05-21-2015 05:19 AM - edited 03-05-2019 01:31 AM
Hi all,
After some advice, we have a project where I work to divert traffic across a back up link as a test.
Basically we have two campus sites with 2 links between them,a WAN link provided by standard ISP and a back up link direct between the 2 sites which is 1gb compared to the 100mb WAN.
We have been asked to come up with implementation to divert all traffic from campus 2 to campus 1 (core) on the back up link.
We are using EIGRP in the LAN to route all traffic currently over the WAN.
Now would I use PBR to push all traffic originating at campus 2 across the back up, would this be the best option? If so would the access list used be something like eg:
access-list 1 permit 192.168.10.0 0.0.0.255
route-map (name) permit 10
match ip address 1
set ip next-hop (ip address of the router at the campus 2 end of the back up link)
interface vlan 10
ip policy route-map (name)
Presumably if the back up link fails then normal EIGRP would resume and push traffic back over the WAN? Is this correct or do I need IP sla?
Or is there another way, the customer wants us to use routing priorities and supernets but I am not sure this is the way to go, simple PBR should do this right?
thanks in advance
Ableton
Solved! Go to Solution.
05-22-2015 04:08 AM
Steve
As long as PBR can tell the next hop has gone down it will then fall back to the routing table.
The issue is if PBR doesn't know the next hop is down and that depends on the topology of your network ie. if the backup link was literally a point to point so if the remote end went down so did the local end you wouldn't need to track anything.
So it depends on your network and if you are testing simply by shutting the local port on the switch down that isn't necessarily going to work.
That would have been the advantage of using EIGRP on both links ie. with any dynamic routing if the link fails anywhere the neighborship is lost so the other link is automatically used.
If you weren't sharing a common vlan it would be relatively easy to use EIGRP.
Paul's suggestion above may work but if you want to use PBR then whether you need IP SLA depends on the actual network layout.
Jon
 
					
				
		
05-21-2015 05:29 AM
What protocols you are using for two links i.e. WAN and backup link ??
05-21-2015 05:36 AM
You generally use PBR when you need to route based on something other than the destination IP address.
However you are simply wanting to send all traffic over a certain link ie. you are still routing on destination IP so you just need to manipulate the routing metrics so the backup link is the preferred route.
You could use PBR but it wouldn't really be the right tool for the job.
Edit - unless you don't run a routing protocol over the backup link ?
In which case you could use PBR but it might be easier to just run EIGRP across the backup link as well and modify the metrics.
Jon
05-21-2015 05:54 AM
Hi Jon,
yes we do use EIGRP in the whole network including the back up link. So presumably the metrics get manipulated there and then also create some supernets for each of the subnets within campus 2?
thanks a lot
Steve
05-21-2015 05:57 AM
Could I use the admin distance or is that risky?
05-21-2015 06:00 AM
See previous post ie. the easiest is to advertise a summary on the main link.
Basically there are multiple ways to do this (including PBR), you just want to try and use the easiest.
Jon
05-21-2015 06:09 AM
I think the issue I will have Jon is that campus 2 is a flat network, only 1 subnet in use here for the whole campus. Obviously I wouldnt be able to advertise the more specific subnets as there arent any!
05-21-2015 06:13 AM
Okay.
Perhaps the easiest solution is simply to manipulate the metrics at either end so that the backup link is preferred.
Do both links terminate on the same router at each site ?
Jon
05-21-2015 06:19 AM
No, the ISP provides and manages the routers for the primary and we own the switches that terminate each end of the point to point back up link
05-21-2015 06:24 AM
So the switches are L3 switches ?
And you receive EIGRP routes from the ISP routers and via the backup link ?
If so it may be easiest to use delay on the interface connecting to the ISP router unless you have both the primary and backup links in a common vlan in which case that won't work.
If they are using L3 routed ports on the switches though it would.
Jon
05-21-2015 06:34 AM
ok thats a good start.
yes the back up link switches are L3 routed. and yes both primary and back up are in the same vlan.
EIGRP is in use in the whole network, ISP and back up etc.
So you think a simple delay setting on the interface facing the ISP will influence campus 2 to send all traffic via the back up?
thanks
05-21-2015 10:09 AM
Steve
Apologies for the delay in replying, had to do something else.
If they are in the same vlan then no you can't use delay because they share the same L3 interface on the switch.
Adding delay to the L2 interfaces on the switch will do nothing.
And using a summary address is not an option either if there are sharing the same L3 SVI on the switch.
You may be able to do something with the distance command but perhaps PBR is the simplest solution after all.
Jon
05-22-2015 01:23 AM
Hi Jon,
We have discussed this and we think PBR will be the way to go. We do have other PBR in the network and this seems to work well routing the traffic that we require.
I do have another question on PBR itself. When we create the route maps, if the traffic was already routing on the back up link and for some reason the back up link failed. Presumably the normal EIGRP route selection would take place and the traffic would re-direct back over the WAN link? Or would we need IP SLA tracking to make sure of this?
The customer would want to make sure the traffic has a sure failover before we implement this and in testing I have seen EIGRP take over once a link fails but would IP SLA be more effective?
thanks a lot for all your help
05-22-2015 04:08 AM
Steve
As long as PBR can tell the next hop has gone down it will then fall back to the routing table.
The issue is if PBR doesn't know the next hop is down and that depends on the topology of your network ie. if the backup link was literally a point to point so if the remote end went down so did the local end you wouldn't need to track anything.
So it depends on your network and if you are testing simply by shutting the local port on the switch down that isn't necessarily going to work.
That would have been the advantage of using EIGRP on both links ie. with any dynamic routing if the link fails anywhere the neighborship is lost so the other link is automatically used.
If you weren't sharing a common vlan it would be relatively easy to use EIGRP.
Paul's suggestion above may work but if you want to use PBR then whether you need IP SLA depends on the actual network layout.
Jon
05-22-2015 04:19 AM
Thanks Jon, yes it is point to point.
Ok great looks like we have a plan!
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide