Offset issue?

Brononius · ‎05-07-2010

Hey,

I've got 2 routers (RT1 and RT2) on a remote site. These are primary and backup (virtual ip...).

I've got a third router (RTA) who's on the local site.

RT1 has fe 10.10.10.0

RT1 has fe 10.10.20.0

On RT1 and RT2, i do the same natting (10.10.10.x).

The traffic goes normally always through RT1, and if RT1 is down, through RT2.

So when RT1 is down, i should have a second route for 10.10.10.0 towards RT2.

On RT2, i've put now:

router eigrp 1
   redistribute static route-map flt-static
   passive-interface default
   no passive-interface Tunnel0
   no passive-interface Tunnel1
   offset-list flt-static out 20 Tunnel0
   offset-list flt-static out 20 Tunnel1
   network 10.0.0.0
   distribute-list flt-eigrp-eth0-out out Ethernet0
   distribute-list flt-eigrp-eth0-in in Ethernet0
   distribute-list flt-eigrp-tu0-in in Tunnel0
   distribute-list flt-eigrp-tu1-in in Tunnel1
   no auto-summary

ip access-list standard flt-static
permit 10.10.10.0 0.0.0.127
permit 10.10.20.0 0.0.0.127

So i supposed that i would see on RTA the 10.10.20.0 with a higher metric.

But only the 10.10.10.0 is routed towards RT1.

Any idea what i'm missing?

Hitesh Vinzoda · ‎05-17-2010

Hi,

What i think as per your config is you are changing offset of the prefixes means AD out of tunnels. I presume that your RTA is also running EIGRP, the administrative distance is only considered when you have same prefixes from different dynamic routing protocol or Static routes. So manipulating offset will not do anything here. If you have mutiple paths from a dynamic routing protocol it will consider the metric rather than AD. Check the metric of the route on RTA for the both prefixes. RTA is using the router which gives the best path in terms of metric towards 10.10.20.0. Try changing the metrics or if would have been doing that than i would advertise specific prefixes from primary and summarized from secondary.

HTH

Hitesh Vinzoda

Please rate useful posts.

Brononius · ‎05-26-2010

This is what i've got on both routers regarding eigrp:

Router A

router eigrp 1
redistribute static route-map flt-static
passive-interface default
no passive-interface Tunnel0
no passive-interface Tunnel1
network 10.0.0.0
distribute-list flt-eigrp-eth0-out out Ethernet0
distribute-list flt-eigrp-eth0-in in Ethernet0
distribute-list flt-eigrp-tu0-in in Tunnel0
distribute-list flt-eigrp-tu1-in in Tunnel1
no auto-summary
ip route 10.10.10.0 255.255.255.128 Ethernet0
ip access-list standard flt-eigrp-eth0-in
deny   any
ip access-list standard flt-eigrp-eth0-out
deny   any
ip access-list standard flt-eigrp-tu0-in
deny   10.10.0.0 0.0.255.255
permit any
ip access-list standard flt-eigrp-tu1-in
deny   10.10.0.0 0.0.255.255
permit any
ip access-list standard flt-static
permit 10.10.10.0 0.0.0.127

On router B i've got:

router eigrp 1
redistribute static route-map flt-static
passive-interface default
no passive-interface Tunnel0
no passive-interface Tunnel1
network 10.0.0.0
distribute-list flt-eigrp-eth0-out out Ethernet0
distribute-list flt-eigrp-eth0-in in Ethernet0
distribute-list flt-eigrp-tu0-in in Tunnel0
distribute-list flt-eigrp-tu1-in in Tunnel1
no auto-summary
ip route 10.10.20.0 255.255.255.128 Ethernet0
ip access-list standard flt-eigrp-eth0-in
deny   any
ip access-list standard flt-eigrp-eth0-out
deny   any
ip access-list standard flt-eigrp-tu0-in
deny   10.10.0.0 0.0.255.255
permit any
ip access-list standard flt-eigrp-tu1-in
deny   10.10.0.0 0.0.255.255
permit any
ip access-list standard flt-static
permit 10.10.20.0 0.0.0.127

I thought that it would work if i've put following on router B

ip route 10.10.20.0 255.255.255.128 Ethernet0

ip access-list standard flt-static
permit 10.10.10.0 0.0.0.127
permit 10.10.20.0 0.0.0.127

And while router A is connected, the path towards 10.10.10.0 would go over there (directly connected).
And when router A is down, the path towards 10.10.10.0 goes towards router B (10.10.20.0).

But apperantly this isn't the case... :$

Brononius · ‎05-27-2010

A solution could be that i put 2 static routes with a different metric on my core (RTA), fe:

ip route 10.10.10.0 255.255.255.192 10.10.10.254 100     (=RT1)   
ip route 10.10.10.0 255.255.255.192 10.10.10.254 200     (=RT2)

But i think there must be a nicer way, no?

(Because beside RTA, i've got a second one RTB. So it should be done best with a dynamic routing. Not a static.)

Hitesh Vinzoda · ‎05-27-2010

I think i m missing out something here. Where is RTA router located, at ethernet or tunnel interfaces, what traffic flow you are talking about ?

Lan to Tunnel or tunnels to Lan ( i can see you are not running eigrp over Ethernet interface) please make some extra clarifications

Hitesh Vinzoda

Brononius · ‎05-27-2010

Maybe i should better started with the image... :$

In short, if i come from 172.18.0.10 and want to go to 192.168.0.10, i'll use 10.10.10.3.

So when RT1 is available, 10.10.10.3 should go over there.

When RT1 is out, 10.10.10.3 should go over RT2.

RTA & RTB are my concentrators. Who announce the IP's (public one) of all the servers to fe RT1 and RT2.

So i want the inverse as well. But i'm stuck with the nat somewhere.

Only 10.10.20.0 is know over RT2.

10.10.10.0 should be know here as well, but with a kind of higher metric?

I only want that 10.0.0.0 is know to RTA & RTB.

I don't want to see the 192.168.0.0.

ps RT1 & RT2 have always an open connection towards RTA & RTB.

So in total, 4 tunnels are all the time up.

Hitesh Vinzoda · ‎05-28-2010

Do you run EIGRP between RT1 and RT2, why I m saying that is if 10.10.0.0 is on RT1 and 10.20.0.0 is on RT2. if you run EIGRP between them in the LAN they would become neighbour via 192.168.x.x networks and at that time RT2 will learn 10.10.0.0 network from RT1 and vice versa. In turn both the routers will advertise the Eigrp learned 10.10.0.0 and 10.20.0.0 routes to RTA and RTB if they have redundant connections via tunnel.

Great thing... now we will be running here with the problem with second statement of yours of not advertising 192.168.0.0 network, you can filter out 192.168.x.x network on RT1 and RT2 using distribute lists on tunnels outbound towards RTA and RTB.

See if this helps you.

HTH

Hitesh Vinzoda

Please rate helpful posts.

Brononius · ‎05-28-2010

Hey,

Hereby the lists regarding the eigrp

router eigrp 1
 redistribute static route-map flt-static
 passive-interface default
 no passive-interface Tunnel0
 no passive-interface Tunnel1
 network 10.0.0.0
 distribute-list flt-eigrp-eth0-out out Vlan1
 distribute-list flt-eigrp-eth0-in in Vlan1
 distribute-list flt-eigrp-tu0-in in Tunnel0
 distribute-list flt-eigrp-tu1-in in Tunnel1
 no auto-summary

ip access-list standard flt-eigrp-eth0-in
 deny   any
ip access-list standard flt-eigrp-eth0-out
 deny   any
ip access-list standard flt-eigrp-tu0-in
 deny   10.10.0.0 0.0.255.255
 permit any
ip access-list standard flt-eigrp-tu1-in
 deny   10.10.0.0 0.0.255.255
 permit any
ip access-list standard flt-static
 permit 10.10.10.0 0.0.0.127

Hitesh Vinzoda · ‎05-28-2010

Hi,

Assuming the configurations are from RT1 and RT2

enable eigrp on lan interface

router eigrp 1

no passive-interface name_of_interface ( i think it will be vlan1, check where you have 192.168 on interface)

advertise the interface

network 192.168.x.x 0.0.0.0

no distribute-list flt-eigrp-eth0-in in Vlan1 ( to allow the routing information to pass between both routers)
distribute-list NO_192 out tunnel0

distribute-list NO_192 out tunnel1

modify the access-lists as below :

Create a new ACL

ip access-list standard NO_192

deny 192.168.0.0 0.0.255.255

permit any

HTH

Hitesh Vinzoda

Please rate useful posts.

Brononius · ‎05-28-2010

Hey,

I've added following on both RT1 and RT2.

router eigrp 1
no passive-interface ethernet0
network 192.168.0.0 0.0.0.0
no distribute-list flt-eigrp-eth0-in in ethernet0
distribute-list flt-lan out tunnel0
distribute-list flt-lan out tunnel1

ip access-list standard flt-lan
deny 192.168.0.0 0.0.0.255
permit any

Didn't change a lot. :$

When i shut down the first router (RT1 with 10.10.10.254), the route towards 10.10.10.0 on RTA was unknow.

But what i don't understand here, what will i gain with "transfering'" the routing over the lan part?

If RT1 is down, it should be RT2 who announce himself with the subnet 10.10.10.0 towards RTA & RTB.

ps tests are done on old equipment (cisco 836) since i don't have new ones to play around, therefor the ethernet0.

Brononius · ‎05-31-2010

I just added 2 static routes on RTA and RTB. But now the problem is that if Tunnel10 goes down, RTA goes directly towards RT2. And since RT1 is still the active one (at client side), the route should go over RTB. It's not completely a good solution... :$

So i need to get the eigrp working i think...

On Router A

ip route 10.10.10.0 255.255.255.192 Tunnel10
ip route 10.10.10.0 255.255.255.192 Tunnel20 100

On Router B

ip route 10.10.10.0 255.255.255.192 Tunnel30
ip route 10.10.10.0 255.255.255.192 Tunnel40 100

And adapted scheme:

Hitesh Vinzoda · ‎06-01-2010

Hi,

Are you running HSRP at the client side. You may like to use HSRP tracking feature when the tunnel is down and the Virtual IP shifts to standy router.

HTH

Hitesh Vinzoda

Please rate helpful posts.

Brononius · ‎06-01-2010

I'm only using standby ip for the internal side.

Since the 10.10.x.x is known on the loopback side, i think this can be a problem.
Or am i missing something here? :$

Hitesh Vinzoda · ‎06-01-2010

What is the exact tunnel interface configurations.?

Hitesh Vinzoda

Brononius · ‎06-01-2010

Hey, this is one for RT1

interface Tunnel10
 description ### primary ###
 ip unnumbered Loopback0
 ip mtu 1436
 ip nat outside
 ip virtual-reassembly
 tunnel source Loopback1
 tunnel destination 111.222.333.444 (public ip)
interface Tunnel30
 description ### backup ###
 ip unnumbered Loopback0
 ip mtu 1436
 ip nat outside
 ip virtual-reassembly
 tunnel source Loopback1
 tunnel destination 111.222.333.555 (public ip)

Thanks !