bgp over the ipsec tunnels aswell, you then dont have do ANY traffic engineering as bgp best path selection will default between linc-lan<>sanc-lan ( shortest as-path) and the mpls path will then automatically become the back-path for linc-lan<>sanc-lan traffic.

linc-lan<>sanc-lan  (ipsec/ebgp)
linc-lan<>lin-rtr (eigrp/ibgp)

snac-lan<>linc-lan  (ipsec/ebgp)
sanc-lan-<>sanc-rtr (eigrp/ibgp)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž05-03-2024 04:32 AM

Push the EIGRP until device you config IPSec on it' IPSec dont support IGP.

In that device you will get two route 

One static toward IPsec and other is eigrp.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card