03-21-2019 01:13 PM - edited 03-21-2019 01:41 PM
I posted this on the Cisco learning forum on a tutorial I'm following but I'm adjusting it a little bit, I ran into a wall that I'm not sure how to resolve.
The topology is the following way:
DMVPN version 3
Router 1(10.1.1.5) - Hub Location A - through MPLS - to Router 1(10.2.1.5) - Spoke Location A - Router EIGRP 10
Router 2(10.1.1.6) - Hub Location A - through Internet - to Router 2(10.2.1.6) - Spoke Location A - Router EIGRP 11
HSRP between the two devices with the virtual IP of .1. .5 has priority
There is another Spoke location as well just to simulate remote site connectivity(10.3.1.X)
Tunnels establish, I can ping the LAN address of .5 while on remote .5 and vice versa. Same for .6 side as well. Switches below can ping the routers and remote site devices through the primary path just fine.
The problem i'm running into is when a Spoke has to fail over to the secondary router, I cannot ping anything inside of the hub location except the Hub .6 address. If I fail over hub .6, I can ping that and everything below it just fine, so I think this tells me it is a routing issue? This poses a problem with Spoke fail over as I'd have to essentially fail over the entire rest of the design just for everything to function. Big problem if I were to try to manifest this into production.
So the question I have is, how do I fail over a Remote Spoke and still be able to communicate to everything in that Hub?
This is what I'm following but added a second router in each location and moved the second tunnel to the second router:
https://learningnetwork.cisco.com/docs/DOC-31428
Do I need two have different Router eigrp for each tunnel? If so, do I create static routes? If so, what does that static route look like and where would I place it? Currently the switches .21 point to .1 the virtual ip. So I believe that is where my routing problem resides.
Thank you kindly in advance.
03-21-2019 11:14 PM - edited 03-21-2019 11:17 PM
Hi,
Is it possible to share a network diagram including tunnels and WAN IP address scheme?
Are you learning routers from both Hubs? Can you check routing table after making tunnel down?
Regards,
Deepak Kumar
03-22-2019 08:55 AM - edited 03-22-2019 11:38 AM
Hello
Sound most likely an asymmetrical routing issue
Once you failover over - the traffic is then going via your secondary site rtr but remote return traffic is still wanting to come back towards your primary site route path.
Can you confirm you are relating failover towards the DMVPN HUB 1 between rtr1 and r2 meaning the spoke are still pointing to Primary hub but failing connectivity when hrsp makes rtr 2 active for its VIP?
03-22-2019 12:15 PM - edited 03-22-2019 12:25 PM
Hello
@zalbrecht_88 wrote:
On SW11, we configure EIGRP on all the interfaces.
On SW11, we configure EIGRP on all the interfaces.
SW11(config)#ip routing
SW11(config)#router eigrp 10
SW11(config-router)#network 10.10.0.0 0.0.255.255
On SW21, we configure EIGRP for all the interfaces.
SW21(config)#ip routing
SW21(config)#router eigrp 10
SW21(config-router)#net 10.10.0.0 0.0.255.255
SW21(config-router)#net 10.20.0.0 0.0.255.255
Can you be more specific here
SW11
router eigrp 10
network 10.10.1.4 0.0.0.0
network 10.10.10.1 0.0.0.0
network 10.10.11.1 0.0.0.0
network 10.10.12.1 0.0.0.0
no network 10.10.0.0 0.0.255.255
SW21
router eigrp 10
network 10.20.1.2 0.0.0.0
network 10.20.1.6 0.0.0.0
network 10.10.20.1 0.0.0.0
network 10.10.21.1 0.0.0.0
network 10.10.22.1 0.0.0.0
no network 10.10.0.0 0.0.255.255
no network 10.20.0.0 0.0.255.255
I dont see any networks advertised for R12, R22 maybe you just haven't posted them?
R12
router eigrp 10
network 10.10.1.3 0.0.0.0
network 10.10.100.12 0.0.0.0
R22
router eigrp 10
net 10.20.1.5 0.0.0.0
net 10.10.100.22 0.0.0.0
net 10.10.200.22 0.0.0.0
03-26-2019 10:18 AM
Hey Paul,
Thank you for replying and sorry for the delay. Really busy this time of year.
This is what I'm working with from a diagram standpoint, see attached DMVPN.PNG in zip. In addition, see attached both hubs(all 4 configurations) and one of the spoke locations(both configurations). (notepad++ recommended).
The problem is when, for example, I fail over from WE-SB-CRT-01 to 02. When I try to ping the WE-GC-CSW-01, it won't ping because that side's HSRP hasn't failed over. I assume it's because each switch has the route of 0.0.0.0 0.0.0.0 10.X.10.1 configured which is the virtual ip address. If this is true, what is the best practice for switches to communicate up and out so that I don't have this routing issue in a fail over scenario?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide