cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
605
Views
0
Helpful
4
Replies

Two single hub and spoke HSRP routing problem

zalbrecht_88
Level 1
Level 1

I posted this on the Cisco learning forum on a tutorial I'm following but I'm adjusting it a little bit, I ran into a wall that I'm not sure how to resolve.

The topology is the following way:

DMVPN version 3
Router 1(10.1.1.5) - Hub Location A - through MPLS - to Router 1(10.2.1.5) - Spoke Location A - Router EIGRP 10 

Router 2(10.1.1.6)   - Hub Location A - through Internet - to Router 2(10.2.1.6) - Spoke Location A - Router EIGRP 11
HSRP between the two devices with the virtual IP of .1. .5 has priority

There is another Spoke location as well just to simulate remote site connectivity(10.3.1.X)
Tunnels establish, I can ping the LAN address of .5 while on remote .5 and vice versa. Same for .6 side as well. Switches below can ping the routers and remote site devices through the primary path just fine.

The problem i'm running into is when a Spoke has to fail over to the secondary router, I cannot ping anything inside of the hub location except the Hub .6 address. If I fail over hub .6, I can ping that and everything below it just fine, so I think this tells me it is a routing issue? This poses a problem with Spoke fail over as I'd have to essentially fail over the entire rest of the design just for everything to function. Big problem if I were to try to manifest this into production. 

So the question I have is, how do I fail over a Remote Spoke and still be able to communicate to everything in that Hub?
This is what I'm following but added a second router in each location and moved the second tunnel to the second router:

https://learningnetwork.cisco.com/docs/DOC-31428


Do I need two have different Router eigrp for each tunnel? If so, do I create static routes? If so, what does that static route look like and where would I place it? Currently the switches .21 point to .1 the virtual ip. So I believe that is where my routing problem resides. 

Thank you kindly in advance. 

4 Replies 4

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Is it possible to share a network diagram including tunnels and WAN IP address scheme?

 

Are you learning routers from both Hubs? Can you check routing table after making tunnel down?

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hello
Sound most likely an asymmetrical routing issue

Once you failover over - the traffic is then going via your secondary site rtr but remote return traffic is still wanting to come back towards your primary site route path.

Can you confirm you are relating failover towards the DMVPN HUB 1 between rtr1 and r2 meaning the spoke are still pointing to Primary hub but failing connectivity when hrsp makes rtr 2 active for its VIP?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello

@zalbrecht_88  wrote:

On SW11, we configure EIGRP on all the interfaces.

On SW11, we configure EIGRP on all the interfaces.
SW11(config)#ip routing
SW11(config)#router eigrp 10
SW11(config-router)#network 10.10.0.0 0.0.255.255

On SW21, we configure EIGRP for all the interfaces.

SW21(config)#ip routing
SW21(config)#router eigrp 10
SW21(config-router)#net 10.10.0.0 0.0.255.255
SW21(config-router)#net 10.20.0.0 0.0.255.255



Can you be more specific here
SW11
router eigrp 10
network 10.10.1.4 0.0.0.0
network 10.10.10.1 0.0.0.0
network 10.10.11.1 0.0.0.0
network 10.10.12.1 0.0.0.0
no network 10.10.0.0 0.0.255.255

SW21
router eigrp 10
network 10.20.1.2 0.0.0.0
network 10.20.1.6 0.0.0.0
network 10.10.20.1 0.0.0.0
network 10.10.21.1 0.0.0.0
network 10.10.22.1 0.0.0.0
no network 10.10.0.0 0.0.255.255
no network 10.20.0.0 0.0.255.255

I dont see any networks advertised for R12, R22 maybe you just haven't posted them?
R12

router eigrp 10
network 10.10.1.3 0.0.0.0
network 10.10.100.12 0.0.0.0

R22

router eigrp 10
net 10.20.1.5 0.0.0.0
net 10.10.100.22 0.0.0.0
net 10.10.200.22 0.0.0.0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hey Paul, 

Thank you for replying and sorry for the delay. Really busy this time of year.

This is what I'm working with from a diagram standpoint, see attached DMVPN.PNG in zip. In addition, see attached both hubs(all 4 configurations) and one of the spoke locations(both configurations). (notepad++ recommended).

The problem is when, for example, I fail over from WE-SB-CRT-01 to 02. When I try to ping the WE-GC-CSW-01, it won't ping because that side's HSRP hasn't failed over. I assume it's because each switch has the route of 0.0.0.0 0.0.0.0 10.X.10.1 configured which is the virtual ip address. If this is true, what is the best practice for switches to communicate up and out so that I don't have this routing issue in a fail over scenario? 

Review Cisco Networking for a $25 gift card