cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1555
Views
0
Helpful
7
Replies

Nexus 7K EIGRP redistribute static

sushil968
Level 1
Level 1

HI Friends,

Having issue with EIGRP in Nexus 7k while redistrubuting static routes. I have two core Nexus 7K's , which are connected service provider. Below Core I have distribution running in EIGRP. Goal is to achieve autmated failover between service provders links with shortest path routing.

IP SLA is working fine, but traffic routing within EIGRP is misbehaving.

CORE-1

show ip static-route

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.241

ip route 0.0.0.0 0.0.0.0 ethernet 3/2 10.124.56.245 10

ip route 10.124.56.244 255.255.255.252 ethernet 3/2 10.114.159.2

router eigrp 110

default-information originate

CORE-2

router eigrp 110

default-information originate

ip sla 123

icmp-echo 10.124.56.241 source-ip 10.124.56.246

history filter failures

history buckets-kept 25

request-data-size 38

thre 100

timeout 100

frequency 1

end

track 123 ip sla 123 reachability

show ip static-route

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.241 track 123

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.245 9

ip route 10.124.56.240 255.255.255.252 ethernet 3/2 10.114.159.1

ip sla 123

ip sla schedule 123 life forever start-time now

After this configuration IP SLA is working fine, traffic is diverting to SP gateway on secondary when primary goes down. But still having routing issues as follows, as internal eigrp is not routing well, due to some metric issues being issued by both router default static routes. Same issue even when  no failover scenario.  Also observed some misbehavior.

  • •(1)    Source 2960-1 (10.114.134.12) is reaching to 10.124.56.245

via 3750-A•àA1•àC1•àC2

  • •(2)    Source 2960-4 (10.114.134.15) is reaching to 10.124.56.245

via 3750-A•àA1•àC1•àC2

  • •(3)    Source A2 (10.114.134.26) is reaching to 10.124.56.245

via C1•àC2

  • •(4)    Source A1 (10.114.134.22) is reaching to 10.124.56.245

via C1•àC2

7 Replies 7

mtsb
Level 1
Level 1

Hi Sushil,

We can take one issue at a time and check what is going on.

For point 1, you have mentioned that 2960-1 is reach .245 via 3750-A---A1---C1---C2--- .245

I believe the expected is 3750-A --- A1---C2. Please confirm.

A1 is taking a decision to go via C1 instead of C2. What does the routing table looks like in A1? Is this after fail-over?

Give the show ip route at every single node and see why it prefers the C1 path instead of C2.

Thanks,

Madhu

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

It looks from your config as though C1 and C2 are both generating a default route. If so A1/A2 will see equal cost paths and so will alternate between C1 and C2. As Madhu, says, check the routing tables of A1/A2.

That said it would be helpful if you could specify what the main issue is ie. you say -

Goal is to achieve autmated failover between service provders links with shortest path routing.

do you mean shortest path for internet traffic ? If so then testing to 10.124.56.245 is not particularly relevant because how often will end clients use that as the destination IP. In fact because that network is only connected to C2 the easiest solution for this is to advertise it into EIGRP on C2 only then traffic should go direct for that subnet.

But that would not fix the issue of internet access. So like i say, can you specify exactly what the main issue is ?

By the way, your config doesn't show it but i presume there is more to your EIGRP config ie.how do C1/C2 learn of the subnets from the internal LAN ?

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

Can you also answer the following -

1) C1 is the primary internet connection ?

2) I understand why you are tracking the route on C2 ie. you need to C2 to use the default route via C1 unless the link goes down in which case it installs the route via it's direct connection to the secondary ISP.

But you are not tracking C1 to ISP1 or C2 to ISP2. Is this because these are point to point links so C1/C2 know ft the link has gone down ?

If so note that i have just been involved in another thread where a very helpful TAC routing engineer pointed out that it is quite common for an ISP to fail further upstream so the link to the ISP stays up but the ISP has lost internet connectivity. I assume, because of your default routes on C1/C2 that you are not receiving any routes from the ISP so you may want to consider tracking a destination IP on the internet.

That said i dont want to complicate the issue at the moment. It would be best to sort out your internal routing problems first and then if you want you can look at perhaps tracking the ISP availability further upstream.

Jon

H Madhu, Surely on monday I will attach the routing table information and route details.

Hi Jon,

1) C1 is the primary internet connection ? YES C1 is primary 7K router and C2 is Secondary 7K router.

2) I understand why you are tracking the route on C2 ie. you need to C2 to use the default route via C1 unless the link goes down in which case it installs the route via it's direct connection to the secondary ISP. -- YES you are correct, only primary link on C1 wil be active for forward and reverse path from Internet side. Link on C2 will be in standby and will reverse the traffic from Internet only if Primary link goes down. I have tested failover on internet gateway and found working absolutely fine no issue with that. Only issue is withing EIGRP.

If you notice in the configuration I have configured the default  route in C1 with default metric. And configured the default route in C2 with metric 9. So ideally when both routers redistribute their  static routes to EIGRP, best would be selected with lowest metric cost and shortest path to reach C1 and further to internet , should be taken. But in NX OS I think so , what is happening is both routers are distributing it's default route information with default metric in to EIGRP, so nearest neighbour  A1 & A2 are learning the best route to its respective C1 & C2. This is just assumption....

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

If you notice in the configuration I have configured the default  route in C1 with default metric. And configured the default route in C2 with metric 9. So ideally when both routers redistribute their  static routes.

There are a couple of issues with this -

1) the actual route installed in the routing table on C2 i would have thought would be this one -

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.241 track 123

because you do not have an AD with this one so it is preferred over the one with the AD of 9.  You then have this route -

ip route 10.124.56.240 255.255.255.252 ethernet 3/2 10.114.159.1

Can you please answer these questions -

a) looking at the route table on C2 can you clarify which route is in the IP routing table

and

b) why is the first route pointing out of the 10/1 interface but the route to get to 10.124.56.240/30 is pointing out of ethernet 3/2 ?

2) The AD is not passed with the routing update so when it is sent to A1/A2 they will see them as EIGRP internal (AD 90) ie. the AD is only local to the actual switch.

Again can you answer the following question -

on A1/A2 what is the AD of the default route ?

So the main issue is that A1/A2 receive equal cost paths to both C1 and C2 so traffic could go either way. Now you could use offset-lists on C2 or delays on A1/A2's connections to C2 so C1 is always preferred. But if the internet link fails over to C2 then C1 installs it's other default route and so A1/A2 still get two default routes. But because you have configured A1/A2 to prefer C1 now all internet traffic goes via C1 to get to C2. So the configuration has become more complicated and still the traffic is not flowing correctly.

The solution is to only have the active core switch send a default route. And the other core switch simply receives that default route via EIGRP as do A1/A2. If you do this then A1/A2 would still receive two default routes one direct from the active switch (ie on hop away) and one from the standby switch (two hops away) so A1/A2 would always go to the active switch because the metric would be better for the direct route.

If the active switch loses it's internet connection then it stops sending a default route and the new active switch takes over and it this switch that then advertises the default route.

There is a config that may work for you and i will gladly provide it but i need answers to the questions i asked above just in case it is not actually working as i suspect.

So i hope that all makes sense..

Jon

Hi Jon,

Thanks a lot for taking time out on weekend and providing support. Well I dont have access to ruouters , tomorrow I will go to DC so I will post the routing table.

Following are the responses to your queries.

a) looking at the route table on C2 can you clarify which route is in the IP routing table --> Soon will update the routing table in attachements.

b) why is the first route pointing out of the 10/1 interface but the route to get to 10.124.56.240/30 is pointing out of ethernet 3/2 ? ---> Well 10.124.56.240 is service provider network connected on Eth 10/1 and Eth 3/2 is L3 connectivity between C1 & C2. For detailed ref. I have attached the Word Document.

c)on A1/A2 what is the AD of the default route ? Will update you tommrow with routing table.

Cheers.

Sushil

Thanks for updating. I think you may have forgotten to add the document but no problem.

My question about the routing was this -

on C2 you have 3 routes -

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.241 track 123   <-- this route tracks C1s connection for C1's ISP.

ip route 0.0.0.0 0.0.0.0 ethernet 10/1 10.124.56.245 9 <-- this route is the direct route for C2 for it's own ISP

ip route 10.124.56.240 255.255.255.252 ethernet 3/2 10.114.159.1  <--- this route is presumably there so C2 knows how to get to C1's ISP

so why is the first route, which is checking C1s ISP link pointing out of ethernet 10/1 because for C2 to get to 10.124.56.241 it has to go via ethernet 3/2  ?

I fully understand why the second route above is pointing out of the ethernet 10/1 interface.

I think it may just be a mistake in the configuration as looking at C1 both it's routes for C2's ISP address are pointing to C2. So it's not a major issue and it certainly isn't why you are seeing the traffic flows within your network.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: