Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3836
Views
0
Helpful
20
Replies

EIGRP failover

Go to solution
ergamusai
Level 1
Level 1

‎06-14-2018 07:58 AM - edited ‎03-08-2019 03:22 PM

I have a setup where I have a router(R1) that connects to two other routers(R2 and R3). I am trying to build eigrp active/standby neighborships in between R1, R2 and R3.

I have built the eigrp neighborship, but I need to figure out how to send a default route from R2 and R3. The active one will be the active route from R2, when that goes down I need the default route from R3 to take over.

 

************R1**********

router eigrp 1
 network 192.168.100.0 0.0.0.3
!
!
router eigrp 2
 network 172.20.47.128 0.0.0.63

 

***********R2************

router eigrp 2
 network 172.20.47.128 0.0.0.63

 

*********R3****************

router eigrp 1
 network 192.168.100.0 0.0.0.3

 

**This is GNS3 lab, I need to test this before implementing it in my production network. This is in the LAN. I have considered BGP also, not sure on the pros and cons of each protocol, in terms of this specific scenario

 

Thanks in advance

Labels:
0 Helpful
20 Replies 20

Go to solution
ergamusai
Level 1
Level 1
In response to paul driver

‎06-15-2018 11:26 AM

The routes in the ASA are static, internal ranges in the Inside interface, internet traffic on the Outside interface. During the failover they will receive the "failed" site ranges also in the Inside interface, and route the outside traffic the same way.

 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to ergamusai

‎06-15-2018 12:33 PM - edited ‎06-16-2018 01:10 AM

Hello

On the assumption the asa's are NAT'ing and have a  default route towards their outside ISP interface then the following configuration should work.

 

Applying a mixture of sla tracking, redistribution and distance administrative manipulation to accomplish the failover using one eigrp process.

 

ASA1 -2
1) Apply sla to track the outside interface next hop

sla monitor 1

type echo protocol ipIcmpEcho <outside next-hop ip>  interface outside
ip sla schedule 1 life forever start-time now

 

track 1 rtr 1 reachability

ip route outside 0.0.0.0 0.0.0.0 <outside interface>> track 1

 

2) create a prefix-list in conjunction with a route-map to advertise the above tracked static route into eigrp.

 

ip prefix-list 10 seq 5 permit 0.0.0.0/0

route-map STAN permit 10
match ip address prefix-list 10

 

router eigrp 100
 redistribute static route-map STAN
 

 

3) advertise ASAx to Rx interface

 

asa1
router eigrp 100

network <R1 facing ip>
 no auto-summary

 

asa2
router eigrp 100

network <R3 facing ip>
no auto-summary


4) create the rtr1 -3  eigrp peering with asa1-2 respectively and between each other via their IPsec tunnel

R1
router eigrp 100
network <tunnel ip>
network <ASA1 facing interface>
network <local network>
distance eigrp 90 70
no auto-summary

 

R3
router eigrp 100
network <tunnel ip>
network <ASA2 facing interface>
network <local network>
no auto-summary

 

That's it, then you should have failover via the eigrp IPsec tunnel if you lose connectivity from either asa isp

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
ergamusai
Level 1
Level 1
In response to paul driver

‎06-16-2018 05:03 AM

Thank you for taking your time and thinking about this. This is all very helpful.

I will configure it on Monday, but I feel I have everything I need to move forward.

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to ergamusai

‎06-16-2018 06:58 AM

Hello

just like to ask why do you prefer eigrp and not  ospf ?

For me with h this particular setup of yours I would have used ospf instead.

 

FYI you decide to use Ospf instead just drop me a line and I’d be happy to show you how to configure failover on that protocol also

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
ergamusai
Level 1
Level 1
In response to paul driver

‎06-16-2018 02:07 PM

I feel that EIGRP works better than OSPF out of the box. But if you have an OSPF example ready that would be great. I can try both in the lab. Why do you think OSPF would work better

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to ergamusai

‎06-16-2018 02:47 PM - edited ‎06-16-2018 02:49 PM

Hello

They both have good features but only that ospf isn’t propitery just to Cisco and in this case given your topology you would not have to manipulate any external AD and with the interface cost also being calculated you only will need to advertise two defaults routes conditctionly and failover would work.

 

I am on my phone at present so if you wish I could send some ospf failover config later

 

res

paul

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card