cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
337
Views
0
Helpful
1
Replies

routing question

STACY WOOD
Level 1
Level 1

We have remote sites that have 2 routers, the backup router is a cisco router that connects to MPLS and uses BGP.  The primary is a fortinet 4700.

 

We are using VRRP that prefers the 4700.

 

We have other remote sites with only MPLS.  If we do a "redistribute connected" into BGP on the MPLS router, we find we have routing issues.

 

here's a summary -

We will call the location with both MPLS & 4700 LOC A.  We will call a MPLS only site LOC B.  a site with only a 4700 we will call LOC C.

 

If the 4700 is primary, and we do NOT redistribute the connected networks -

1. from the location A, a trace to location B, goes out the 4700 across it's network to our Corporate location out the MPLS to location B.

2. from location B, a trace goes out the MPLS to our Corporate location and in via the 4700.

3. from location C, a trace will go out their 4700 to our Corporate location and in via the 4700 to Loc A.

 

If the 4700 is primary and we DO redistribute the connected networks -

1. from the location A, a trace to LOC B goes out the 4700, across its network to our Corp location out the MPLS to location B.

2. From Location B, a trace goes out the MPLS to Loc A's MPLS router and dies without reaching the device at LOC A.

3. From Loc C, at trace will go out the 4700 to Corporate and in via the 4700 to LOC A.

4. from LOC A to LOC C will go out the 4700 to Corp and in via the 4700 to Loc C.

 

if the MPLS is primary and we do NOT redistribute the connected networks -

No traffic will work as there is no return path to the MPLS router at LOC A.

 

if the MPLS is primary and we DO redistribute the connected networks -

1. traffic from location A will go to Loc B out the MPLS directly to Loc B.

2. traffic from location B will go out MPLS directly to Location A.

3. traffic from LOC C will go out the 4700 to Corp and then across the MPLS to Loc A,

4. traffic from LOC A to LOC C will go across the MPLS to Corp and then in the 4700 to LOC C.

 

So I need some way to verify that the MPLS router is VRRP primary before injecting the connected networks into the MPLS BGP.

If the 4700 is primary VRRP then i do NOT want to inject the connected routes into the MPLS BGP.

 

Can anyone help answer how we can do this??

 

Thanks!

 

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

If your Cisco router supports EEM you should be able to do this.

See this link for details -

https://supportforums.cisco.com/discussion/12401456/eigrp-summary-routes-query

you would need to modify the commands used at the cli which hopefully should be obvious and you need to match the message the router generates when it changes from backup to master and from master to backup.

So on the router I tested it with when the master fails (your 4700) you see a state change message on the backup and you need to match this message with the syslog pattern.

event syslog pattern ".*%VRRP-6-STATECHANGE:.*state Backup -> Master.*"

when the 4700 comes back up and takes control again on the router you get another state change message and this pattern matches it - 

event syslog pattern  ".*%VRRP-6-STATECHANGE:.*state Master -> Backup.*"

note in the above the use of .* (that is a dot followed immediately by an asterix).

You must make sure that the pattern matches exactly otherwise the applet won't be executed.

The applet does no error checking as mentioned in the link but it worked when I tested it so if you do decide to use as is it is at your own risk.

Jon

Review Cisco Networking for a $25 gift card