cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2480
Views
0
Helpful
51
Replies

EIGRP between routers and making one router preferred

the_crooked_toe
Level 1
Level 1

4507 = Louisville core (192.168.187.1)

2851 = Louisville MPLS (192.168.187.252)

3660 = Louisville Point-to-Point (192.168.187.254)

2821 = Lexington MPLS (192.168.13.1)

3640 = Lexington Point-to-Point (192.168.13.3)

The MPLS connection is the primary connection. The Point-to-Point is the backup connection.

I have EIGRP 101 running on every single router, and BGP only running on the MPLS routers between cities.

The 4507 has both the 2851 and the 3660 plugged into it.

If I add a network to the 4507, both of the routers should say something like 'D 10.110.115.0/24 [90/3072] via 192.168.187.1' correct?

The problem I am receiving is that when I add a network to the 4507 router and do a 'sh ip route' on the 2851, the route says it's reachable via the MPLS. It is not saying it's connected to the 4507. It's actually going from the 2851 to the 2821, to 3640, to 3660, then to 4507.

How do i stop this loop? I would like to do this without setting a static ip route.

Also, If i unplug the 3660 and add the network, the 2851 finds the advertised route from the 4507 with no problems. When I plug the 3660 back in, the route starts going back to saying its reachable via the MPLS connection.

Any help or ideas are greatly appreciated.

Thanks

51 Replies 51

Sorry no visio. Could you save as jpeg.

Anyway, initial observations. There is no control over what is being advertised out from Lexington. if you look you can see Frankfurt and a couple of the Covington/Cincinnati being advertised out. This is because EIGRP is being redistributed into BGP.

If you are absolutely sure you only want to advertise out the 2 subnets from Lexington

Lexington 2821

router bgp 64803

no redistribute eigrp 101 metric 0

network 192.168.13.0 mask 255.255.255.0

network 192.168.253.0 mask 255.255.255.0

That should fix issue 1. So Louisville 2851 should now see 4500 as next-hop for any new subnets you add to Louisville 4500.

Note to see the effects you will need to do a

"clear ip bgp 64.129.251.77 soft out" on the Lexington 2821.

I suggest we just make that change tonight and you can then check to see if all connectivity from all sites is working as it should be and that if you add a new subnet to the 4500 the Louisville 2851 gets the right next-hop.

If that goes okay we can then look at the backup link. I'll wait until i get the visio but i suspect that traffic is not routing how you want it to ie. if Lexington is advertising out Frankfurt that must mean it receives Frankfurt routes via EIGRP. It can only get these via the backup link with Louisville. So i wouldn't be surprised that from an internal switch/router in Lexington ie. not the 2821 if you did a traceroute to Frankfurt it went via Louisville backup link rather than MPLS cloud.

Does this sound okay to you ? The easiest change should be the one to the Lexington router as above.

The backup stuff will be more complicated. I may be asking you to do a few traceroutes and you may decide to wait until Lexington is readdressed.

Let me know what you want to do.

Jon

attached is the JPG.

Around 5:00 tonight I will make that change to the 2821.

Thanks for all your help. I think once you see the attached diagram it will all make more sense to you. Sorry for not figuring out how to make the jpg earlier

-kenny

Kenny

Okay, no problem. I'll have a look at the jpg later on. Hope it goes alright. I'm in UK so 5.00 tonight is about 1:00 in the morning.

We can pick this up again tomorrow if you want.

Good luck.

Jon

Thanks Jon. I'll post my results tonight.

removing the redistribute eigrp 101 from bgp on the 2821 fixed the 4500 and the 2851 problem.

now it seems like the 2851 isn't advertising it's routes correctly.

I have 10.110.0.0 added to EIGRP 101 on the 4507. I have 10.110.0.0 added to BGP 64803 on the 2851. Shouldn't the 2821 be getting it's routes for the 10.110.0.0 network from the 2851?

The 2851 is currently getting the routes from the 3640 via EIGRP. Do i not have BGP setup correctly on the 2851?

here is the 2851 config. Am I putting the 10.110.0.0/16 network incorrectly?

router eigrp 101

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.187.0

no auto-summary

!

router bgp 64803

no synchronization

bgp log-neighbor-changes

network 10.110.0.0

network 192.168.15.0

network 192.168.32.0

network 192.168.33.0

network 192.168.34.0

network 192.168.35.0

network 192.168.36.0

network 192.168.50.0

network 192.168.52.0

network 192.168.53.0

network 192.168.187.0

network 192.168.198.0

neighbor 64.129.251.57 remote-as 4323

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.187.99

ip route 192.168.198.0 255.255.255.0 192.168.187.99

I also forgot i want to advertise our DMZ addresses so users can get to those servers internally.

So in Lexington I added 209.PUBLIC.222.64 mask 255.255.255.224 to bgp 64803.

But that route still isn't being advertised over the MPLS. This also starts being advertised from the ASA via EIGRP 101.

from the 2821 i have done 'clear ip eigrp neigh 192.168.13.3'

from the 2851 i have done 'clear ip eigrp neigh 192.168.187.254'

Both of these didn't get the routes going over the MPLS.

I also added a new 192.168.53.0/24 on the 4507, added that to BGP on the 2851 and that is distributed properly. It seems like the 10.110.0.0/16 network doesn't want to distribute properly from BGP.

on the 2851, i did a 'redistribute eigrp 101' for bgp 64803, and that got the 10.110.0.0/24 network to advertise it's route over the MPLS. but i'm sure that this isn't the correct way it's supposed to be done.

"But that route still isn't being advertised over the MPLS"

D 209.Public.222.0/24 [90/28416] via 192.168.13.253, 2w1d, GigabitEthernet0/0

This is the route in your routing table but you are trying to advertise with 209.PUBLIC.224.64 255.255.255.224

change

router bgp 64803

network 209.PUBLIC.222.64 mask 255.255.255.224

to

router bgp 64803

network 209.PUBLIC.222.0 mask 255.255.255.0

I suspect this is the issue with the 10.110.x.x network as well. There must be an EXACT match in the routing table. So do a "sh ip route" on the 2851 and find the network you want to advertise and make sure the BGP network statement matches it eg.

if 10.110.0.0 has a subnet mask of 255.255.255.0 then your BGP statement needs to read

router bgp 64803

network 10.110.0.0 mask 255.255.255.0

Jon

good morning Jon.

you are a guru.

I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work.

This was also the problem with the 10.110.x.x network.

I had 10.110.0.0 mask 255.255.0.0 and it was not working.

when i changed it to 10.110.115.0 mask 255.255.255.0, the route was being broadcasted correctly.

so it seems after all of this, I just wasn't broadcasting correctly and there was a redistribution that was messing it all up.

Thanks for all your help Jon!

-Kenny

Kenny

No problem with the help, glad you got it working as you wanted and i appreciate the ratings.

One last point -

"I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work."

Bear in mind that with your previous setup where you redistributed EIGRP into BGP at Lexington you were advertising this out as a /24 anyway. If you want to tie it down to 255.255.255.224 you would need to have a matching route in the IGP before BGP would advertise it out. If it's not affecting anything else perhaps best to just leave it as is.

Jon

Jon,

just curious. if the MPLS line ever fails, this should start looking to the Point-to_point routers for backup links, correct?

I'm looking at it in my head and it makes logical sense that it would work.

If i'm in Louisville, and I try to go to Lexington, and if the route to the MPLS line is down, then BGP would be down, meaning that router would find the routes via EIGRP, so it would go over the Point-to-Points. does that sound correct?

Kenny

Apologies for the delay in getting back.

Yes, i think the idea behind the network design is that if the MPLS links fail then the backup links are used.

However i'm not entirely convinced that it will work due to internal EIGRP (AD 90) vs external EIGRP (AD 170). Remember that any routes received from BGP and then redistributed into EIGRP will be AD 170. But as far as i can tell the same networks would be received down the P2P backup links with AD 90 and these would be preferred.

It's not quite that straightforward as when you did a traceroute it did go via MPLS although i have still to have a good look at the full network diagram.

What you can do is run some traceroutes from each site and see what path they take. Bear in mind that it is no good doing the traceroutes from the MPLS routers because they will always choose the BGP (AD 20) routes received from MPLS. You need to do traceroutes from devices within each site.

Jon

Hey Jon, hopefully you will see this. I've got another question for you.

I am in the process of adding new networks to Lexington and I'm having trouble on the core switch.

I am adding the networks correctly to Lexington. The 209 address is being broadcasted from the ASA. The 10.120 address is being broadcasted from a 3550, that will be disappearing in the future.

network 10.120.201.0 mask 255.255.255.0

network 209.PUBLIC.222.0

Networks 192.168.13.0 and 192.168.253.0 were already put in place before I got here so they are running correctly and there are no static routes set, yet, the Core switch is going to them first.

and when I go to the MPLS router in Louisville (2851) it can see the network being broadcasted over the MPLS correctly.

Now, when I go to the 4507 (core router in louisville) it is going over the backup links. I have this in my EIGRP table on the MPLS router (2851)

router eigrp 101

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.187.0

no auto-summary

So how do I make the core router look to the MPLS router before the backup links?

I understand that this is making it AD 170, compared to the backup of AD 90, but how do I get around that?

Here Is Lexington (2821):

router eigrp 101

redistribute static

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.13.0

no auto-summary

!

router bgp 64803

no synchronization

bgp log-neighbor-changes

network 10.120.201.0 mask 255.255.255.0

network 64.129.251.76 mask 255.255.255.252

network 192.168.13.0

network 192.168.253.0

network 209.PUBLIC.222.0

redistribute static

neighbor 64.129.251.77 remote-as 4323

default-information originate

no auto-summary

Here is the sh ip route on the core router (minus some stuff):

GDM-4507R#sh ip rou

D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

10.0.0.0/24 is subnetted, 18 subnets

D 10.120.201.0 [90/1764864] via 192.168.187.254, 00:16:35, Vlan1

D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 6d22h, Vlan1

Kenny

From the core switch in Louisville can you you do traceroutes to

192.168.13.1

192.168.253.1

209.PUBLIC.220.1

i've used .1 here but i just need you to use an address that is active on those subnets,

and post results.

I'll wait until i see the results but as i said before i suspect traffic is not routing as it should. There are ways to fix this but because of the fact the addressing cannot be correctly summarised from each site it could well get messy !

Jon

GDM-4507R#traceroute 192.168.13.1

Type escape sequence to abort.

Tracing the route to 192.168.13.1

1 192.168.187.252 0 msec 0 msec 0 msec

2 64.129.251.57 4 msec 0 msec 4 msec

3 64.129.251.77 0 msec 4 msec 4 msec

4 64.129.251.78 4 msec * 4 msec

GDM-4507R#traceroute 192.168.253.1

Type escape sequence to abort.

Tracing the route to 192.168.253.1

1 192.168.187.252 12 msec 0 msec 4 msec

2 64.129.251.57 0 msec 0 msec 4 msec

3 64.129.251.77 4 msec 0 msec 4 msec

4 64.129.251.78 4 msec 4 msec 0 msec

5 * * *

6 *

This is because there is no 192.168.253.1, there is no router for this, it is just part of the IP pool from the ASA for VPN access. But you can see that it still goes through the MPLS.

GDM-4507R#traceroute 209.PUBLIC.222.67

Type escape sequence to abort.

Tracing the route to PUBLIC.gdm.com (209.Public.222.67)

1 192.168.187.254 0 msec 4 msec 0 msec

2 192.168.113.2 24 msec 20 msec 20 msec

3 PUBLIC.gdm.com (209.Public.222.67) 24 msec 20 msec 20 msec

SH IP route from the 4507

GDM-4507R#sh ip rou

Gateway of last resort is 192.168.187.99 to network 0.0.0.0

D EX 192.168.28.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

C 192.168.15.0/24 is directly connected, Vlan15

64.0.0.0/30 is subnetted, 4 subnets

D EX 64.129.251.56 [170/1767168] via 192.168.187.254, 1w0d, Vlan1

D EX 64.129.251.60 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D EX 64.129.251.72 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D EX 64.129.251.76 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D 192.168.128.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

S 192.168.198.0/24 [1/0] via 192.168.187.99

S 192.168.199.0/24 [1/0] via 192.168.187.99

10.0.0.0/24 is subnetted, 18 subnets

C 10.110.100.0 is directly connected, Vlan100

C 10.110.101.0 is directly connected, Vlan101

C 10.110.115.0 is directly connected, Vlan115

D 10.150.213.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.201.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

C 10.110.5.0 is directly connected, Vlan5

C 10.110.2.0 is directly connected, Vlan2

D 10.150.10.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.5.0 [90/3178752] via 192.168.187.254, 1w2d, Vlan1

D 10.150.2.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

C 10.110.201.0 is directly connected, Vlan201

C 10.110.213.0 is directly connected, Vlan213

D 10.120.201.0 [90/1764864] via 192.168.187.254, 03:41:52, Vlan1

C 10.110.187.0 is directly connected, Vlan187

C 10.110.132.0 is directly connected, Vlan132

C 10.110.133.0 is directly connected, Vlan133

D 10.150.110.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.100.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 192.168.113.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

C 192.168.36.0/24 is directly connected, Vlan36

C 192.168.53.0/24 is directly connected, Vlan53

C 192.168.52.0/24 is directly connected, Vlan52

C 192.168.187.0/24 is directly connected, Vlan1

C 192.168.34.0/24 is directly connected, Vlan34

C 192.168.50.0/24 is directly connected, Vlan50

C 192.168.35.0/24 is directly connected, Vlan35

D 192.168.118.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1

C 192.168.32.0/24 is directly connected, Vlan32

D EX 192.168.18.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

C 192.168.33.0/24 is directly connected, Vlan33

D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 1w0d, Vlan1

S* 0.0.0.0/0 [1/0] via 192.168.187.99

Attached is a completely updated topology in jpg format. Except the ASA in Louisville is not yet broadcasting its EIGRP. Thanks againf or taking a look.

Kenny

Can you post output of

1) "sh run" on the P2P Louisville router

2) "sh run" on the Louisville core switch - actually just the bit from "router eigrp 101" onwards would be fine for this one

3) "sh run" on the P2P Lexington router

4) "sh ip eigrp neighbors" on the P2P Louisville router

Apologies again for asking for all this info but some of those traceroutes don't make a lot of sense without seeing the configs

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: