12-08-2008 03:39 PM - edited 03-06-2019 02:52 AM
4507 = Louisville core (192.168.187.1)
2851 = Louisville MPLS (192.168.187.252)
3660 = Louisville Point-to-Point (192.168.187.254)
2821 = Lexington MPLS (192.168.13.1)
3640 = Lexington Point-to-Point (192.168.13.3)
The MPLS connection is the primary connection. The Point-to-Point is the backup connection.
I have EIGRP 101 running on every single router, and BGP only running on the MPLS routers between cities.
The 4507 has both the 2851 and the 3660 plugged into it.
If I add a network to the 4507, both of the routers should say something like 'D 10.110.115.0/24 [90/3072] via 192.168.187.1' correct?
The problem I am receiving is that when I add a network to the 4507 router and do a 'sh ip route' on the 2851, the route says it's reachable via the MPLS. It is not saying it's connected to the 4507. It's actually going from the 2851 to the 2821, to 3640, to 3660, then to 4507.
How do i stop this loop? I would like to do this without setting a static ip route.
Also, If i unplug the 3660 and add the network, the 2851 finds the advertised route from the 4507 with no problems. When I plug the 3660 back in, the route starts going back to saying its reachable via the MPLS connection.
Any help or ideas are greatly appreciated.
Thanks
Solved! Go to Solution.
12-10-2008 09:28 AM
Sorry no visio. Could you save as jpeg.
Anyway, initial observations. There is no control over what is being advertised out from Lexington. if you look you can see Frankfurt and a couple of the Covington/Cincinnati being advertised out. This is because EIGRP is being redistributed into BGP.
If you are absolutely sure you only want to advertise out the 2 subnets from Lexington
Lexington 2821
router bgp 64803
no redistribute eigrp 101 metric 0
network 192.168.13.0 mask 255.255.255.0
network 192.168.253.0 mask 255.255.255.0
That should fix issue 1. So Louisville 2851 should now see 4500 as next-hop for any new subnets you add to Louisville 4500.
Note to see the effects you will need to do a
"clear ip bgp 64.129.251.77 soft out" on the Lexington 2821.
I suggest we just make that change tonight and you can then check to see if all connectivity from all sites is working as it should be and that if you add a new subnet to the 4500 the Louisville 2851 gets the right next-hop.
If that goes okay we can then look at the backup link. I'll wait until i get the visio but i suspect that traffic is not routing how you want it to ie. if Lexington is advertising out Frankfurt that must mean it receives Frankfurt routes via EIGRP. It can only get these via the backup link with Louisville. So i wouldn't be surprised that from an internal switch/router in Lexington ie. not the 2821 if you did a traceroute to Frankfurt it went via Louisville backup link rather than MPLS cloud.
Does this sound okay to you ? The easiest change should be the one to the Lexington router as above.
The backup stuff will be more complicated. I may be asking you to do a few traceroutes and you may decide to wait until Lexington is readdressed.
Let me know what you want to do.
Jon
12-10-2008 10:13 AM
12-10-2008 10:19 AM
Kenny
Okay, no problem. I'll have a look at the jpg later on. Hope it goes alright. I'm in UK so 5.00 tonight is about 1:00 in the morning.
We can pick this up again tomorrow if you want.
Good luck.
Jon
12-10-2008 10:21 AM
Thanks Jon. I'll post my results tonight.
12-10-2008 02:31 PM
removing the redistribute eigrp 101 from bgp on the 2821 fixed the 4500 and the 2851 problem.
now it seems like the 2851 isn't advertising it's routes correctly.
I have 10.110.0.0 added to EIGRP 101 on the 4507. I have 10.110.0.0 added to BGP 64803 on the 2851. Shouldn't the 2821 be getting it's routes for the 10.110.0.0 network from the 2851?
The 2851 is currently getting the routes from the 3640 via EIGRP. Do i not have BGP setup correctly on the 2851?
here is the 2851 config. Am I putting the 10.110.0.0/16 network incorrectly?
router eigrp 101
redistribute bgp 64803 metric 10000 10 255 1 1500
network 192.168.187.0
no auto-summary
!
router bgp 64803
no synchronization
bgp log-neighbor-changes
network 10.110.0.0
network 192.168.15.0
network 192.168.32.0
network 192.168.33.0
network 192.168.34.0
network 192.168.35.0
network 192.168.36.0
network 192.168.50.0
network 192.168.52.0
network 192.168.53.0
network 192.168.187.0
network 192.168.198.0
neighbor 64.129.251.57 remote-as 4323
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.187.99
ip route 192.168.198.0 255.255.255.0 192.168.187.99
I also forgot i want to advertise our DMZ addresses so users can get to those servers internally.
So in Lexington I added 209.PUBLIC.222.64 mask 255.255.255.224 to bgp 64803.
But that route still isn't being advertised over the MPLS. This also starts being advertised from the ASA via EIGRP 101.
from the 2821 i have done 'clear ip eigrp neigh 192.168.13.3'
from the 2851 i have done 'clear ip eigrp neigh 192.168.187.254'
Both of these didn't get the routes going over the MPLS.
I also added a new 192.168.53.0/24 on the 4507, added that to BGP on the 2851 and that is distributed properly. It seems like the 10.110.0.0/16 network doesn't want to distribute properly from BGP.
12-10-2008 03:27 PM
on the 2851, i did a 'redistribute eigrp 101' for bgp 64803, and that got the 10.110.0.0/24 network to advertise it's route over the MPLS. but i'm sure that this isn't the correct way it's supposed to be done.
12-10-2008 07:41 PM
"But that route still isn't being advertised over the MPLS"
D 209.Public.222.0/24 [90/28416] via 192.168.13.253, 2w1d, GigabitEthernet0/0
This is the route in your routing table but you are trying to advertise with 209.PUBLIC.224.64 255.255.255.224
change
router bgp 64803
network 209.PUBLIC.222.64 mask 255.255.255.224
to
router bgp 64803
network 209.PUBLIC.222.0 mask 255.255.255.0
I suspect this is the issue with the 10.110.x.x network as well. There must be an EXACT match in the routing table. So do a "sh ip route" on the 2851 and find the network you want to advertise and make sure the BGP network statement matches it eg.
if 10.110.0.0 has a subnet mask of 255.255.255.0 then your BGP statement needs to read
router bgp 64803
network 10.110.0.0 mask 255.255.255.0
Jon
12-10-2008 08:11 PM
good morning Jon.
you are a guru.
I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work.
This was also the problem with the 10.110.x.x network.
I had 10.110.0.0 mask 255.255.0.0 and it was not working.
when i changed it to 10.110.115.0 mask 255.255.255.0, the route was being broadcasted correctly.
so it seems after all of this, I just wasn't broadcasting correctly and there was a redistribution that was messing it all up.
Thanks for all your help Jon!
-Kenny
12-10-2008 08:28 PM
Kenny
No problem with the help, glad you got it working as you wanted and i appreciate the ratings.
One last point -
"I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work."
Bear in mind that with your previous setup where you redistributed EIGRP into BGP at Lexington you were advertising this out as a /24 anyway. If you want to tie it down to 255.255.255.224 you would need to have a matching route in the IGP before BGP would advertise it out. If it's not affecting anything else perhaps best to just leave it as is.
Jon
12-11-2008 06:23 AM
Jon,
just curious. if the MPLS line ever fails, this should start looking to the Point-to_point routers for backup links, correct?
I'm looking at it in my head and it makes logical sense that it would work.
If i'm in Louisville, and I try to go to Lexington, and if the route to the MPLS line is down, then BGP would be down, meaning that router would find the routes via EIGRP, so it would go over the Point-to-Points. does that sound correct?
12-13-2008 05:18 PM
Kenny
Apologies for the delay in getting back.
Yes, i think the idea behind the network design is that if the MPLS links fail then the backup links are used.
However i'm not entirely convinced that it will work due to internal EIGRP (AD 90) vs external EIGRP (AD 170). Remember that any routes received from BGP and then redistributed into EIGRP will be AD 170. But as far as i can tell the same networks would be received down the P2P backup links with AD 90 and these would be preferred.
It's not quite that straightforward as when you did a traceroute it did go via MPLS although i have still to have a good look at the full network diagram.
What you can do is run some traceroutes from each site and see what path they take. Bear in mind that it is no good doing the traceroutes from the MPLS routers because they will always choose the BGP (AD 20) routes received from MPLS. You need to do traceroutes from devices within each site.
Jon
12-18-2008 06:35 AM
Hey Jon, hopefully you will see this. I've got another question for you.
I am in the process of adding new networks to Lexington and I'm having trouble on the core switch.
I am adding the networks correctly to Lexington. The 209 address is being broadcasted from the ASA. The 10.120 address is being broadcasted from a 3550, that will be disappearing in the future.
network 10.120.201.0 mask 255.255.255.0
network 209.PUBLIC.222.0
Networks 192.168.13.0 and 192.168.253.0 were already put in place before I got here so they are running correctly and there are no static routes set, yet, the Core switch is going to them first.
and when I go to the MPLS router in Louisville (2851) it can see the network being broadcasted over the MPLS correctly.
Now, when I go to the 4507 (core router in louisville) it is going over the backup links. I have this in my EIGRP table on the MPLS router (2851)
router eigrp 101
redistribute bgp 64803 metric 10000 10 255 1 1500
network 192.168.187.0
no auto-summary
So how do I make the core router look to the MPLS router before the backup links?
I understand that this is making it AD 170, compared to the backup of AD 90, but how do I get around that?
Here Is Lexington (2821):
router eigrp 101
redistribute static
redistribute bgp 64803 metric 10000 10 255 1 1500
network 192.168.13.0
no auto-summary
!
router bgp 64803
no synchronization
bgp log-neighbor-changes
network 10.120.201.0 mask 255.255.255.0
network 64.129.251.76 mask 255.255.255.252
network 192.168.13.0
network 192.168.253.0
network 209.PUBLIC.222.0
redistribute static
neighbor 64.129.251.77 remote-as 4323
default-information originate
no auto-summary
Here is the sh ip route on the core router (minus some stuff):
GDM-4507R#sh ip rou
D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1
10.0.0.0/24 is subnetted, 18 subnets
D 10.120.201.0 [90/1764864] via 192.168.187.254, 00:16:35, Vlan1
D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1
D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 6d22h, Vlan1
12-18-2008 09:50 AM
Kenny
From the core switch in Louisville can you you do traceroutes to
192.168.13.1
192.168.253.1
209.PUBLIC.220.1
i've used .1 here but i just need you to use an address that is active on those subnets,
and post results.
I'll wait until i see the results but as i said before i suspect traffic is not routing as it should. There are ways to fix this but because of the fact the addressing cannot be correctly summarised from each site it could well get messy !
Jon
12-18-2008 09:57 AM
GDM-4507R#traceroute 192.168.13.1
Type escape sequence to abort.
Tracing the route to 192.168.13.1
1 192.168.187.252 0 msec 0 msec 0 msec
2 64.129.251.57 4 msec 0 msec 4 msec
3 64.129.251.77 0 msec 4 msec 4 msec
4 64.129.251.78 4 msec * 4 msec
GDM-4507R#traceroute 192.168.253.1
Type escape sequence to abort.
Tracing the route to 192.168.253.1
1 192.168.187.252 12 msec 0 msec 4 msec
2 64.129.251.57 0 msec 0 msec 4 msec
3 64.129.251.77 4 msec 0 msec 4 msec
4 64.129.251.78 4 msec 4 msec 0 msec
5 * * *
6 *
This is because there is no 192.168.253.1, there is no router for this, it is just part of the IP pool from the ASA for VPN access. But you can see that it still goes through the MPLS.
GDM-4507R#traceroute 209.PUBLIC.222.67
Type escape sequence to abort.
Tracing the route to PUBLIC.gdm.com (209.Public.222.67)
1 192.168.187.254 0 msec 4 msec 0 msec
2 192.168.113.2 24 msec 20 msec 20 msec
3 PUBLIC.gdm.com (209.Public.222.67) 24 msec 20 msec 20 msec
SH IP route from the 4507
GDM-4507R#sh ip rou
Gateway of last resort is 192.168.187.99 to network 0.0.0.0
D EX 192.168.28.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1
D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1
C 192.168.15.0/24 is directly connected, Vlan15
64.0.0.0/30 is subnetted, 4 subnets
D EX 64.129.251.56 [170/1767168] via 192.168.187.254, 1w0d, Vlan1
D EX 64.129.251.60 [170/258816] via 192.168.187.252, 1w0d, Vlan1
D EX 64.129.251.72 [170/258816] via 192.168.187.252, 1w0d, Vlan1
D EX 64.129.251.76 [170/258816] via 192.168.187.252, 1w0d, Vlan1
D 192.168.128.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1
S 192.168.198.0/24 [1/0] via 192.168.187.99
S 192.168.199.0/24 [1/0] via 192.168.187.99
10.0.0.0/24 is subnetted, 18 subnets
C 10.110.100.0 is directly connected, Vlan100
C 10.110.101.0 is directly connected, Vlan101
C 10.110.115.0 is directly connected, Vlan115
D 10.150.213.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
D 10.150.201.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
C 10.110.5.0 is directly connected, Vlan5
C 10.110.2.0 is directly connected, Vlan2
D 10.150.10.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
D 10.150.5.0 [90/3178752] via 192.168.187.254, 1w2d, Vlan1
D 10.150.2.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
C 10.110.201.0 is directly connected, Vlan201
C 10.110.213.0 is directly connected, Vlan213
D 10.120.201.0 [90/1764864] via 192.168.187.254, 03:41:52, Vlan1
C 10.110.187.0 is directly connected, Vlan187
C 10.110.132.0 is directly connected, Vlan132
C 10.110.133.0 is directly connected, Vlan133
D 10.150.110.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
D 10.150.100.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1
D 192.168.113.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1
C 192.168.36.0/24 is directly connected, Vlan36
C 192.168.53.0/24 is directly connected, Vlan53
C 192.168.52.0/24 is directly connected, Vlan52
C 192.168.187.0/24 is directly connected, Vlan1
C 192.168.34.0/24 is directly connected, Vlan34
C 192.168.50.0/24 is directly connected, Vlan50
C 192.168.35.0/24 is directly connected, Vlan35
D 192.168.118.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1
D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1
C 192.168.32.0/24 is directly connected, Vlan32
D EX 192.168.18.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1
C 192.168.33.0/24 is directly connected, Vlan33
D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 1w0d, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.187.99
Attached is a completely updated topology in jpg format. Except the ASA in Louisville is not yet broadcasting its EIGRP. Thanks againf or taking a look.
12-18-2008 10:03 AM
Kenny
Can you post output of
1) "sh run" on the P2P Louisville router
2) "sh run" on the Louisville core switch - actually just the bit from "router eigrp 101" onwards would be fine for this one
3) "sh run" on the P2P Lexington router
4) "sh ip eigrp neighbors" on the P2P Louisville router
Apologies again for asking for all this info but some of those traceroutes don't make a lot of sense without seeing the configs
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide